Your mobile app does a lot of things

Don't let unknown vulnerabilities put user data at risk

Scan your app for free

AppCritique finds vulnerabilities, data leaks, and everything in between

Mobile apps are a necessary component of today’s communications. To operate effectively in the mobile environment, organizations are being called on to visualize, integrate, and leverage disparate information sources to dramatically extend their performance, effciency, and reach. Users are eager to adopt these new tools anywhere, in the office and on the move. Mobile apps—whether built in-house or purchased from the outside—must be secure for both users and organizations.

Despite their ability to enhance productivity and business operation, mobile apps can introduce functional, performance, and security issues. Mobile malware is increasing at an alarming pace, and the methods by which insecure apps can affect other apps, mobile devices, and/or the underlying network infrastructure are becoming much more complex. An insecure app can lead to lost productivity, loss of data, legal liability, damage to brand credibility—and worse. In today’s world, mobile app vetting is an essential part of a holistic enterprise cybersecurity plan, and Booz Allen’s AppCritique capability can help you meet this need.

Dev-friendly mobile application security

Developing an app is hard. Ever-evolving platform API's, cross-platform requirements, and timely delivery pressures make it harder. AppCritique can help relieve some of the pressures of shipping a great app by providing a second look at potential security threats that may exist. Our proprietary app analysis engine was developed by our mobile forensics and network security subject matter experts, and provides extensive coverage in all things app security. We stay tuned in to the Android and iOS developer and cybersecurity communities, and update our checks on a weekly basis.



INTER-APP COMMUNICATIONS

  • Data accessible to other apps
  • Components vulnerable to manipulation
  • Unauthenticated or unfiltered input




CODE VULNERABILITIES

  • Local SQL injection
  • Unsafe native code
  • Dynamically loaded code




DATA STORAGE

  • Data accessible in unencrypted backups
  • Publicly accessible sensitive info
  • Credentials outside secure store



DATA PRIVACY

  • Unique identifiers
  • Geolocation information
  • PII sent to third parties



SIDE CHANNEL DATA LEAKAGE

  • Screenshots
  • Clipboard
  • URL & keyboard caches



SECURE COMMUNICATIONS

  • Incorrect certificate validation
  • Unencrypted protocols
  • Weak endpoint encryption



CRYPTOGRAPHY

  • Deprecated hash functions
  • Insecure random number generation
  • Hard-coded keys


INTELLECTUAL PROPERTY PROTECTIONS

  • Unobfuscated code
  • Hard-coded passwords
  • Unnecessary client-side data


OTHER

  • App-specific zero-day exploits
  • Man-in-the-middle attack scenarios
  • …and more!

Assessment Options

Do you require a different option? Please contact us to arrange a custom AppCritique offering.

FREE

FREE - Upload

    Automated analysis of your apps.

  • Fully automated analysis
  • Any app that you or your company owns
  • Results in minutes to hours
  • Dozens of checks including some of the latest detectable vulnerabilities or issues
  • Detailed PDF report based on findings

PRO

Contact Us

    Intensive dynamic analysis conducted by the experts.

  • Expert Analyzed
  • Public or private apps
  • Static and dynamic checks
  • Back-end analysis
  • Developer Q&A
  • Detailed PDF report which includes dynamic as well as network analysis

ENTERPRISE

Contact Us

    API-accessible security info for public apps. Coming soon!

  • Results from automated analysis
  • Public apps
  • API-accessible
  • Back-end analysis
  • Integrate with your mobile device management (MDM) workflow
  • Use to help inform security and mobile device use policy

Contact Appcritique

For questions, feedback or sales inquiries, contact us at:

appcritique@bah.com