logo-unlock-security

Mobile Security

Do not let the vulnerabilities of your apps threaten the security of your users: rely on us to protect them.

Contact us
Schedule a meeting
Mobile Security Service
private void invokePlugins() {
  for (PackageInfo info : getPackageManager()
                          .getInstalledPackages(0)) { 
    String packageName = info.packageName;
    Bundle meta = info.applicationInfo.metaData;
    if (packageName.startsWith("example.plugin.") &&
        meta.getInt("version", -1) >= 10) {
      try {
        createPackageContext(packageName, 3)
          .getClassLoader()
          .loadClass("example.plugin.Loader")
          .getMethod("loadMetadata", Context.class)
          .invoke(null, this);
      } catch (Exception e) {
          throw new RuntimeException(e);
      }
    // ...

We detect and report the vulnerability in your app

Our Mobile Security service helps identify the vulnerabilities in your mobile application (Android and iOS). We replicate different attack scenarios to locate the weaknesses in your app and, if applicable, in the queried APIs.

We bypass your protections
We identify and bypass any security mechanisms in your application (e.g. SSL pinning, anti-rooting, anti-tampering, anti-debugging).
Static analysis
We trace back to the source code of your application to analyze it comprehensively and find as many vulnerabilities as possible.
Dynamic analysis
We analyze the interactions between your application and any external services to detect any issues related to data usage.
Data protection
We check the way in which your application handles processed data to help you secure them from any malicious apps.

We follow the main industry standards

The Mobile Security service is delivered by our team of cybersecurity experts, strictly in compliance with the main industry standards and guidelines, including:

OSSTMM (Open Source Security Testing Methodology Manual)
NIST Cybersecurity Framework
OWASP MASVS (Mobile Application Security Verification Standard)
OWASP MASTG (Mobile Application Security Testing Guide)
OWASP Mobile Top 10
OWASP MASVS and MASTG standards for Mobile Security
Data protection
We pay close attention to data security in terms of confidentiality, integrity and availability.
Calculation of the impacts
The impact of each uncovered vulnerability is calculated based on the CVSSv3.1 standard.
Collaborative testing platform

We perform our tests in a collaborative way

All the ethical hackers involved in a project share their results in real time on our exclusive, controlled-access online platform. An easy solution that grants many benefits.

Maximum coverage
The cooperation among our ethical hackers maximizes the test coverage to prevent spending time on what has already been tested.
Quality, always
Project leaders can check all the time that the testing process respects the quality standards set by Unlock Security.
99% testing, 1% reporting
Automatizing the report issuance allows our testers to make full use of the time at their disposal for testing.

What we secure

Android apps
Native applications built with Java or Kotlin
iOS apps
Native applications built with Objective-C or Swift
Hybrid apps
Apps built with frameworks such as React Native or Flutter
HTML apps
Mobile apps built with web technologies

La nostra offerta

Ecco tutto ciò che ti offriamo con il servizio Mobile Security.
Our team of professionals
Clear and detailed reports
Support during the patching process
Additional customizations

Qualified Ethical Hackers, certified for the vulnerability research

Image link
Professional Penetration Tester
Professional Penetration Tester
This is an Ethical Hacking and Penetration Testing certificate concerning the attack techniques against networks, operating systems and applications.
Mobile Application Penetration Tester
Mobile Application Penetration Tester
This certificate is given to cybersecurity experts that possess advanced knowledge of mobile application security.
Web Application Penetration Tester
Web Application Penetration Tester
This certificate assess the skills of cybersecurity professionals with regard to web application penetration testing.
Continuing education
Unlock Security invests in the continuing education of its team to ensure constant training on the main subjects of cybersecurity.
Professional Penetration Tester
Professional Penetration Tester
This is an Ethical Hacking and Penetration Testing certificate concerning the attack techniques against networks, operating systems and applications.
Mobile Application Penetration Tester
Mobile Application Penetration Tester
This certificate is given to cybersecurity experts that possess advanced knowledge of mobile application security.
Web Application Penetration Tester
Web Application Penetration Tester
This certificate assess the skills of cybersecurity professionals with regard to web application penetration testing.
Continuing education
Unlock Security invests in the continuing education of its team to ensure constant training on the main subjects of cybersecurity.

