When a mobile application offers users access to highly valuable information, ensuring this information cannot be accessed by unauthenticated users is even more important than usual. This was the issue concerning our client, a company that creates trading and exchange systems for the derivatives community.
Our client’s mobile application allows retail customers in the US and Asia to access live trading information, using their smartphones. The company asked us to carry out a technical security assessment of the app to ensure unauthenticated users could not gain access to this commercially valuable data.
Our security assessment covered both the iOS and Android versions of the app from an unauthenticated-user perspective. We also conducted an infrastructure assessment of the endpoint hosts associated with the application, which we probed meticulously to identify any potential vulnerabilities.
While overall security was of a high standard, we identified several medium- and low-level cyber risks that needed to be addressed. These included insufficient protection of source code, allowing an attacker to gain information regarding the use of the application, and the bypassing of the first part of a two-step authentication process due to weak passcodes being in use.
Our report identified each issue, explained its implications for security and set out our recommended remedial action. Our work put our client in a strong position to improve the cyber security measures protecting its mobile app and prevent access to commercially valuable information by unauthenticated users.
If you require a mobile application security assessment to keep your data safe, get in touch with one of our pen testing experts today, or read more about our mobile app and device security testing service.