Please enable JavaScript in your browser in order to use this page

Upload your mobile app or Hide from Latest Tests Check for Malware Provided "as is" without any warranty of any kind Provided "as is" without any warranty of any kind tests running tests in

24 hours

How-To Test Below are simple instructions on how to use Mobile App Security Test for your Android and IOS applications. Android Applications All you need is a valid APK archive for the application. APK's can either be compiled from the application source code, or, if already in Google Play market, downloaded via F-Droid or androidappsapk.co. Please follow the steps below to test Android APK: Click on "Choose file" button and select the APK, file upload will start immediately.

Click on "Choose file" button and select the APK, file upload will start immediately. Once uploaded, the test will take approximately ten minutes, depending on application size and complexity, as well as our current system load.

Once uploaded, the test will take approximately ten minutes, depending on application size and complexity, as well as our current system load. Once the test is finished, you will be provided with a detailed report. The report is located on a secret link available only to you. The report is stored for your convenience for 90 days and then automatically deleted. You can delete the report yourself just after the test. iOS Applications All you need is a valid IPA archive for the application compiled as a Simulator App (see below). Please follow the steps below to test iOS IPA: Click on "Choose file" button and select the IPA, file upload will start immediately.

Click on "Choose file" button and select the IPA, file upload will start immediately. Once uploaded, the test will take approximately ten minutes, depending on application size and complexity, as well as our current system load.

Once uploaded, the test will take approximately ten minutes, depending on application size and complexity, as well as our current system load. Once the test is finished, you will be provided with a detailed report. The report is located on a secret link available only to you. The report is stored for your convenience for 90 days and then automatically deleted. You can delete the report yourself just after the test. How to compile your iOS app as a Simulator App: 1. Run XCode and open your project;

2. Right-click your Project Name and select "Show in Finder.";

3. Right-click YourProject.xcodeproj and navigate to "Open With > Terminal";

4. Run "cd .." - your current working directory is now your project's main directory;

5. Determine which iPhone Simulator you can build to by running "xcodebuild -showsdks";

6. Build your app with the following command "xcodebuild -arch i386 -sdk iphonesimulator{version}";

7. Go to build/Release-iphonesimulator and zip file YourProject.app;

About the Service Mobile App Security Test is a free product available online, provided and operated by ImmuniWeb. The service can test mobile applications for the following platforms: Android

Android Native Applications

Native Applications Hybrid Applications (Cordova, PhoneGap, React, Xamarin) iOS

iOS Native Applications

Native Applications Hybrid Applications (Cordova, PhoneGap, React, Xamarin) It promptly detects the wide spectrum of most common weaknesses and vulnerabilities, including OWASP Mobile Top 10, and provides a user-friendly report with the discovered issues. We provide the following automated tests of the mobile application: Static Application Security Testing (SAST)

Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST)

Dynamic Application Security Testing (DAST) Behavior Testing for malicious functionality and privacy

Behavior Testing for malicious functionality and privacy Software Composition Analysis

Software Composition Analysis Mobile Application Outgoing Traffic

Mobile Application Outgoing Traffic Mobile App External Communications Please note, that the most dangerous vulnerabilities usually reside in the mobile back end (i.e. Web Services and APIs) and not in the application. Therefore, to complement your mobile security testing we strongly encourage you to thoroughly test the backend via ImmuniWeb® MobileSuite. SAST Mobile App Security Test performs Static Application Security Testing (SAST) to detect the following weaknesses and vulnerabilities: DAST Mobile App Security Test performs Dynamic Application Security Testing (DAST) to detect the following weaknesses and vulnerabilities: Behavioral Mobile App Security Test performs behavioral testing to detect when mobile application tries to access some sensitive or privacy-related functions: Software Composition Analysis The mobile application uses third-party libraries that may represent a security and privacy risk if they come from untrusted source or are outdated. Trusted and commonly accepted libraries (e.g. Google SDK, Facebook SDK, Signal SDK) are not displayed. Mobile App External Communications Specific SAST test reveals all remote hosts present in the source code of the mobile application where the application may connect to send or receive data at occurrence of a specific event (e.g. user action). Mobile Application Outgoing Traffic Specific DAST test provides a comprehensive list of all HTTP/S requests sent by the mobile application without interaction with user.