What Do We Offer? MAST Service Scope
We address mobile application security with a three-layer approach: static analysis (binary/source code), dynamic analysis (runtime) and backend API testing.
Static Analysis (SAST)
APK/IPA binary reverse engineering, decompilation, source code analysis. Detection of hardcoded secrets, insecure API keys, weak cryptography and debug flags.
Dynamic Analysis (DAST)
Runtime testing on a real device/emulator. SSL pinning bypass, root/jailbreak detection, runtime manipulation, memory dump.
Backend API Testing
Security testing of the backend APIs the mobile application communicates with. Authentication, authorization, rate limiting, injection vulnerabilities.
Data Storage Analysis
Local data storage security: SQLite, SharedPreferences, Keychain/Keystore, file system. Sensitive data stored without encryption.
Cryptography Assessment
Encryption algorithms, key management, random number generation. Detection of weak/deprecated algorithm use, hardcoded keys, IV reuse.
Network Security
TLS/SSL configuration, certificate pinning implementation, cleartext traffic, MITM attack resistance. Network security config analysis.
Android-Specific Tests
- AndroidManifest.xml permission analysis
- Content Provider, Broadcast Receiver, Activity export checks
- WebView security (JavaScript injection, file access)
- Root detection bypass and Frida/Xposed hooking
- ProGuard/R8 obfuscation effectiveness
iOS-Specific Tests
- Info.plist and entitlement analysis
- Keychain data protection class checks
- App Transport Security (ATS) configuration
- Jailbreak detection bypass and Cycript/Frida
- URL scheme hijacking and deep link security