We pay close attention to detail to deliver a comprehensive and effective report

Image link
Executive report
Summary of the obtained results that provides high-level details concerning the vulnerabilities, in order to give an overview on the target security situation.
Suggestions for patching
Suggestions for your developers about the patches that can be applied to solve the reported issues.
Technical detail
Details about the detected vulnerabilities and their impact on the target system. This section helps developers understand the reported issues and their impact.
Multilingual report
The whole report can be issued both in Italian or in English.
Executive report
Summary of the obtained results that provides high-level details concerning the vulnerabilities, in order to give an overview on the target security situation.
Suggestions for patching
Suggestions for your developers about the patches that can be applied to solve the reported issues.
Technical detail
Details about the detected vulnerabilities and their impact on the target system. This section helps developers understand the reported issues and their impact.
Multilingual report
The whole report can be issued both in Italian or in English.

We support your developers throughout the whole vulnerability patching process.

Image link
1
Presentation
We schedule a meeting to present and detail the security report in its entirety.
2
Validation
We evaluate and validate the plan proposed by your developers to avoid errors during the patching process and optimize the remediation time.
3
Implementation
Your developers carry out the strategy defined in the validation stage and apply the patches.
4
Review
We replicate the attacks to make sure that the patching plan was implemented correctly.
1
Presentation
We arrange a meeting to present and detail the security report in its entirety.
2
Validation
We evaluate and validate the plan proposed by your developers to avoid errors during the patching process and optimize the remediation time.
3
Implementation
Your developers carry out the strategy defined in the validation stage and apply the patches.
4
Review
We replicate the attacks to make sure that the patching plan was implemented correctly.

We offer security services that meet the needs of your business.

Image link
Source code analysis
Further to our standard security assessment, we can provide a more in-depth analysis based on the source code.
Real-time access to the results
We designed an ad hoc solution to provide real-time access to the results obtained during our security tests.
Continuous testing
We offer the possibility to carry out security tests on an ongoing basis, to ensure long-lasting protection.
Special requests?
We are fully open to considering any new proposals to customize our services according to your needs.
Source code analysis
Further to our standard security assessment, we can provide a more in-depth analysis based on the source code.
Real-time access to the results
We designed an ad hoc solution to provide real-time access to the results obtained during our security tests.
Continuous testing
We offer the possibility to carry out security tests on an ongoing basis, to ensure long-lasting protection.
Special requests?
We are fully open to considering any new proposals to customize our services according to your needs.

FAQ

In this section, we answer some of the most frequently asked questions.

The main risks that we can identify are related to mobile app vulnerabilities. These vulnerabilities can be exploited by cybercriminals and malicious apps to cause several damages, such as:

  • Stealing sensitive information such as users' passwords and personal data.
  • Analyzing the app source code to leak any confidential information.
  • Infecting the app through malwares to steal any data or compromise the security of its users.

Our Mobile Security service helps you protect your mobile apps from these risks, by detecting and fixing the vulnerabilities before they can exploited by cybercriminals. This way, you prevent your app from being attacked and avoid any security risks for your users.

For your app to undergo our Mobile Security service, you should make sure that:

  • You can provide us with the APK file (for Android) or IPA file (for iOS) to install the app on our devices.
  • If the app is using any APIs, they must be made accessible via the Internet or through private network.
  • You can provide credentials to analyze the functionalities that require login, if applicable.

In terms of mobile application security, our service offers several advantages compared to automated scanning. In particular, our Mobile Security service simulates a cyberattack to identify any weaknesses and vulnerabilities.

