UP
powered by

Mobile X-Ray

0 tests running
apps tested

Just upload your iOS or Android mobile app to start a DAST, SAST and behavioral audit for OWASP Mobile Top 10 and other vulnerabilities:

  • Step 1 Upload a mobile app
  • Step 2 Wait a moment
  • Step 3 View report
Provided "as is" without any warranty of any kind

Android Applications

All you need is a valid APK archive for the application. APK's can either be compiled from the application source code, or, if already in Google Play market, downloaded via F-Droid or androidappsapk.co.

Please follow the steps below to test Android APK:

  • Click on "Choose file" button and select the APK, file upload will start immediately.
  • Once uploaded, the test will take approximately ten minutes, depending on application size and complexity, as well as our current system load.
  • Once the test is finished, you will be provided with a detailed report. The report is located on a secret link available only to you. The report is stored for your convenience for 90 days and then automatically deleted. You can delete the report yourself just after the test.

iOS Applications

All you need is a valid IPA archive for the application compiled as a Simulator App (see below).

Please follow the steps below to test iOS IPA:

  • Click on "Choose file" button and select the IPA, file upload will start immediately.
  • Once uploaded, the test will take approximately ten minutes, depending on application size and complexity, as well as our current system load.
  • Once the test is finished, you will be provided with a detailed report. The report is located on a secret link available only to you. The report is stored for your convenience for 90 days and then automatically deleted. You can delete the report yourself just after the test.

How to compile your iOS app as a Simulator App:

1. Run XCode and open your project;
2. Right-click your Project Name and select "Show in Finder.";
3. Right-click YourProject.xcodeproj and navigate to "Open With > Terminal";
4. Run "cd .." - your current working directory is now your project's main directory;
5. Determine which iPhone Simulator you can build to by running "xcodebuild -showsdks";
6. Build your app with the following command "xcodebuild -arch i386 -sdk iphonesimulator{version}";
7. Go to build/Release-iphonesimulator and zip file YourProject.app;

Mobile X-Ray by High-Tech Bridge

This free online service is provided and operated by High-Tech Bridge for the benefit of cybersecurity community and dependent mobile application developers.

The service can test mobile applications for the following platforms:

  • Android
  • Native Applications
  • Hybrid Applications (Cordova, PhoneGap, React, Xamarin)
  • iOS
  • Native Applications
  • Hybrid Applications (Cordova, PhoneGap, React, Xamarin)

It promptly detects the wide spectrum of most common weaknesses and vulnerabilities, including OWASP Mobile Top 10, and provides a user-friendly report with the discovered issues.

We provide the following automated tests of the mobile application:

Please note, that the most dangerous vulnerabilities usually reside in the mobile back end (i.e. Web Services and APIs) and not in the application. Therefore, to complement your mobile security testing we strongly encourage you to thoroughly test the backend via ImmuniWeb® Mobile.

Might you have any suggestions on how to improve the service please contact us by email:

SAST

Mobile X-Ray performs Static Application Security Testing (SAST) to detect the following weaknesses and vulnerabilities:

    DAST

    Mobile X-Ray performs Dynamic Application Security Testing (DAST) to detect the following weaknesses and vulnerabilities:

      Behavioral

      Mobile X-Ray performs behavioral testing to detect when mobile application tries to access some sensitive or privacy-related functions:

          Latest Tested
          • Highest Scores
          • Lowest Scores
          Application Name Application ID Test Date/Time Security Flaws
          Trends & Statistics
          Purposefully Insecure and Vulnerable Android Application (PIVAA) For bench-marking testing, we created a Purposefully Insecure and Vulnerable Android Application (PIVAA) to replace quite outdated DIVA. Test results are available here.

          Powered and provided by ImmuniWeb® Application Security Platform.