Mobile Application Security tests Android and iOS applications for OWASP Mobile Top 10 vulnerabilities, data storage issues, insecure API communication, and other mobile-specific risks.
Mobile application security analyzes Android (APK) and iOS (IPA) apps for vulnerabilities: insecurely stored sensitive data (SharedPreferences, Keychain), insecure API communication, weak authentication, lack of certificate pinning, vulnerable business logic, incorrectly obfuscated code, excessive permissions, and backdoors. The MICAN.ro team tests mobile applications of companies in Romania using reverse engineering, dynamic analysis, and API testing.
Static analysis: APK/IPA decompilation (APKTool, jadx, Hopper), code analysis (hardcoded secrets, weak cryptography, vulnerable webviews). Dynamic analysis: running on emulator/jailbroken device (Frida, Objection, Xposed), SSL traffic interception (mitmproxy, Burp Suite + certificate pinning bypass), runtime behavior analysis, app modification (patching, repackaging). We test backend API for mobile-specific vulnerabilities (lack of rate limiting, IDOR, broken authentication).
Mobile applications in Romania store extremely sensitive data: banking credentials, personal data, authentication sessions, medical information. A vulnerability in your app can expose all this data. Unlike web, mobile apps run on devices where the user (or attacker) has full control - they can be decompiled, modified, and run in controlled environments. Mobile Security identifies what an attacker can extract from your app.
Companies in Romania developing mobile applications: fintech, banking, e-commerce, healthcare, insurtech, platforms with authentication, apps processing payments or personal data, or organizations with compliance requirements (PCI DSS, GDPR) for mobile applications.