Auditing of Android and iOS mobile applications
Mobile applications are being used more and more, as a complement to web applications. Therefore, they're also increasingly being targeted by attackers. We can audit your Android and iOS mobile applications with both a static and a dynamic analysis.
A mobile application audit can be broken down into two phases.
- The static analysis allows, in a first step, to audit the safety of the application as such. We're doing a reverse engineering phase in order to understand the application code, and study its interactions with the system. The application doesn't need to be launched or used for this : tools allow us to analyze its operation without having to install it.
- In a second stage, the dynamic analysis allows to exploit the vulnerabilities we identified during the static analysis, but also to discover new vulnerabilities. We will study the data exchange with a possible server, and then try to attack it directly, without going through the application.
The prerequisite for this audit is to have the .apk (Android) or .ipa (iOS) installation file of the application. We can also retrieve the latest version of the application from the corresponding application store if you wish.
audit of your Android or iOS mobile application
A mobile application often communicates with a server to exchange data. Unlike a web application, which is independent of the browser in which it runs, a mobile application is designed to meet a particular need. The big difference between web penetration testing and mobile application auditing is therefore in the reverse engineering phase and the analysis of the mobile application behavior.