Mobile applications that handle sensitive data, including financial data or data with a high degree of privacy, should undergo security verification. These applications are an implementation of the client-server communication model. The vulnerability of such systems to attack is lower than for server applications, which are usually exposed to wide network access and have a large attack surface.
The threat to a mobile application can come primarily from another installed application. The application market is huge nowadays (e.g. for Android platform, over 3 million programs). Large offer, interesting features, and cursory, automatic code verification by platform owners for their downloads make mobile device infections common. Moreover, a poorly secured application on a phone or tablet can also make it vulnerable to attacks such as the Man-in-The-Middle).
The service includes security analysis of applications for Android and IOS platforms. The analysis can be performed as a BlackBox, without providing source codes, or as a WhiteBox, when source codes are made available. Blackbox analysis will include interaction with the application under test from the perspective of another application of the same operating system with different privilege levels. The service will test all inter-process communication channels available on a given platform, and check the security of the software file data repository. The service will also include actions to intercept network traffic.
The service will end with a report stating the security level of the mobile application along with an action plan to remove any identified vulnerabilities.
Implementing the service requires limited organizational and technical actions to accommodate the project. The delivery risk is related to the changing technical and legal conditions in the IT area (medium level). Counteracting and mitigating actions will include monitoring of changes and development of experts' competences in the desired directions.
Service provided by the CyberSec project.
Do you have questions or do you need detailed information? Email us with questions.