project black logo
Penetration Testing

Mobile Application Testing

Mobile applications often handle sensitive user data and require robust security measures. Our mobile application penetration tests help to identify vulnerabilities in both iOS and Android applications, ensuring your users' data remains protected.

Get Your Mobile App Tested

Our Engagement Process

T-14 days

Scoping

Our mobile app testing scope is defined through detailed consultation to understand your application’s architecture, features, and security requirements.

We’ll determine which platforms (iOS/Android) need testing and identify specific areas of concern, such as data storage, API endpoints, and inter-process communication.

T-7 days

Get Ready for Testing

Prior to testing, we ensure all necessary access is prepared. This includes access to the latest application builds (e.g. via TestFlight), test accounts with various privilege levels, and any backend API documentation.

For more thorough testing, we may request access to development builds that enable additional debugging capabilities.

Start of Testing

Our consultants begin their assessment, examining both client-side and server-side components of your mobile application.

Any critical security findings that could put your users at immediate risk are reported as soon as they’re discovered.

T+14 Days

Report Delivery and Debrief

We deliver a detailed report outlining all discovered vulnerabilities, their potential impact, and specific recommendations for remediation.

During our debrief session, we walk through the findings, explain their technical details, and provide practical guidance for implementing security fixes.

Why Mobile Application Testing?

Protect User Data

Mobile apps often store sensitive user information directly on devices. Our testing ensures this data is properly protected through encryption, secure storage locations, and appropriate access controls.

Secure Communication

With mobile apps frequently communicating with backend services, ensuring secure data transmission is crucial. We verify that all client-server communication is properly encrypted and protected against interception.

Platform Compliance

Both iOS and Android platforms have specific security requirements and best practices. Our testing helps ensure your app adheres to platform-specific security guidelines and app store requirements.

Brand Protection

Security incidents in mobile apps can severely damage user trust and brand reputation. Regular security testing helps prevent such incidents and demonstrates your commitment to protecting user privacy.

Our Mobile Application Testing Methodology

Mobile application penetration testing evaluates the security of iOS and Android applications to identify vulnerabilities that could result in risk to our clients or their end users. The assessment considers both server-side and client-side security risks.

Key Testing Areas

Server-Side Security

Our server-side assessment focuses on evaluating traditional web application vulnerability classes specifically in the context of mobile API endpoints, including:

  • Authentication mechanisms
  • Authorisation controls
  • Injection vulnerabilities
  • Business logic vulnerabilities

Client-Side Security

Our client-side assessment examines the security of the mobile application itself:

  • Data storage analysis to validate sensitive data is stored in properly protected locations
  • Verification that sensitive information is not leaked to publicly accessible locations
  • Validation of encryption for data in transit
  • Assessment of inter-process communication mechanisms (when applicable)

Testing Standards

Our mobile application testing methodology aligns with industry-leading standards including:

  • OWASP Mobile Security Testing Guide (MSTG)
  • OWASP Mobile Application Security Verification Standard (MASVS)
  • OWASP Mobile Top 10

Our comprehensive approach ensures that both platform-specific and general mobile application security concerns are thoroughly evaluated using a combination of manual testing techniques and specialized mobile security tools.

Ready for a Pentest Quote?

Simply fill out and submit the form, and we'll provide you with a quote within hours - unless you fill it in at 3am!

Contact Us:

  • Privacy Policy (November 2023)
  • This policy outlines how we collect, use, and safeguard your personal information.
  • Information We Collect & How We Use It
  • Contact Form: When you use our contact form, we collect your name, email, and phone number. This is used to respond to your inquiries
  • Microsoft Clarity, Google & Bing Analytics: We use Microsoft Clarity together with Google & Bing Analytics to collect data such as your page views, and visitor behavior on our site. This helps us understand how our website is used to help us improve our site.
  • We do not share your personal data with any third parties, except as necessary for Microsoft Clarity, Google & Bing Analytics analysis, see their privacy policies for more information.
  • Data Security
  • Contact form information is sent via formspree.io as this is a 100% static site to a shared mailbox in Office 365. Access to this mailbox is restricted to specific individuals within our company to ensure the security of your information.
  • formspree.io helps us archive a copy of the form submission where it is retained for 30 days. If you prefer to contact us directly, you can email us at [email protected] for the same purpose.
  • Your Rights
  • You have the right to access, amend, or request the deletion of your personal data. If you have any privacy-related concerns, questions, or requests regarding your personal information, please contact us at [email protected].
  • Changes to Privacy Policy
  • Our privacy policy may be updated periodically. Any changes will be posted here and communicated to individuals who have previously submitted forms.
  • Jurisdiction
  • This privacy policy adheres to the Australian Privacy Principles.