Audit of mobile application

Analysis of Android mobile applications!

Mobile Application Audit offer

Synetis offers an analysis of Android mobile applications. The objective is to verify:

During these audits, the APK is decompiled in order to perform a static analysis. In addition, a dynamic analysis is performed in order to verify the proper functioning of security mechanisms specific to Android.

The first part of the Synetis methodology consists of a complete static analysis, the aim of which is mainly to disassemble the application in order to discover implementation security weaknesses in the application's source code, secrets and sensitive information directly accessible in the configuration files.

The second part of the audit consists of a dynamic analysis whose goal is totest the behavior of the application with respect to its use by an attacker such as injection attempts to exploit vulnerabilities of the SQL Injection, Cross-Site Scripting and other types.

According to the guide published by the Open Web Application Security Project (OWASP), audits of mobile applications in general aim to verify the security of the following points:
This guide is based on the MASVS (Mobile Appsec Verification Standard) and a checklist to define the security level of a mobile application. This one is defined according to the following levels:

Knowing that level R can be associated with the others, there are actually four levels which are the combinations of levels L1 and L2 with and without level R(L1, L1+R, L2, L2+R).

In concrete terms, the first level L1 corresponds to the standard security that an application should have, the second level L2 corresponds more to applications dealing with very sensitive data and requiring the implementation of a risk analysis.

Protection and monitoring of

Our Audit experts
answer your questions