x Upload your application now for a free evaluation Start

Security Scanning

Ensure best practices and prevent information leakage

Application Analysis

Our automated technology allows developers and enterprises to upload their APK and receive a report on risks, potential liabilities, and remediation methods.

We apply industry best practices to assess risk of an application. i.e. reverse engineering, data leakage, and compliance.


Security Testing

We evaluate the APK to determine if the internal behavior of the application complies with security regulations. Such internal behavior can lead to information breach, permissions confusion, and injection of sensitive content, virus or advertisements. Our automated process includes:

  • Basic information
  • Permissions tests
  • Behavior tests
  • Sensitive word detection
  • Virus detection
  • Third party SDK detection
  • Advertisement SDK detection

Risk Assessment

We assess the risks of external attacks for the current APK implementation. Such areas of exposure are the most common type of security risks in the APK application environment, where illegal operations such as repackaging, theft of sensitive data and tampering of user data can happen. Our automated process includes:

  • Decompile to Java code
  • Decipher shared objects files
  • Tampering and repackaging
  • Dynamic injection attack
  • Interface hijacking
  • Input monitoring
  • HTTP transmission data
  • Webview store passwords in plaintext
  • Digital certificate in plaintext
  • Debug log function call
  • Resource file breach
  • Dynamic debugger attack
  • Activity component export risk
  • Service component export risk
  • Broadcast receiver component export risk
  • Content provider component export risk
  • Unverified application signature
  • Arbitrary backup of application data
  • Sensitive function call
  • Risk of dynamic debugging at java layer
  • Loading dex from SD cards
  • Implicit calls of Intent component

Vulnerability Scanning

We analyze the APK to determine if there are technical vulnerabilities with code implementation. Hackers can make use of such vulnerabilities to attack the application, perform unauthorized operations, cause the application to fail, and pilfer data. Our automated process includes:

  • Webview remote code execution
  • Database injection
  • Content provider data breach
  • Encryption method is not secure
  • HTTPS does not verify server certificate
  • Download any APK
  • Global read and write internal files
  • Denial of service attack
  • Internal network testing information
  • Webview bypass certificate validation
  • Random number is not secure
  • Intent scheme URL attack
  • Fragment injection attack

Start

Free Security Analysis

Upload your application apk now for a free evaluation.