Mobile application security audit

The project goal was to assess the security level of the customer’s iOS/Android mobile applications according to the best security standards and recommendations. The OWASP Mobile Application Security Verification Standard (MASVS) was used as a basis as well as OWASP Mobile Testing Guide. The first part of the audit was the interview with the developer to found issues in the SDLC part and in the application code. The second stage included source code analysis, found vulnerabilities reproduction (with the aid of Frida dynamic instrumentation framework, jwt/gdb debuggers for Android, lldb debugger for iOS).


As a result, the customer has received a detailed report with the checklist of MASVS requirements and their verification results (OK, Found, N/A) and the detailed recommendations on how to fix them to become MASVS compliant. Some of the identified vulnerabilities included:

  • Unsafe web-view components use, which allowed Universal XSS
  • Logging to the system logs of the sensitive data (including API keys and credentials)
  • The lack of encryption of stored data
  • Broadcast theft in the Android application which allowed to intercept sensitive data
  • Unsafe URL handler in iOS which allowed application crash.
This website uses cookies to give you the best experience. Terms & Conditions