During these audits, a decompilation of the APK is done in order to perform a static analysis. In addition, a dynamic analysis is carried out to verify the proper functioning of security mechanisms specific to Android.
The first part of the Synetis methodology consists of a complete static analysis whose main goal is to disassemble the application in order to reveal implementation security weaknesses at the level of the application source code, secrets and sensitive information directly accessible in the configuration files.
The second part of the audit consists of dynamic analysis, the aim of which is to test the behavior of the application with respect to the use of the application by an attacker, such as injection attempts to exploit vulnerabilities such as SQL Injection, Cross-Site Scripting and many others.
Combined with these tests, vulnerability searches are also carried out on the backend of the servers communicating with the application via APIs and other means.