Wednesday, 11 May 2016

Mobile app security checking in two parts with a lyrical afterword (Part I)

Checklist, Security, Scanner, Bigda.., oh sorry mistyping... The words are very familiar and popular. Let’s find out what they do mean.

Part one: Automatizzzzzzzzzze

Is there a way to do mobile app security checking automatically? Fully? Partly? What can be automatized?

HackApp Security Scanner performs static checks. And we are working to automate as much checks as possible.

Let’s review a checklist which should be passed to reveal a level of app potential danger for end users and vendors. OWASP published a Mobile Apps Checklist (the complete checklist can be found at OWASP website which contains 87 checks for Android and 74 checks for iOS. All the checks can be divided to those which are performed on the server side and those which are done on the client side (an app). Existing methods of checking app are static and dynamic.

During static checks a motionless mobile app is examined. The following things should be analyzed:

  • Constants,
  • Resources,
  • Methods,
  • Third-party libraries.

To perform dynamic checks we should run an app and do following things:
  • Altering server-client interactions,
  • Reverse protocol engineering,
  • Cryptographic mechanisms analyzing.

Statistic checks can be automatized pretty easily. We can code as well some of dynamic checks, for example: Proper SSL implementation, Account Lockout policy, different kinds of injections, etc. This is the good news. The bad news is that it is either difficult or very difficult to do the most of dynamic checks automatically, for example: Logic security (race condition and other), Input validation, Side channel data leaks, etc.

There are tools intended to help developers to test app security. Quite often the tools are open source and should be fine tuned prior to use. You should also tune your environment to run them. After many hours of blogs reading, tuning and installation they are finally ready to use. That are cons. There are some pros as well. Just in a couple of years you’ll get a nice conveyor to scan thousends of apps. It does not matter that you have just two or three apps to scan. It’s hard to stop once you started :)

While installing a new tool in your environment… are welcome to check what we have new.

HackApp Scanner is an online tool. One of its purposes is to perform static checks without pain, desperation and time wasting. It’s always ready to use. An app can be analyzed just in a couple of clicks.

So, there is a tool which does for us a part of our job. The tool is fast and always available. How does it work? You take an app and feed it to the scanner. The scanner produces a list of possible security issues in order of their severity: high security alerts, warnings, informative messages. Descriptions contain files/classes where issues were discovered and some other useful staff.

Finally! We have the list. What should we do next?


  1. At this link you will get lots of helpful articles and useful tips on this thematic.


  2. The blog or and best that is extremely useful to keep I can share the ideas
    of the future as this is really what I was looking for, I am very comfortable and pleased to come here. Thank you very much.
    tanki online | 2048 game|

  3. A nice article here, i think that people who have grown up with the idea of using computers are showing more responsibility towards writing posts that are thoughtful, do not have grammar mistakes and pertinent to the post..

    Dataware Housing Training in Chennai

  4. Thanks for your information, now in this new version there are so many new feature and bugs fix.

    gclub online

  5. Interesting blog about mobile app security checking which attracted me more.Spend a worthful time.keep updating more.
    SEO Company in India

  6. Mobile application users who frequently interface with untrusted open remote systems are especially in danger, both from rebel get to focuses and from different clients of the remote system. What a great guide in such simple way, one of my friend is a mobile app developer and he suggested me to read your blog for mobile app security checking list.

  7. Mobile application users who frequently interface with untrusted open remote systems are especially in danger.

    ทางเข้า maxbet

  8. It is very useful for me to have gathered some important information from these sources.




  9. a pride for me to be able to discuss on a quality website because I just learned to make an article on
    cara menggugurkan kandungan

  10. Thanks for your information, now in this new version there are so many new feature and bugs fix.




  11. I like to read your blog post with great information. I get a good idea from this wonderful blog.
    แทงบอล sbobet

  12. This wonderful site has all the information I need about this and do not know who to ask.




  13. Very useful article on mobile app security loopholes and measures.

    Thanks a lot :)

