Ship It Conversations: Guardsquare’s Joel DeStefano on Mobile App Security, Runtime Protection, App Hardening, and Why Scanning Isn’t Enough episode artwork

EPISODE · Jun 21, 2026 · 35 MIN

Ship It Conversations: Guardsquare’s Joel DeStefano on Mobile App Security, Runtime Protection, App Hardening, and Why Scanning Isn’t Enough

from Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News

This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps.In this Ship It: Conversations episode, I talk with Joel DeStefano from Guardsquare about mobile app security, why it is different from backend and cloud security, and why scanning alone is not enough once an app is shipped into the real world.We talk about the shift in trust model that happens with mobile apps. In backend and cloud systems, teams usually have more control over the runtime, infrastructure, policies, and monitoring. With mobile, the app becomes a public artifact running on someone else’s device, in an environment you do not fully control.The bigger theme here is that mobile security is not just “scan it before release.” Scanning matters, but teams also need to think about app hardening, obfuscation, runtime protection, monitoring, and whether the app connecting back to their APIs is genuine and uncompromised.Highlights• Why mobile changes the trust model compared to backend and cloud systems• What DevOps, SRE, and platform teams should understand about mobile app risk• Why scanning is useful, but not enough by itself• The danger of assuming app store approval means an app is secure• Why “we do not store sensitive data in the app” can be a misleading security argument• How attackers can reverse engineer apps, inspect workflows, and learn how the app talks to backend APIs• What code hardening and obfuscation actually help protect against• Why runtime checks matter for rooted devices, compromised environments, debuggers, hooking frameworks, overlays, and accessibility abuse• The difference between Android and iOS security assumptions• Why the OS is not responsible for protecting your app’s business logic• How mobile security should fit into CI/CD without destroying release velocity• What should block a release versus what should become tracked risk• Why testing, hardening, runtime protection, and monitoring should work together as one strategy• How AI may speed up attackers without fundamentally changing the need for strong security fundamentals• Joel’s advice for improving mobile security posture: start with the app’s critical workflows, backend interactions, and real business riskJoel / Guardsquare links• Guardsquare: https://hubs.ly/Q04fJgkJ0• Guardsquare Blog: https://www.guardsquare.com/blogOWASP mobile security links• OWASP Mobile Application Security: https://owasp.org/www-project-mobile-app-security/• OWASP MASVS: https://mas.owasp.org/MASVS/Our linksMore episodes + show notes + links: https://shipitweekly.fmOn Call Brief: https://oncallbrief.com

NOW PLAYING

Ship It Conversations: Guardsquare’s Joel DeStefano on Mobile App Security, Runtime Protection, App Hardening, and Why Scanning Isn’t Enough

0:00 35:58

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

MG Show MG Show The MG Show, hosted by Jeffrey Pedersen and Shannon Townsend, is a leading alternative media platform dedicated to uncovering the truth behind today’s most pressing political issues. Launched in 2019, the show has grown exponentially, offering unfiltered insights, comprehensive research, and real-time analysis. With a commitment to independent journalism and factual integrity, the MG Show empowers its audience with knowledge and encourages active participation in the political discourse. Breaking News Show | eTurboNews Juergen Thomas Steinmetz News is relevant to the global travel and tourism industry, human rights and global issues.Breaking news when it happens and only from the source. Eat to Live Jenna Fuhrman, Dr. Fuhrman Our health is our most precious gift and smart nutrition can change your life. Each month, join Dr. Fuhrman and his daughter, Jenna Fuhrman as they discuss important topics in the world of nutrition. Eat to Live will change the way you eat and think about food. French Your Way Jessica: Native French teacher founder of French Your Way Boost your French listening skills and test your comprehension with this one of a kind series of podcasts. Get the chance to listen to a real conversation between native speakers talking at normal speed AND customise your learning experience through carefully designed sets of questions (2 levels of difficulty) available for download at www.frenchvoicespodcast.com. All interviews also come with the transcript. French teacher Jessica interviews native speakers of French from around the world who share a bit of their life and passion. Where else would you meet in one same place a French yoga teacher based in Melbourne, a soap manufacturer from Provence, or a couple cycling around the world?

Frequently Asked Questions

How long is this episode of Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News?

This episode is 35 minutes long.

When was this Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News episode published?

This episode was published on June 21, 2026.

What is this episode about?

This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps.In this Ship It: Conversations episode, I talk with Joel DeStefano from Guardsquare about mobile app security, why it is different from backend and cloud...

Can I download this Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!