Rhino Security Labs

Mobile App Penetration Testing

Penetration Testing for iOS/Android

Both business and public organizations today are using mobile apps in new and compelling ways, from banking applications to healthcare platforms. Managing security risk is a growing challenge on these platforms, with new vulnerabilities found every day. Is your mobile app safe from attackers?

Rhino Security Labs offers top-tier mobile app penetration testing services, providing a holistic risk assessment to your mobile application. With industry-leading researchers and security engineers in both iPhone and Android, we provide deep dive testing into local, on-device security issues, back-end web services, and the API’s which connect them.

Deep Support for both iOS and Android Platforms

With deep experience in both iOS and Android penetration testing, we understand the unique security challenges and vulnerabilities with each mobile architecture. This expertise allows us to customize assessments to specific concerns, such as reverse-engineering an iOS app or malware threats to an Android app.

Each mobile security assessment simulates multiple attack vectors and risks, including insecure storage, stolen device risk, mobile malware attacks, and both authenticated/unauthenticated app users.  Apps residing on in-house mobile devices? We provide custom scenarios to map enterprise conditions as well.

Static, Dynamic, and Source Code Pentesting

Integrating both static and dynamic analysis, our security experts test each mobile app at-rest and during runtime to identify all vulnerabilities.   This deep-dive methodology also targets local vulnerabilities as well, such as insecure storage of credentials, Android backups including sensitive app data, etc.

While our iOS/Android experts can decompile or reverse-engineering the apps themselves, more vulnerabilities can be identified through a full source code review of the application.  By reviewing the app source code during the penetration test, even deeply buried vulnerabilities can be identified and mitigated.

Standard and Jailbroken Device Testing

Our mobile security assessments take multiple attack vectors and threats into account, including Jailbroken iOS and rooted Android devices.
By comparing the vulnerabilities of both options, we can demonstrate the security risk from multiple user types, including dedicated attackers and everyday users.

Both Summary and Technical Detail Reports

Documentation and reporting are key to the success of a mobile app pentest.  We incorporate both executive summary and technical details to meet the needs of both leadership and app developers.  Specifically, this detailed penetration testing reporting is broken down as…

  • Summary Risk and App Strengths/Weaknesses
  • Risk-Prioritized Vulnerabilities and Description
  • Vulnerable Code Sections (when Source Code Review is integrated)
  • Attack Walkthrough (including screenshots)
  • Remediation and Defensive Recommendations