Service 05, included in your subscription
Mobile app penetration testing
We assess the mobile client, runtime behaviour and back-end traffic together, because real mobile risk sits between the app binary and the APIs it trusts.
What we test
Local storage
Keychain, SharedPreferences, SQLite, files and sensitive cache handling.
Transport security
TLS validation, certificate pinning, interception and downgrade paths.
Platform APIs
Permissions, intents, deep links, IPC and unsafe platform usage.
Reverse engineering
Hardcoded secrets, code tampering and binary protection assumptions.
Runtime behaviour
Dynamic testing with instrumented devices and controlled network capture.
Back-end APIs
Authorisation and data exposure in the services the app depends on.
What you get
A report your auditor and your engineers both understand
Executive summary, per-finding reproduction steps, severity-rated remediation guidance and retesting included once you have fixed the issue.
Book a call