Mobile Application Penetration Testing

Access the security of any mobile application

Mobile applications are a convenient way for your users to access information, but it can also be a way for attackers to access theirs.

We’ll find any vulnerabilities that attackers could use to bypass security measures, putting your users’ information and privacy at risk.

Benefits of a mobile application penetration test

  • Find sensitive information mobile devices
    The device is assessed to ascertain whether suitable security measures have been taken to protect sensitive information in the event that devices with the application have been stolen/entered the wrong hands.
  • Assess API security
    We will identify any unauthorized access to data using APIs that the mobile device uses and whether suitable protection has been applied for secure communications between the device and the service.
  • Discover sensitive information in-app diagnostics log data
    Crash reporting and app diagnostics services will be analyzed to identify personal and sensitive data that could have been included in diagnostics data, which could violate GDPR and other data protection regulations.
  • Ensure correct app permissions
    Device components that the app is using will be examined to determine the suitability to access these, such as camera, microphone, clipboard.

Our approach to mobile application penetration testing

Our specialist penetration testers use a combination of automated and manual testing to assess iOS and Android applications. The OWASP Mobile Security Guide and eWPT methodologies are used together with our own proprietary methodology and checks. These grow to include concerns about privacy.

Included in mobile security testing is:

  • OWASP Mobile Top Ten checked
  • Authentication and session implementation
  • Static analysis of the application binary
  • Jailbreak detection
  • Broken access control
  • SSL pinning countermeasure
  • Testing the APIs for injection

Frequently asked questions.

If you have any further questions, Get in touch with our friendly team or visit our general FAQ's here
Do you test iOS and Android applications?

Yes. Our penetration testing labs are set up for Apple (iOS) and Android environments, so we can test applications on both platforms.

Do you test the user sign up process?

We will test a self-registration process and the account verification process to give you and your customers confidence in your security/keep you and your customers assured.

Is the application reverse engineered?

We will reverse engineer the application where we can look for evidence regarding how the application has been developed and also for hardcoded sensitive information, such as API keys and credentials.

Book with Informer today.

Book Now