WCSS logo

Wrocław Centre for
Networking and Supercomputing

Mobile Application Security Audit

Mobile applications that handle sensitive data, including financial data or data with a high degree of privacy, should undergo security verification. These applications are an implementation of the client-server communication model. The vulnerability of such systems to attack is lower than for server applications, which are usually exposed to wide network access and have a large attack surface.

The threat to a mobile application can come primarily from another installed application. The application market is huge nowadays (e.g. for Android platform, over 3 million programs). Large offer, interesting features, and cursory, automatic code verification by platform owners for their downloads make mobile device infections common. Moreover, a poorly secured application on a phone or tablet can also make it vulnerable to attacks such as the Man-in-The-Middle).

The service includes security analysis of applications for Android and IOS platforms. The analysis can be performed as a BlackBox, without providing source codes, or as a WhiteBox, when source codes are made available. Blackbox analysis will include interaction with the application under test from the perspective of another application of the same operating system with different privilege levels. The service will test all inter-process communication channels available on a given platform, and check the security of the software file data repository. The service will also include actions to intercept network traffic.

The service will end with a report stating the security level of the mobile application along with an action plan to remove any identified vulnerabilities.

Implementing the service requires limited organizational and technical actions to accommodate the project. The delivery risk is related to the changing technical and legal conditions in the IT area (medium level). Counteracting and mitigating actions will include monitoring of changes and development of experts' competences in the desired directions.

Service provided by the CyberSec project.

Do you have questions or do you need detailed information? Email us with questions.
Cookies settings

On our website we use files of the following types:

We use this type of cookies to ensure the full functionality of the page, as well as to remember some user choices, in order improving his work experience with the service. These cookies in any waydo not store sensitive data.

Although it is impossible to turn off these cookies under the settings, it is still possible to block ALL cookies by changing the browser settings. However, we do not recommend such action because it can significantly reduce interaction with the service.