When conducting mobile application penetration tests, we decompile the app for static analysis and instrument the app for dynamic analysis. With the knowledge provided, we reverse engineer and inspect the inner workings of the application to find and exploit vulnerabilities. We assess the security of iOS apps as well as Android apps - found in many different types of devices such as smartphones, smartwatches, TVs, and vehicles.
An easily overlooked security pitfall related to applications in general, smartphone applications included, is attempting to hide logic, secrets, and other internals on the client by obfuscation, encryption, or in-memory storage. By following Best Current Practices related to smartphone apps, you can significantly enhance the security of your mobile applications, protecting both your users and your business from potential threats.
But, even when best practices and principles are followed - such as utilizing system-level key vaults, TLS certificate pinning, and root detection - they can be circumvented by a somewhat skilled user to perform network Man-in-the-Middle, reverse engineering, and further dynamic analysis. This is where we are proficient and can help you secure your mobile applications by attacking them in a controlled manner before the bad guys do. Our services can help you verify that you are following best practices and identify any vulnerabilities that may exist in your mobile applications.