Mobile Application Vetting

Data Theorem’s Mobile Application Vetting service (OpenScan) provides in-depth security analysis for iOS and Android applications before they land on end-user employee or executive devices. OpenScan can identify security vulnerabilities, privacy issues, and app hardening posture of any given App in the App Store or Play Store. Using a combination of static (SAST), dynamic (DAST), and behavioral analysis techniques, OpenScan assesses both the application package and its runtime behavior to uncover an app’s security posture.

Key Capabilities:

• Static Analysis (SAST): Decompiles and inspects application binaries (APK/IPA) to detect hardcoded credentials, insecure configurations, sensitive data exposure, and insecure API usage.
  
  
• Dynamic Analysis (DAST): Executes the application in a controlled environment to monitor runtime behaviors such as unauthorized data access, insecure network communications, improper encryption, and reverse engineering resistance.
  
  
• Third-Party Library & SDK Inspection: Identifies outdated, vulnerable, or risky third-party libraries and SDKs embedded in the app.
  
  
• Compliance Validation: Maps findings to frameworks including OWASP Mobile Top 10, NIST, HIPAA, PCI DSS, and custom enterprise policies.
  
  
• Cryptographic Review: Verifies the proper implementation of cryptographic algorithms, key management, and secure storage.
  
  
• Network Traffic Inspection: Analyzes data in transit to identify plaintext transmissions, certificate pinning weaknesses, and man-in-the-middle (MITM) attack vectors.
  
  

Deliverables:

• Comprehensive technical analysis & app hardening ratings
  
• OWASP Mobile Top 10 and compliance mapping
  
• Option for vendor out-reach & issue remediation

OpenScan ensures mobile applications are vetted before they’re installed on employee or executive devices, safeguarding corporate & end-user sensitive data.