Mobile audit coverage
Mobile apps present specific risks beyond traditional web controls: insecure local storage, token management, reverse engineering and backend API vulnerabilities.
What is tested
- Storage: sensitive data stored insecurely on the device
- Communications: unencrypted traffic, certificate pinning, data leakage
- Authentication and sessions: token management, biometrics, session logic
- Credentials and secrets: hardcoded API keys, excessive permissions
- Backend & reverse engineering: API vulnerabilities and protection against reversing
Depth levels
QUICK SHOT
1 app. Basic validation of the most common risk vectors. Delivery in 24-48h.
STANDARD
1 app. Full MASVS review with static, dynamic and backend API analysis.
DEEP
iOS + Android. Reverse engineering, backend exploitation and full flow analysis.
Deliverables
Executive report for management and technical report for the team, both in bilingual PDF (ES/EN), with findings prioritised by impact and remediation guidance.