Besides, our service provides a more accurate security assessment compared to any automated scan, since it is based on the simulation of real cyberattacks, similar to those that would be carried out by real hackers. Moreover, our service offers an evaluation of the consequences and the impacts of cyberattacks on your business, helping you define your priorities and the security measures that you should adopt.

Finally, our Mobile Security service can be customized based on the specific needs of your business, providing a more accurate and precise assessment of its security situation.

The OWASP Mobile Application Security Verification Standard (MASVS) is a standard for the assessment of mobile app security developed by the Open Web Application Security Project (OWASP) and used by Unlock Security as a guideline. The MASVS provides a set of security requirements for mobile applications and defines the criteria that the apps should meet in order to be considered secure.

The MASVS was outlined to help mobile app developers guarantee the security of their applications and protect the sensitive data of their users. The MASVS is based on the OWASP Mobile Security Testing Guide (MSTG), which provides detailed guidance on security testing for mobile applications.

The MASVS is divided into 2 levels: level 1, defining generic security requirements for mobile applications, and level 2, which defines advanced security requirements for the mobile applications that handle sensitive data, or are exposed to a higher level of risk.

The MASVS represents a very useful tool also for the mobile app developers that want to ensure the security of their applications and protect the sensitive data of their users. However, it is important to bear in mind that the security of mobile apps also depends on the way in which they are used, and on the security measures adopted by their final users.

The OWASP Mobile Application Security Testing Guide (MASTG) is a detailed guide to mobile app security testing developed by the Open Web Application Security Project (OWASP). The MASTG provides a set of techniques and methodologies for mobile app security testing along with a list of common vulnerabilities and instructions on how to detect and fix them.

Referring to the OWASP MASTG for mobile security testing is important because:

  1. It provides a comprehensive set of techniques and methodologies for mobile app security testing. The MASTG represents a detailed guidance on mobile app security testing, including all the necessary techniques and methodologies to verify the app security.

  2. It defines the security standards for mobile applications. The MASTG also includes a list of common vulnerabilities and defines the security standards that mobile applications should meet to be considered secure.

  3. It helps identify and fix the vulnerabilities. The MASTG provides a detailed description of how to detect and fix the vulnerabilities present in mobile applications, which helps developers guarantee the security of their applications.

In summary, referring to the OWASP MASTG for mobile security testing is important because it provides a comprehensive set of techniques and methodologies for mobile app security testing, it defines the security standards for mobile applications and helps identify and fix the vulnerabilities present in the applications.

If you need support to fix any security vulnerabilities, you can fully rely on Unlock Security for several reasons:

  1. Expertise and competence. Unlock Security is a company with solid experience in the cybersecurity field and its team is made of highly-qualified experts that are able to give all the necessary support to fix security vulnerabilities.

  2. Advanced methodologies and tools. Unlock Security relies on advanced methodologies and tools to detect and fix security vulnerabilities, ensuring the maximum efficiency and accuracy in the analysis and remediation of any issues.

  3. Custom solutions. Unlock Security provides custom solutions to meet the needs of each client effectively and ensure the best possible protection.

  4. Ongoing support. Unlock Security offers ongoing support to its clients, ensuring prompt feedback and effective assistance in case of issues or questions.

The OWASP Mobile Top 10 is a list of common vulnerabilities that can be found in the applications for mobile devices. Checking this list during a mobile penetration test can help ensure that the apps were tested for the most common and threatening vulnerabilities, which results in protecting the apps and their users' data.

Furthermore, the OWASP Mobile Top 10 is broadly acknowledged as a reference standard for the security of the applications for mobile devices. So, following it ensures that the apps are secure for their users and that they comply with the industry security requirements.

Contact us

Contact us for a free consultation: we will help you figure out if a pentest is the ideal solution to protect your business

Schedule a meeting
Reserve a slot the day and time that is most convenient for you from those available in the calendar
Ask for information
Visit the contact page to find out how to contact us or write to us an e-mail using a convenient contact form
Close
Search

Hit enter to search or ESC to close