Crest Logo
Crown Commercial Supplier logo

Keep the device and applications secure

Mobile application penetration testing is a specialised form of security assessment focused on evaluating the security of mobile apps.

The primary objective of this testing is to identify and exploit vulnerabilities within the mobile app environment, which includes the app itself, the device it runs on, and its interactions with web services and APIs.

What is tested?

Here are the key areas typically examined during a mobile application penetration test:

This involves testing how the mobile application processes and validates input from users. The goal is to detect vulnerabilities that could be exploited through input manipulation, such as SQL injection or cross-site scripting (XSS).

The test assesses how data is stored and protected on the mobile device. This includes examining data encryption mechanisms, access controls, and any potential exposures that could lead to data leakage or unauthorised access.

This area scrutinizes the security of data as it travels over the internet to and from the mobile device. It focuses on the implementation and effectiveness of encryption protocols, such as SSL/TLS, to protect data in transit from interception or manipulation.

Since many mobile apps interact with back-end web services, penetration testing also covers any APIs that the app uses. This involves checking for vulnerabilities that could allow unauthorised access to or manipulation of API functions, which might include issues with authentication, authorization, or data handling.