a

Mobile Application Security

Invest in building and deploying world-class mobile applications for your organization while we handle your mobile app security. Our team of security experts performs both dynamic and static testing of mobile applications for all platforms and environments.

PROCESS FLOW


Our process flow is smooth and simple.

a

Schedule
A Meeting

a

Scope Assessment
And Timeline

a

Payment
for Services

a

Security
Audit

a

Draft
Report

a

Retesting

a

Final
Audit Report

Mobile Application Security

S.NO Audit Category Audit Category Checklist
1 Data Storage and Privacy
Testing Whether Sensitive Data Is Exposed via IPC Mechanisms
Testing the Device-Access-Security Policy
Testing for Sensitive Information in Auto-Generated Screenshots
Testing Whether Sensitive Data Is Sent To Third Parties
Testing for Sensitive Data Disclosure Through the User Interface
Testing For Sensitive Data in Local Data Storage
Testing For Sensitive Data in Logs
Testing Whether the Keyboard Cache Is Disabled for Text Input Fields
Testing user education
Testing for Sensitive Data in Backups
Testing for Sensitive Data in Memory
2 Resiliency Against Reverse Engineering
Testing Debugging Defenses
Testing Jailbreak Detection, Testing Root Detection
Testing Device Binding
Testing Simple Emulator Detection
Impede Comprehensive Analysis
Testing Run-Time Integrity Checks
Testing Detection of Reverse Engineering Tools
Testing Obfuscation
Testing File Integrity Checks
Testing Simple Obfuscation
3 Network Communication
Testing Custom Certificate Stores and SSL Pinning
Testing for Unencrypted Sensitive Data on the Network
Verifying that Critical Operations Use Secure Communication Channels
Verifying the TLS Settings
Testing Endpoint Identify Verification
Verifying the Security Provider
4 Code Quality and Build Settings
Testing for Weaknesses in Third Party Libraries
Testing for Debugging Symbols
Testing for Memory Management Bugs
Testing for Debugging Code and Verbose Error Logging
Verifying That the App is Properly Signed
Verifying usage of Free Security Features
Testing If the App is Debuggable
Testing Error Handling in Security Controls
Testing Exception Handling
5 Cryptography
Verifying the Configuration of Cryptographic Standard Algorithms
Testing Random Number Generation
Verifying Key Management
Testing for Custom Implementations of Cryptography
Testing for Insecure and/or Deprecated Cryptographic Algorithms
6 Platform Interaction
Testing For Sensitive Functionality Exposure Through IPC
Testing Input Validation and Sanitization
Testing WebView Protocol Handlers
Testing App Permissions
Testing Whether Java Objects Are Exposed Through WebViews
Testing for Object (De-)Serialization
Testing Custom URL Schemes
7 Authentication and Session Management
Testing 2-Factor Authentication
Testing the Password Policy
Testing Step-up Authentication
Testing Excessive Login Attempts
Testing Stateless Authentication
Testing the Session Timeout
Verifying that Users Are Properly Authenticated
Testing Session Management
Testing Biometric Authentication
Testing the Logout Functionality
Testing Login Activity and Device Blocking
8 Architecture, design and threat modelling
All app components are identified and known to be needed.
A high-level architecture for the mobile app and all connected remote services has been defined and security has been addressed in that architecture.
Security controls are never enforced only on the client side, but on the respective remote endpoints.
Data considered sensitive in the context of the mobile app is clearly identified.

JOIN OUR

COMMUNITY

Get exclusive updates on the latest security threats, innovative solutions, and industry news. Connect with fellow security enthusiasts, developers, and businesses building a secure Web3 future.

bg

Get In Touch

Let's discuss how we can help you achieve your goals.