Mobile App Pentest

New technologies always pose new security risks and mobile computing is no exception. We help you eliminate attack opportunities on your mobile apps with a pentest.

Definition and Explanation

What is Mobile App Penetration Testing?

Mobile App Penetration Testing is a process for evaluating the security of mobile applications - app for short. We perform mobile pentesting according to the OWASP Mobile Security Testing Guide. Digital business models, processing of sensitive information and secure handling of interoperability between different APIs make analysis essential.

iOS and Android Pentesting

Penetration Testing for all Mobile Applications

Our mobile app penetration testers have a background in infrastructure and web penetration testing, a quality that is necessary for mobile app testing because almost every app communicates with a backend system. This expertise is essential because it allows us to test the full spectrum of native apps, hybrid apps, web apps, and progressive web apps.

Mobile Cyber Security

Protect your Users from Criminals with Cyber Security!

We ensure that third-party use of user data such as messages, personal data, address books, location and movement profiles is not possible.

Holistic view of the Interfaces: The security of the interacting servers as well as the interface between the mobile device and the server must be extensively tested to ensure smooth interoperability.
Mobile Specific Testing: We ensure that third-party use of user data such as messages, personal data, address books, location and movement profiles is not possible.
Static and Dynamic Analyses: The checks cover static and dynamic analyses.

Customized Pentest!

We Perform Pentests based on Recognized Standards and Guidelines

Our processes are aligned with the Federal Office for Information Security's (BSI) practical guide for pentests and with the EU's Data Protection Regulation (GDPR).

Standard OWASP MASVS: Mobile app testing is performed according to the MASVS (Mobile Application Security Verification Standard) categorization.
OWASP Mobile Top 10: The OWASP Mobile Top 10 is a list of the most pressing vulnerabilities you should protect mobile apps from.
Testing Medical Products and Health Apps: We have experience in testing medical devices and digital health applications for DiGa accreditation.

Learn more about Performing Penetration Tests with turingpoint!

More information

Penetration Test for all Mobile Apps

IT Penetration Test Modules for iOS and Android

Basically, the longer our security engineers subject your app to a penetration test, the more meaningful the results. If you have special requirements, we will be happy to make you an individual offer.

Architecture, Design and Threat Analysis: The functional scope and security functions must be clearly defined and known for each component of the app. Most apps communicate with interfaces, so appropriate security standards must also be implemented for these API endpoints.
Data storage and Data Protection: Protecting sensitive data such as user credentials and private information is a focus in mobile security. Data leaks can occur unintentionally in cloud data storage, backups or the keyboard cache. In addition, mobile devices can be more easily lost or stolen.
Cryptography: Cryptography is an essential cornerstone for protecting data stored on mobile devices. However, it is also a category where many things can go wrong, especially if standard conventions are not followed. The category is intended to ensure that a verified app uses cryptography best practices.
Network Communication: The purpose of this category is to ensure confidentiality and integrity of transmitted data between mobile app and remote server. To do this, a mobile app must establish a secure, encrypted channel for network communication using the TLS protocol with adequate TLS settings.
Platform Interaction: The requirements from this category are intended to ensure that platform components and standard components are used by the app in a secure manner. In addition, the requirements also cover the communication (IPC) between apps.
Code Quality and Build Settings: The goal of this category is to ensure that basic security practices are followed during app development and that the included compiler security features are enabled.
Manipulation Security: This category covers defense-in-depth measures recommended for apps that contain access to sensitive data or sensitive functionalities. If these measures are not implemented, this does not immediately lead to a vulnerability, but the measures increase the robustness of the app against attacks and reverse engineering.