    Kamal Technologies - Best Angular Training Institute in Chennai

  14. Use of mobile device Anyone can use it, whether it is children, adults or old people. Gclub


  15. السلام عليكم ورحمة الله وبركاته اما بعد ، اهالي المنطقبة الشرقيه بالمملكة العربية السعوديه يسر شركة شام للخدمات المنزليه ان تعلن لجميع اهالي المنطقه عن بدأ تقديم خدماتها الخاصه بالمسابح للموسم الصيفي الجديد وذلك من خلال فروعا في مدينة الدمام ومدينة الخبر ومدينة القطيف ومدينة الجبيل ، واما عن فرعنا في مدينة الدمام فسوف تجدونه علي المتصفح تحت اسم
    شركة تنظيف مسابح بالدمام
    وايضا تحت اسم
    شركة صيانة مسابح بالدمام
    مقترنا برقم هاتف مندوبنا بالدمام لذل فللفحصول علي اي خدمه تخص المسابح تنظيفها او تشغيلها او صيانتها فليس عليك الا التصال بنا وسوف نصلك فورا ، واما اذل كنت من اهل مدينة الخبر وتحتاج الي ان تستفيد من خدماتنا في مدينة الخبر فسوف تجدنا علي المتصفح تحت اسم
    شركة صيانة وتنظيف مسابح بالخبر
    وفي هذا الفرع نسعد بتقديم كل الخدمات التي تخص المسابح لاهالي الخبر من خدمات تنظيف او صيانة او تشغيل برك السباحه ،ولاننا قد عملنا في شركة شام علي تغطية المنطقة الشرقيه كافه فقد حرصنا علي ان يكون لنا فرع في مدينة القطيف يختص بتقديم خدمات المسابح لجميع اهالي مدينة القطيف والذي سوف تجدونه علي المتصفح تحت مسمى
    شركة تنظيف وصيانة مسابح بالقطيف
    وهنا سوف تجدون كل ما يخص المسابح من خدمات تنظيف المسابح بالقطيف وصيانتها وتشغيلها ‘واما عن مدينة الجبيل فلنا ايضا هناك فرع يختص بتقديم خدمات المسابح لجميع اهالي الجبيل من تنظيف وصيانه وتشغيل وهذا الفرع سوف تجدونه علي المتصفح تحت اسم
    شركة صيانة وتنظيف مسابح بالجبيل
    بهذا اعزائي نكون في شركة شام قد استطعنا ان نغطي كافة انحاء المنطقة الشرقيه وتقديم كافة خدمات المسابح التي يحتاجها اهالي المنطقه باحدث الاساليب والطرق العلميه وباستخدام افضل مواد التنظيف واحسن اجهزة ومعدات الصيانه والتعقيم ، فلا تقلق عزيزي العميل ولا تحتار فشركة شام هي افضل اختيار .

  16. I really appreciate the kind of topics you post here. Thanks for sharing us a great information that is actually helpful.
    iOS Course Chennai
    mobile application development training in chennai

  17. Thanks for sharing this useful information.
    Azure Training in Chennai

  18. Learned a lot of new things from your post! Good creation and HATS OFF to the creativity of your mind. Very interesting and useful blog!
    RPA Training in Chennai
    Robotics Process Automation Training in Chennai


  19. عندما تستعين بشركة متخصصة في عمل التنظيف الخاصة عندما تكون الشركة لها سمعة طيبة في مجال التنظيف ستحصل على منزل براق وأرضيات و حوائط نظيفة تماما مع الحفاظ على ألوانها من مواد التنظيف لنظافة شيئا ضروريا وخاصة عند تواجد اطفال صغار يخشي عليهم من الاتربة
    شركة تنظيف فلل بالرياض
    شركة تنظيف موكيت بالرياض
    شركة تنظيف كنب بالرياض
    شركة تنظيف واجهات بالرياض
    شركة تنظيف ستائربالرياض
    ارخص شركة تنظيف منازل بالرياض

  20. I have never read more interesting articles than yours before. You make me so easy to understand and I will continue to share this site. Thank you very much and more power
    AngularJS Training in Chennai
    AngularJS Course in Chennai
    AngularJS Training