We earn commission when you buy through affiliate links.
This does not influence our reviews or recommendations.Learn more.
Test if your Mobile App has anysecurity flawsand fixes them before it damages your business reputation.
Mobile usage is growing, and so are Mobile Apps.
There are around 2 million apps on Apple App Store and 2.5 on Google Play.
The latest research shows that 38% of iOS and 43% of Android apps had high-risk vulnerabilities.
Some abbreviations are used in this post.
App-Ray
Keep vulnerabilities at bay by using the security scanner byApp-Ray.
It can check your mobile applications from unknown sources and provides a reputation by integration with EMM-MDM/MAM.
The scanner can detect threats before they harm your data and prevents you from installing malicious apps.
Integrate your applications with vulnerability analysis while building them.
Their REST API lets you perform analysis automatically and elegantly.
you could also trigger actions in case you detect any issue to prevent possible risks.
App-Ray employs multiple analysis techniques static as well as dynamic and behavior-based analysis.
Static code analysis is employed for coding problems, encryption-related issues, data leaks, and anti-debugging techniques.
Similarly, dynamic and behavior-based analysis is done for instrumental and unmodified testing, accessing communication files, etc.
App-Ray supports iOS and Android platforms.
Codified Security
Detect and quickly fix security issues usingCodified.
Just upload your app code and use the scanner to test it.
It gives a detailed report highlighting security risks.
Codified is a self-serve security scanner.
It means you are required to upload your app files into its platform.
It is capable of integrating with delivery cycles seamlessly.
Their security reports are professional and highlight clear details on all the risks associated with your mobile apps.
Codified supports IPA and APK uploads.
It facilitates static, dynamic, and 3rd-party library tests.
you’re free to use the app for malware analysis, pen testing, security assessment, etc.
It can perform both types of analysis static and dynamic.
MobSF provides REST APIs so you might integrate your DevSecOps pipeline or CI/CD seamlessly.
It supports mobile app binaries such as IPA, APK, and APPX in addition to zipped source codes.
Dexcalibur
Dexcaliburis a reverse-engineering Android scanner that focuses on instrumentation automation.
Its purpose is to render the executed function.
It can also render what function can be executed based on call stack depth or configuration value.
It helps you to read cleaner bytecode versions by removing opaque and goto predicates that are useless.
At present, StaCoAn supports APK files only, and IPA files would be available soon.
As you could guess, it is open-source.
StaCoAn includes a drag-and-drop feature for your mobile app file so you might generate a portable and visual report.
you could even customize wordlists and options for a better experience.
These reports are easy to browse through a decompiled app.
Using the loot function, you might bookmark valuable findings.
you’re free to also view all your findings on the provided page.
StaCoAn supports different file types such as Java, js, XML, and HTML files.
Its database comes with a table viewer where you’re free to search the database files for keywords.
It might support Linux and Windows with minor adjustments.
Ostorlab
Ostorlablets you scan your Android or iOS app and give you detailed information on the finding.
Quixxi
Quixxiis focused on providing mobile analytics, mobile app protection & recovery of revenue loss.
The scan may take a few minutes, and once done, you will get a vulnerability report overview.
SandDroid
SandDroid performs static and dynamic analysis and gives you a comprehensive report.
you might upload APK or zip files with a maximum of 50 MB.
SandDroid is developed by the Botnet research team & Xian Jiaotong University.
It currently performs checks on the following.
ImmuniWeb
An online Android and iOS app scanner byImmuniWebtest system against OWASP mobile top 10 vulnerabilities.
It performs static and dynamic security tests and provides an actionable report.
you could download the report in PDF format, which contains the detailed analysis results.
If you are a security professional, you may be interested inlearning Mobile penetration testing.
Here are 8 tips for better mobile security.
