We assess the security posture of smartphone applications through penetration testing and code reviews.
An easily overlooked security pitfall related to applications in general, smartphone applications included, is attempting to hide logic, secrets and other internals on the client by obfuscation, encryption or in-memory storage. Even when Best Current Practices related to smartphone apps are followed - such as utilizing system-level key vaults, SSL/TLS certificate pinning and root detection - they can be circumvented by a somewhat skilled user to perform network Man-in-the-Middle, reverse engineering and further dynamic analysis.
When conducting mobile application penetration tests we decompile the app for static analysis and instrument the app for dynamic analysis. With the knowledge provided we reverse engineer and inspect the inner workings of the application to find and exploit vulnerabilities.
We assess the security of iOS apps as well as Android apps - found in many different types of devices such as smartphones, smart watches, TVs and vehicles.