Skip to content

Mobile Scan Profiles

Ostorlab offers different mobile scan profiles to cater to various security testing needs for Android and iOS applications. These profiles vary significantly in their depth, focus, and the analysis techniques employed.

Full Scan

A deep-dive analysis of mobile binaries and their interaction with backend services (Static + Dynamic + Backend).

Key Features

  • Static Analysis (SAST) of application code and assets.
  • Insecure cryptography & hardcoded secret detection.
  • Insecure programming patterns & sensitive API usage audit.
  • Dynamic analysis of application behavior at runtime.
  • Backend API fuzzing & communication security analysis.

Fast Scan

A lightweight, rapid static analysis profile optimized for quick feedback during development cycles.

Key Features

  • Rapid identification of common configuration errors.
  • Detection of hardcoded API keys, tokens, and secrets.
  • Analysis of vulnerable programming patterns in source/bytecode.
  • Fast Software Composition Analysis (SCA) for third-party SDKs.

Mobile Deep Agentic Scan

AI-driven autonomous assessment that uncovers complex vulnerabilities within mobile application logic.

Key Features

  • Chaining of local application flaws with backend vulnerabilities.
  • Automated identification of sophisticated attack paths.
  • Validation of findings through runtime Proof-of-Concept exploits.
  • AI-assisted navigation of complex application workflows.

Mobile Single Vulnerability Assessment

Targeted validation of mobile-specific security risks and vulnerabilities.

Key Features

  • Targeted validation of reported mobile vulnerabilities.
  • Confirmation of exploitable flaws (e.g., Deep Link hijacking, Insecure IPC).
  • Detailed impact verification for specific risk findings.

Mobile Shielding Scan

A specialized assessment focused on the effectiveness of application hardening and anti-tampering measures.

Key Features

  • Obfuscation quality and coverage analysis.
  • Anti-tampering & integrity check effectiveness.
  • Anti-debugging & root/jailbreak detection validation.
  • Analysis of code protection and environment shielding mechanisms.

Privacy Scan

A compliance-focused scan identifying privacy risks and unauthorized data exfiltration.

Key Features

  • Detection of exposed PII (Personally Identifiable Information).
  • Analysis of data flows to third-party trackers and SDKs.
  • Audit of inadequate encryption for data-at-rest and in-transit.
  • Verification of permission usage vs. privacy policy compliance.