MOBILE APP TESTS
iOS and Android,static anddynamic.
Mobile tests at SEKurity follow the OWASP Mobile Application Security Verification Standard (MASVS) and the Testing Guide (MASTG). We combine static reverse engineering of the binaries with dynamic runtime testing on unlocked devices.
01 · STATIC
Binary analysis, secrets, third-party.
We disassemble IPA and APK artifacts, review obfuscation, hard-coded secrets, API keys and signing keys, analyse third-party SDKs for known vulnerabilities and assess the attack surface of exported activities, services, content providers and URL schemes. On iOS we analyse entitlements, app groups and Keychain ACLs.
02 · DYNAMIC
Jailbreak, root, pinning, interception.
On rooted and jailbroken devices we test jailbreak and root detection, bypass certificate pinning with Frida scripts, examine TLS configurations and hook security-relevant methods at runtime. We evaluate local storage in SQLite, preferences, Core Data, Keychain and Android Keystore and check backup and clipboard behaviour.
03 · BACKEND COUPLING
The API counts too.
A mobile app without a backend test is half a job. We test the APIs behind the app with the same rigour as a web test: per-object authorisation, rate limiting, device binding, push token handling and server-side verification of in-app purchases. Jailbreak detection alone protects nothing if the API blindly accepts every request.
READY
Mobile testing by MASVS, not by checklist.
You get a report development and security can work through together, including reproducible Frida hooks and recommendations for MASVS level L1 or L2.