When you download a mobile app you sometimes get more than you bargained for, Uber’s app that tracked iPhone users for example. It can be hard to know exactly what apps on your phone are up to.
Now though, application security testing company High-Tech Bridge is launching a free ‘Mobile X-Ray’ service for developers that analyses native and hybrid iOS and Android apps and detects the most common weakness and vulnerabilities.
According to High-Tech Bridge at least one Open Web Application Security Project (OWASP) top ten vulnerability is found in 97 percent of Android and 85 percent of iOS apps. In addition 88 percent of API and web services used in mobile back ends contain exploitable vulnerabilities allowing access to sensitive or confidential data.
The service tests for known vulnerabilities as well as looking at behavior, such as camera, microphone, SMS or calendar access. It produces a user friendly report along with guidance on how to stay secure.
Ilia Kolochenko, CEO and Founder of High-Tech Bridge, says:
Mobile applications have become an inseparable part of everyday business and private life. In light of skyrocketing data breaches, many different research reports urge to enhance mobile application security and privacy. Unfortunately, most developers just don’t have enough resources, time or budget to properly test their mobile app before going to production. At High-Tech Bridge, we are excited to fulfill this gap and offer a unique online service for the benefit of the cyber security community and independent developers.
We should however, keep in mind that the most dangerous and detrimental vulnerabilities mainly lay in the mobile backend that can be reliably detected using ImmuniWeb Mobile. It also provides advanced manual testing of business logic and identify other complicated flaws undetectable in full automation.
You can try out the Mobile X-Ray tool for yourself on the High-Tech Bridge site.