•  Oxford: +44 (0)1865 877830 
  • Manchester: +44 (0)161 713 0176 
  •  London: +44 (0)203 5983740 
  •  New York: +1 646-781-7580 
  • Dubai: +971 (0)4 427 0429

Mobile App Penetration Test

You are here

Organisations from banks to bed and breakfasts are now providing mobile apps for their customers on a variety of devices and operating systems. Mobile apps are just as vulnerable to attack as web applications. Dionach offer specialist mobile app penetration testing to cover the specific needs of mobile app vulnerabilities.

Mobile apps can be considered as two separate parts: the mobile app itself on the devices, and the web services that the mobile app communicates with. Dionach will carry out an effective penetration test by looking extensively at both of these elements.

The penetration test as a whole will follow a general penetration test process: information gathering, scanning and probing, vulnerability assessment, exploitation, and reporting. The mobile app itself will be checked for:

  • Input validation vulnerabilities
  • Sensitive data in the app binary or code
  • Sensitive data in memory and local storage
  • Local communication issues such as Bluetooth or NFC
  • Residual sensitive data on removal
  • Platform specific logging vulnerabilities
  • Issues around jailbroken devices

The platforms included in the penetration test could be iOS IPA files on the iPhone or iPad, Java APKs on Android devices, XAP files for Windows Phone, other mobile platforms, or several of these platforms.

The penetration test on the web services that the mobile app communicates with is more like a standard web application penetration test, with consideration of the OWASP top ten, business logic flaws, information disclosure, and web server infrastructure vulnerabilities.

The final deliverable is a comprehensive report with an executive summary and a list of technical vulnerabilities, prioritised by risk. The vulnerabilities will have recommendations for remediation.

Dionach will:

  • Work to deliver the penetration test in your timescales
  • Understand the purpose and context of the mobile app for an effective mobile app penetration test
  • Have consultants available after the test is complete for any follow up questions

Contact Dionach now with a link to your mobile app for a quote for a mobile app penetration test.