Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

High-Tech Bridge Launches Free Service for Testing Mobile Apps

Web security company High-Tech Bridge announced on Thursday the launch of a free online service that allows mobile application developers to test their iOS and Android apps.

Web security company High-Tech Bridge announced on Thursday the launch of a free online service that allows mobile application developers to test their iOS and Android apps.

Mobile X-Ray can test native and hybrid applications, including security and privacy aspects, using dynamic application security testing (DAST), static application security testing (SAST), data encryption testing for communications with APIs and web services, and behavioral analysis.

The service looks for the most common types of vulnerabilities, including ones covered by the OWASP Mobile Top Ten, and provides a user-friendly report that includes remediation guidance. The test results include examples of both insecure and secure code.

In the case of Android apps, developers can upload the APK to Mobile X-Ray, but iOS apps can only be tested if they are compiled as a Simulator app in Xcode.

A test scan conducted by SecurityWeek for the latest beta version of WhatsApp for Android revealed five high severity issues, including hard-coded encryption keys, the use of a weak initialization vector, the use of an intent filter, and the existence of a clear text database. While not all these weaknesses may be exploitable, the test informs developers of the potential issues they need to look into.

Mobile X-Ray scan

The assessment can take less than a minute, but it can also take up to a couple of hours, depending on application complexity and overall system workload.

“Mobile applications have become an inseparable part of everyday business and private life. In light of skyrocketing data breaches, many different research reports urge the enhancement of mobile application security and privacy,” said Ilia Kolochenko, CEO and founder of High-Tech Bridge. “Unfortunately, most developers just don’t have enough resources, time or budget to properly test their mobile app before going to production. At High-Tech Bridge, we are excited to fulfil this gap and offer a unique online service for the benefit of the cybersecurity community and independent developers.”

While the Mobile X-Ray tool can be highly useful for application developers, many critical vulnerabilities exist in backend systems, for which High-Tech Bridge recommends its ImmuniWeb Mobile product.

Data obtained by the security firm via its ImmuniWeb Mobile product shows that 88% of APIs and web services in the backend are affected by vulnerabilities that allow access to sensitive data, and 69% of APIs and web services do not include mechanisms for mitigating common web attacks.

Nearly all the Android applications tested by High-Tech Bridge had at least one vulnerability covered by the OWASP Mobile Top Ten, and more than 78% of them had at least one high and two medium risk flaws.

In the case of iOS apps, 85% were found to have at least one of the top OWASP vulnerabilities, and roughly 69% had at least one high and two medium risk security holes.

Related: Enterprise Mobile Apps Expose Sensitive Data via Backend Systems

Related: Vulnerabilities Found in Many Mobile Stock Trading Apps

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.