Superlative security research is still coming out of the IOActive game-changing environment (this has been going on for years now - how do they do it...).
Case in Point: The work of Alejandro Hernandez and his current project targeting the apparent insecurity of some (but not all, mind you) stock trading applications so popular amongst the budding young (and old - don't forget the greybeards) kings and queens of capitalism.
In the case under scrutiny, a highly detailed - most importantly: thoroughly accurate - examination of a large number of commercially available applications executing their binary bits on a variety of platforms. Read all about it on Mr. Hernandez's blog post at Iocactive, and white paper. You'll be glad you did.
via Martin Brinkmann, writing at Ghacks, tells us of the shameful track record of Google Inc. aka Alphabet Inc. (Nasdaq: GOOG) in policing the company's own browser (Google Chrome) add-on store; based on this report from Radware.. Not too mention the astonishing numbers of malicous apps in the company's Google Play Android shop. Read it an Weep.