Mobisec allows companies to test the security of their apps for free

The Treviso-based company has released a free version of its tool for testing the security of companies’ mobile apps. An analysis is provided against the main known vulnerabilities

Treviso, November 26, 2024 – A free tool that allows companies to perform an initial security analysis of their apps, both for iOS and Android. An opportunity for companies to approach an issue as important as it is often underestimated as that of mobile app cybersecurity.

This tool, which can be reached at www.mobisec.com, will enable companies that want to approach the topic of mobile app security by performing an initial check on their apps. It will be sufficient to upload the app packages (but it will also be possible to do this directly from the official stores, or, by searching for the app on the official stores thanks to the built-in function) to launch the test.

The tool will go on to verify the reliability of the servers and domains to which the app connects, what data and permissions it requests from the user, that the digital certificates that guarantee communication between the app and the servers are protected and authentic. Again, the security of the network connections used to transmit the data will be checked, which trackers are invoked by the app, and that there are no vulnerabilities in the code that makes up the app. Within minutes, the system will return a traffic light report, which intuitively highlights whether there are elements within any of the specific areas tested that are worthy of further investigation.

The product was previewed in late November at the Italian fintech event Salone dei Pagamenti, where companies in attendance were given the opportunity to test the security of their application. Among the main security flaws identified were the presence of old and unmaintained trackers and obsolete certificates, for which some vulnerability notes emerged. In this respect, several instances where signatures were being used that could be attacked by Janus, a 2017 malware the vulnerability to which is expected to be overcome.

“We are aware that mobile application security is an issue that is often overlooked by companies. Unfortunately, those installed on millions of cell phones can represent a very important element of vulnerability,” says Mobisec CEO Simone Rebeschini. “Mobisec has developed DSA, a tool that is able to allow companies to continuously and effectively test the security of their applications. The free version is intended to be a tool to bring companies closer to the topic of mobile app cybersecurity.”