How to Uncover Mobile App Security Flaws

By Kevin Beaver

In addition to running a tool such as CxSuite to check for mobile app vulnerabilities, there are several other things you’ll want to look for including:

  • Cryptographic database keys that are hard-coded into the app

  • Improper handling of sensitive information such as storing personally-identifiable information (a.k.a. PII) locally where the user and other apps can access it

  • Login weaknesses, such as being able to get around login prompts

  • Allowing weak, or blank, passwords

Note that these checks are mostly uncovered via manual analysis and may require tools such as wireless network analyzers, forensics tools, and web proxies, respectively. As with IoT, the important thing is that you’re testing the security of your mobile apps. Better for you to find the flaws than for someone else!