Mobile application audit

Android mobile app analysis!



Synetis offers analysis of Android mobile applications. The objective is to verify:

During these audits, a decompilation of the KPA is carried out in order to perform a static analysis. In addition, a dynamic analysis is performed to verify the proper functioning of security mechanisms specific to Android.

The first part of the Synetis methodology consists of a complete static analysis whose main goal is to disassemble the application in order to discover implementation security weaknesses at the level of the application source code, secrets and sensitive information directly accessible in the configuration files.

The second part of the audit consists of dynamic analysis whose goal is to test the behavior of the application vis-à-vis the use of the application by an attacker such as injection attempts to exploit vulnerabilities such as SQL Injection, Cross-Site Scripting and many others.

According to the guide published by OWASP (Open Web Application Security Project), mobile application audits in general aim to verify the security of the following points:

This guide is based on the MASVS (Mobile Appsec Verification Standard) and a checklist for defining the security level of a mobile application. This is defined according to the following levels:

Since level R can be combined with the others, there are actually four levels, which are combinations of levels L1 and L2 with and without level R(L1, L1+R, L2, L2+R).

In concrete terms, the first level L1 corresponds to the standard security that an application should have, while the second level L2 corresponds more to applications handling highly sensitive data and requiring the implementation of a risk analysis.

Protection and monitoring of si

Our Audit experts
answer your questions

These articles may be of interest to you: