Mobile apps that survive a jailbroken device
iOS and Android tested to OWASP MASVS — reverse engineering, runtime manipulation, certificate pinning, keychain abuse and backend communication.
Who is it for?
- Mobile banking
- Fintech apps
- Health and patient apps
- Consumer apps with payments
- B2B mobile clients
Outcomes
OWASP MASVS Level 2 coverage
All 8 MASVS categories tested — storage, crypto, auth, network, code quality, resilience, privacy and platform interaction.
Reverse engineering check
Obfuscation, anti-debug, anti-tamper, certificate pinning. We try to defeat them all and show you what held up.
Runtime manipulation
Frida hooks, method swizzling, root/jailbreak bypass — we test what a determined attacker would actually do.
Backend (API) tested too
Mobile apps are only half the story — we test the backend that serves them, end to end.
Store-submission checklist
Bonus: we flag things that will trip Apple/Google review and delay your release.
Free retest
One retest within 30 days — we verify the fixes and update the report.
OWASP MASTG + manual testing
- 01
Scoping
Platforms (iOS/Android), app versions, test accounts, device requirements, out-of-scope features.
- 02
Static analysis
Decompile, review source/pseudo-source, find hardcoded secrets, insecure crypto, misuse of APIs.
- 03
Dynamic analysis
Runtime instrumentation, traffic interception, file system inspection, authentication flows.
- 04
Report & retest
Report in 5 business days with PoCs. Free retest within 30 days.
Frequently asked questions
Do we need to provide the source code?
iOS, Android or both?
How long does it take?
Do you test production backends?
Will you sign an NDA?
Scope your mobile pentest
Tell us the platform and scope — we will come back with a plan and price within one business day.