Skip to content

Mobile Scan Profiles

Ostorlab offers different mobile scan profiles to cater to various security testing needs for Android and iOS applications. These profiles vary significantly in their depth, focus, and the analysis techniques employed, ranging from quick static checks to comprehensive dynamic and privacy assessments. Understanding these profiles helps in selecting the most appropriate scan for specific requirements.

Fast Scan

Fast Scan provides an efficient security assessment of mobile applications, focusing on static analysis to quickly identify common security issues. It includes anti-virus scanning and deep code analysis capabilities.

Overview and Capabilities

  • Static Analysis:
    • Performs rapid static analysis using specialized rules and multiple scanning engines to identify configuration issues, potential hardcoded secrets, and vulnerable programming patterns.
    • Scans application code for security vulnerabilities.
    • Examines application structure, configurations, and resource files for security weaknesses.
    • Identifies insecure coding patterns and practices.
  • Security Configuration Analysis:
    • Analyzes network security configurations (platform-specific checks like Android network security or iOS App Transport Security) and communication settings.
    • Reviews permission settings and access control mechanisms.
    • Checks URL scheme handling and intent configurations.
    • Examines basic certificate handling and cryptographic implementations.
  • Vulnerability Detection:
    • Identifies hardcoded secrets and credentials in application code using multiple detection techniques.
    • Detects insecure data storage patterns.
    • Finds potential information disclosure vulnerabilities.
    • Checks for improper platform usage and insecure API implementations.
    • Includes checks against known malware signatures using anti-virus scanning.
  • Dependency Scanning:
    • Identifies third-party libraries present in the application.
    • Validates identified dependencies against known vulnerability databases.
    • Checks for outdated components with published security issues.
    • Identifies dependency confusion risks.
    • Analyzes application features and binary components.

The Fast Scan focuses on identifying common vulnerabilities through comprehensive static code analysis and configuration checks. It's ideal for quick security assessments, finding insecure coding practices, dependency issues, configuration errors, and known malware signatures.

Full Scan

Full Scan delivers comprehensive security testing by combining both static and dynamic analysis techniques, providing a deeper assessment.

Overview and Capabilities

  • Complete Static Analysis Suite:
    • Includes all static scanning capabilities from the Fast Scan.
    • Adds deeper code analysis with multiple specialized static scanning engines.
    • Thorough examination of application resources, configurations, and platform-specific features.
  • Dynamic Analysis & Interaction:
    • Automatically interacts with the application using an intelligent automation engine that simulates user actions to test real user flows (e.g., Login, Sign up, Money transfers, Profile updates).
    • Tests multiple execution paths through the application.
    • Provides different runtime analysis options based on app technology, including hooking application methods to analyze runtime behaviors and report vulnerable patterns (e.g., related to FileSystem, Crypto, Database interactions), and traffic interception.
  • Runtime Security Testing:
    • Monitors runtime application behavior.
    • Identifies vulnerabilities that only manifest during runtime (e.g., insecure handling of runtime data).
    • Observes how the application handles unexpected inputs during automated interaction.
    • Tests security controls under realistic conditions.
  • Network Security Analysis:
    • Intercepts and analyzes all network traffic.
    • Examines API usage and server communication patterns.
    • Tests for insecure data transmission (e.g., cleartext traffic).
    • Identifies potential backend vulnerabilities exposed through network interactions.
  • Backend Vulnerability Assessment:
    • Tests server-side components for security weaknesses using various backend scanning techniques.
    • Fuzzes backend endpoints for common vulnerabilities like SQL Injection, template injection, and command injection.
    • Scans for known remotely exploitable vulnerabilities (CVEs).
    • Performs subdomain analysis and service discovery as part of backend assessment.
    • Validates server configurations and TLS/SSL security controls.
    • Performs reputation analysis on discovered domains and IPs.
  • Advanced Security Analysis Techniques:
    • For Android applications: Performs taint analysis to track sensitive data flows through the application code.
    • Examines binary protections and secure compilation practices.
    • Analyzes platform-specific security features and implementations like Android JNI interactions.
    • Provides IDE support for specialized file extraction and analysis.

The Full Scan offers an in-depth assessment combining static analysis with dynamic testing, runtime monitoring, network interception, and backend checks. It uncovers complex vulnerabilities, runtime issues, and security flaws related to real-world interactions and data handling.

Privacy Scan (Specialized)

The Privacy Scan is a dedicated assessment focused exclusively on privacy concerns, analyzing application behavior and data handling.

Overview and Capabilities

  • Uses specialized runtime analysis techniques to hook application methods and analyze runtime data handling and privacy practices.
  • Analyzes app data collection and privacy practices.
  • Monitors data flows to identify potential privacy concerns.
  • Compares the application's observed data usage/collection against its stated privacy policy using specialized compliance checks.
  • Tests privacy controls and data protection mechanisms.
  • Can be customized with a specific privacy policy link for compliance verification.

The Privacy Scan provides a targeted assessment of an application's data handling practices. It focuses specifically on identifying potential privacy violations, excessive data collection, and discrepancies between the application's actions and its stated privacy policy.