What does a developer advocate do?

What does a developer advocate do for a living? I mean, what is it that you are paid to do? I’ve seen your description below but it doesn’t tell me much. Could you elaborate?

There are some people who believe Android devices are remotely pwned by default and Google and the OEM vendor can take a peek at any moment they want. So not sure what security could even exist on such phones?

3 Likes

To do this:

I though it was clear, but I will try to rephrase:

  • I code in many programming languages as needed to create Approov QuickStart integrations,
  • I code as many demos as need in any programming languages.
  • I create blog posts about quickstarts, demos and educational content about Mobile API Security.
  • Sometimes I also give technical support for clients integrating Approov.
  • I present Approov demos on scheduled live calls.

This is not only for Developer Advocate, it may be for a mobile sdk developer, for a DevOps, for quality assurance(testing like an hacker), for technical marketing, technical writer, etc. .

I was hired just because the recruiter sent my CV for a DevOps position, that I told the recruiter I was not a good fit for, but they liked my CV and created the Developer Advocate role to get me in :wink:

So basically the company is always interested in people with good skills in mobile and API security.

Do you have any links?

I know this type of theory of conspiracy for computers, TVs, but I think is the first time I see a mention about mobile phones… Anyway I am not admired this believes exist for any kind of device connected to the internet, after all even the 3G, 4G cell towers have so buggy software, and with insecure protocols from the 70’s, that I am not admired that state actors or even private ones can do a lot of snooping through them.

Some links about how the mobile infrastructure is flawed by design, specially due to the SS7 hack:

Are you thinking that we are trying to do something like RASP?

Runtime application self-protection (RASP) is a security technology that uses runtime instrumentation to detect and block computer attacks by taking advantage of information from inside the running software.

RASP technology is said to improve the security of software by monitoring its inputs, and blocking those that could allow attacks, while protecting the runtime environment from unwanted changes and tampering.

We are more about Mobile API Security in the terms of locking down the mobile app to the API server in away that the API server will have an high degree of confidence that the request comes from a genuine and untampered version of the mobile app uploaded to the Google Play Store or Apple Play Store.

Some are saying that Android Security may be better then iOS one:

https://onezero.medium.com/is-android-getting-safer-than-ios-4a2ca6f359d3

2 Likes

Oh, I am not claiming anything about iOS vs. Android, just what I heard from people who were very much into electronics. No, I don’t have links, and I agree that conspiracy theories are normal. I am not saying that I believe them – but there would be a strong vested interest if all mobile device’s security can be remotely compromised at any time by governments, don’t you think? Basically, “follow the money and power” thing. :slight_smile:

I am not a conspiracy theorist but in the rush to have working technology people do take shortcuts and this has been acutely visible in the last several years – literally every week there are news about personal data leaks of hundreds of millions of people whose details are now on the net.


Thanks for your clarifications. From them I gather you are a programmer who also does demos and advocates for certain practices – now I understand the title better. :slight_smile:

3 Likes

I don’t believe that mobile devices, computers or any other type of device can all be remotely compromised by design at anytime by the government, but the reality is that Software is more buggy that anyone may think, and this is all true down into the firmware and backbone infrastructure of the internet. Some believe that some of this bugs are left there intentionally in order to be exploited by who know they exist, like the manufacturer, the government and ??? So they are not an explicit backdoor, because normally you need to chain them together to compromise a device.

So all the attackers need to do is to find exploits, specially Zero day exploits and chain them together in very clever and imaginative ways in order to compromise remotely or not the security of a device, and this is happening all the time in computers, routers, mobile phones, TVs, IOT devices, Cameras, Medical Devices, you name it :wink:

It’s in the wild for a lot of years a virus/trojan that survives resets of your computer, reinstall of the operating system. To get ride of it you need to buy a new disk.

Also is in the wild a virus/trojan for your home router that let’s the command and control server switch off from the internet all the home users that have their router compromised by it. This is an effective way to shut of regions of a country or even an entire country from accessing the internet(when the % of compromised routers is huge). To fix it you need to replace the router, because a factory reset will not fix it.

Do you want me to continue?

3 Likes

To be honest the scope changes with companies. In some companies you spend more time in conferences and meetups, and preparing for them, then doing anything else.

3 Likes

Yes, please.

3 Likes