Smartphone Application Vulnerability Assessment │ Gehirn Inc.

Smartphone Application Vulnerability AssessmentAnalysis of package files and vulnerability assessment for APIs

Analyze package files and perform vulnerability assessment for APIs used by the application.

We provide highly accurate results by using a combination of manual assessment by experienced assessors and supplementary assessment with tools. After the diagnosis is complete, a detailed report on the discovered vulnerabilities is prepared, and the reproduction procedure and countermeasures against the vulnerabilities are reported in detail.

Diagnostic Prodecure

01. Preparation

Based on the customer's specifications, we will examine the system behind the application, the scope of the diagnosis target, and the diagnosis policy. We will then send you a quote.
※ If a confidentiality agreement is required, it will be signed prior to the quote.

02. Contract procedures and coordination of diagnosis date and time

Coordinate the diagnosis date and time and complete the contract procedure.

03. Perform Diagnosis

At Gehirn, we mainly conduct manual assessments, with tool assessments as a supplement. From the attacker's point of view, we use our own methods to find vulnerabilities that cannot be detected by tools alone.

04. Complete Analysis and Prepare Report

The severity of the vulnerability risk is determined based on the expert knowledge of Gehirn's assessors, and a report is prepared on what kind of problems the vulnerability could cause by hypothesizing specific scenarios. After submitting the report to the customer, the customer decides whether or not to modify the software, and a re-diagnosis is conducted after the modification.

Typical Vulnerability Diagnostic Items

Android

Application Analysis

Application Package Analysis

Manifest Files and Request Permissions

Activity Abuse

Misuse of Broadcast Receivers

Abuse of Content Providers

Misuse of Services

Databases

File Management

External Storage

System Log

WebView

Cryptography and Hashing

Network & Server-side Analysis

Security on communication and communication paths (HTTP)

Server-side Security

Automated Analysis: Combined with Manual Diagnosis

Other *

Payment Services

Communication (Analysis of Proprietary Protocols)

Cheats in the Local Environment

※ If requested, these item can also be included in the diagnosis.

iOS (iPhone)