Mobile Application Penetration Testing

Total Cyber Attacks In 2020
+ 0 %
Cyber Attacks Compared to 2014
+ %
Phishing / Social Engineering Campaigns Compared to 2018
Monthly Cyber Attack Average

Argo cyber security

Why choose us

Argo Cyber is a project with a high technological and specialized component unique of its kind.

Using advanced IT technologies, it identifies innovative and customized solutions for its customers.

Mobile Application Penetration Testing

In the ever-changing world of technology, mobile applications are becoming more prevalent than ever, and this evolution has created a full range of new attacks that were not relevant in the world of classic web applications.

During our Mobile Application Penetration Testing a multitude of attacks are simulated, both application attacks and more specific attacks dedicated to mobile devices. The test simulates a real attacker and allows you to have a detailed overview of the risks and impacts on the business following the compromise of the application and any sensitive / critical data managed by it.


Argo Cyber constantly invests in certifications to improve the level of services offered thus guaranteeing the utmost professionalism and safety to its customers.

Mobile Application Penetration Testing

Stages of The Activity

Our MAPT consists of four phases: Static Analysis, Dynamic Analysis, Network Flow Analysis and Reporting. Everything starts with the complete installation of the application package (the binary of the mobile application: for example, app.apk, app.ipa, etc.) and then performs a complete check of all the various application features available.

It begins by analyzing all the metadata of the application package and a reverse engineering of the mobile application binary is then performed (where possible) in order to obtain the pseudo source code and identify any sensitive data stored within it.

The activity continues by analyzing where sensitive data is required, how they move within the application, how they are used and so on. In particular, we will examine where and how the application handles sensitive information, whether the application is correctly using native APIs and whether user credentials, session tokens, personal information and / or any other sensitive data are stored securely. As part of this analysis, checks will be carried out that will examine the memory to ensure that sensitive data is properly deleted from the application. During this testing phase, we will attempt to access hidden features, as well as attempt to escalate privileges. Another point of observation of great importance will be the validation of the data: any open port, interface, IPC channel and any other input method that can be exploited by an attacker will be identified and verified. A diagram is constructed of how these components work together; a diagram that will be used during the rest of the assessment.

In addition, the communication between the mobile application and all remote systems / services will be examined. Traffic analysis will focus on uncovering vulnerabilities related to information disclosure, tampering with data in transit, authentication, session management and other related vulnerabilities.

The test is performed on physical mobile devices, as well as through the use of emulators – depending on the type of application and functionality. The activity uses as a reference point what is defined by the OWASP Top 10 Mobile Vulnerabilities.

At the end of the MAPT a detailed report is drawn up containing the identified vulnerabilities (with relative details of the software / service concerned, screenshot, type of vulnerability, level of criticality, and possible remediation actions).

Contact us for more information

800 800 070

Available H24

Via S. Pietro All’Orto 9, Milano
Via dei Gracchi 32, Roma