HackApp is a web based service designed for mobile apps' static security analysis. It identifies critical and suspicious information in a bundle, such as:
- Certificates and keys,
- Authentication secrets,
- License Control,
- Compilation flaws.
- Tool for software piracy,
- AntiVirus system.
The main goal is to find information disclosure, which can be used in attacks against app's users or vendor's infrastructure.
How to use it ?
At first, you have to sign-in, using your Twitter or LinkedIn account:
Then you will see a dashboard - the home page for logged users:
- Here you can add apps by clicking button "Add app". If you want to get apps directly from iTunes, use link to the app's page, such as https://itunes.apple.com/cn/app/betaround/id553850953 (Only free apps are supported). Or you can just upload a *.ipa bundle.
- Then you click 'Analyse'.
- HackApp will download and analyse your app. Usually it takes about 2-3 minutes.
- When the app changes status to 'Completed', you can open report by click on the app's name:
Here you can see basic app info (version, drm, etc), browse the bundle as a directory and get info about bugs:
That's it, all you need to know for start. If you will find any bugs in our's system you can always report it to our twitter: @hackappcom