Zimperium - Experts & Thought Leaders

Zimperium, the world's pioneer in mobile security, now announced that Alistaire Davidson has joined the company as Chief Financial Officer, reporting directly to CEO Shridhar Mittal. Alistaire brings more than 20 years of finance leadership experience across private equity–backed and public software companies. Alistaire most recently served as Regional CFO, Americas at The Access Group, where he led the post-acquisition integration of two strategic business units. Prior to The Access Group, he held progressive finance leadership roles at AVEVA, supporting the company’s SaaS transition across the Americas and driving a global services transformation that delivered significant margin improvements. Zimperium’s continued expansion “Alistaire’s deep financial expertise and proven ability to scale global software organisations make him a strong addition to our leadership team,” said Shridhar Mittal, CEO of Zimperium. “As demand for mobile security continues to accelerate worldwide, his leadership will be instrumental in guiding Zimperium through our next phase of growth.” As CFO, Alistaire will oversee financial strategy, planning, operations, and performance management to support Zimperium’s continued expansion across global markets.

Zimperium, the global pioneer in mobile security, revealed findings from its zLabs team showing that thousands of popular Android applications — including top travel, airline, and weather apps — are still using an outdated mapping component that could put users and enterprises at risk. The investigation, titled “Follow the Map to Enterprise Risk: What’s Inside Popular Android Apps,” found that a legacy library known as libmapbox-gl.so, once part of Mapbox GL Native, remains embedded in thousands of active apps despite being deprecated in 2023.  The outdated library includes older code versions containing known security flaws — issues that could be exploited to compromise devices, steal data, or disrupt app functionality. Strengthening app ecosystem security Zimperium continues to work closely with Google through the App Defence Alliance (ADA) to strengthen app ecosystem security. While there is currently no evidence of active exploitation, developers using the archived Mapbox GL Native SDK are strongly encouraged to migrate to Mapbox Maps SDK v10+ or MapLibre to maintain app security and integrity. “These vulnerabilities transform everyday apps into potential attack vectors,” said Nico Chiaraviglio, Chief Scientist at Zimperium, adding “When trusted applications ship with outdated components, it creates blind spots that can expose both users and enterprises. Our mission is to help organisations gain visibility into these hidden risks — so they can protect the mobile apps and devices that power their business.” Zimperium’s analysis revealed: Thousands of Android apps still contain the vulnerable library. 40% of affected apps rank among the top 20 in their Play Store categories. Many are installed on employee devices, posing serious BYOD and enterprise exposure. 

Zimperium, the global pioneer in mobile security, released new research from its zLabs team revealing a sharp rise in mobile threats tied to the holiday shopping season. The Mobile Shopping Report: From Carts to Credentials highlights how cybercriminals are exploiting the seasonal surge in e-commerce and mobile app activity to target both consumers and enterprises. According to zLabs’ analysis, mishing (mobile phishing) remains the most widespread and effective mobile attack vector. Smishing messages and fake delivery alerts impersonating trusted retail and logistics brands surged up to 4x during the 2024 holiday shopping period, with attackers using urgency-driven messages like “Your package is delayed, click here” to trick users into revealing credentials or downloading malicious apps. Expanding malware families  The report also finds that malware families are expanding beyond banks to target shopping and payment apps, using overlays and accessibility permissions to steal credit card data, intercept one-time passwords (OTPs), and compromise digital wallets. Meanwhile, legitimate retail apps continue to expose users and enterprises through misconfigured SDKs, hardcoded private keys, and vulnerable third-party libraries. These are all weaknesses that can be exploited for data theft or remote code execution. “These findings confirm what we’ve been tracking throughout the year: attackers are taking full advantage of the mobile commerce boom,” said Kern Smith, SVP of Global Solutions Engineering at Zimperium. “What begins as a fake shipping alert or counterfeit shopping app can quickly evolve into a corporate breach when employees shop or click from work-connected devices.” Consumer and enterprise risk The zLabs team also warns that the holiday season now blurs the boundary between consumer and enterprise risk. Employees using BYOD or corporate-enabled devices to shop, track packages, or manage payments introduces new pathways for credential theft and brand impersonation scams. “As mobile and enterprise ecosystems converge, security teams must treat the holiday season as a critical risk window, not just for consumers, but for the business itself,” said Ignacio Monta, SVP, Strategy & Threat Intelligence at Zimperium.