Bonsai Information Security - Android Penetration Test

Android Application
Penetration Testing

Due to a constant rising in mobile technologies, more companies are developing applications for this scenario. The corporations are seeking to align the use of these new technologies. The incorporation of these platforms enables them to adapt changes quickly, expanding their business and reaching new markets.

Among the mobile OS's, Android, is considered to be one of the highest quality environment for application development.

Even so, there may be threats into applications developed for this platform, which directly impact on security, especially in regards to those who handle sensitive information of both customers and the organization.

Android Application Penetration Test service aims to: raise the security level of applications developed in this platform, detecting potential vulnerabilities that could generate risk to the company.

Our methodology includes the analysis of file permissions, processes, databases, system calls, HTTP Requests, Webservices used and logic operations specific to the application. Thus, it would detect possible security breaches that would be reported with strategic recommendations that seek to mitigate them.

Furthermore, this analysis is usually combined with Source Code Analysis, which is used as a support for the tests made on the application.


Common vulnerabilities identified during an Android Application Penetration Test:

  1. Web Application Vulnerabilities
  2. Insecure Password Storage
  3. Information Disclosure
  4. Manifest Privileges
  5. Insecure File Permissions
  6. Resource exhaustation (DoS)

Deliverables

Our deliverables include the following:

  1. Technical report
  2. Tools and scripts needed to reproduce the vulnerabilities
  3. Executive summary
  4. Strategic recommendations