What we do
We security assess the app’s functionality and how it interacts with both the mobile device and the remote web services it needs to retrieve information.
With our deep knowledge and understanding of iOS and Android native mobile app security, we look for security issues associated with data privacy, communications between the app and the web servers, and any vulnerabilities in the actual web services that could lead to unauthorised access to sensitive information.
The most common vulnerabilities found in mobile apps are tested for, in line with OWASP’s Mobile risks:
- Sensitive data leaks
- Hard-coded passwords/keys
- Client-side injection
- Lack of binary detection
- Insecure transmission of data
- Insecure data storage
- Poor authentication and authorisation
- Improper session handling