← Back to services // Offensive

Mobile App Pentest

iOS and Android - from binary analysis to runtime hooking

€175 /hour CCV certified

We test iOS and Android applications for vulnerabilities in storage, transport, authentication and the application logic itself. Through static and dynamic analysis, certificate pinning bypass and runtime instrumentation we find vulnerabilities that others miss.

What is a mobile app pentest?

A mobile app pentest is a security assessment of your mobile application(s). We analyse the full attack chain: from the binary on the device to the communication with the backend API and the server-side logic. Mobile apps often store sensitive data locally, communicate with multiple backend services and process authentication credentials.

We combine static analysis (decompilation, source code review) with dynamic analysis (runtime hooking, traffic interception). With Frida we hook security-critical functions, with Objection we bypass root detection and certificate pinning, with Jadx we decompile the APK.

Why should you get a mobile app pentest?

Users trust mobile apps with sensitive actions: banking, medical data, corporate systems. The risks:

  • Insecure local storage: credentials or tokens stored unencrypted on the device.
  • Missing certificate pinning: man-in-the-middle attacks possible.
  • Reverse engineering: an attacker decompiles your app and finds hardcoded API keys or backend URLs.
  • Authentication bypass: weak biometric implementation, session management or token handling.
  • Business logic flaws: manipulating prices or bypassing purchases via the app.

Our approach

We follow the OWASP MASVS and MSTG, but go beyond the checklist. We share findings with you directly:

  1. Static analysis - decompilation, source code review for hardcoded secrets, insecure API calls, weak cryptography, debug functions in production.
  2. Dynamic analysis - runtime analysis with Frida: hooking, root/jailbreak bypass, certificate pinning bypass.
  3. Network communication - traffic interception with Burp Suite: TLS configuration, API authentication, data in transit.
  4. Local storage - databases, Keychain/Keystore, SharedPreferences, cache data for sensitive information.
  5. Authentication & session - biometric bypass, token handling, session fixation, account enumeration.
  6. Backend API - the app is just a frontend. The real vulnerabilities are often in the API. We include it in our test.
  7. Reporting - report conforming to MASVS with reproduction steps per platform. Retest available on request.

What does a mobile app pentest cost?

Our hourly rate is €175 per hour. Costs depend on complexity, authentication methods and whether the backend API is included. Fixed quote after a scoping call.

Frequently asked questions

Can you test apps that only run in an MDM environment?

Yes. We have experience with Intune, VMware Workspace ONE and other MDM environments. We test on both managed and unmanaged devices to verify that MDM restrictions are effective.

Do you need the source code?

Preferably yes. It saves a lot of analysis time, which improves efficiency.

Related services

// Offensive

Web Application Pentest

OWASP, business logic, auth bypass - from login to back-end

 // Offensive

Penetration Testing

CCV certified - blackbox, greybox & whitebox

Ready to test your security?

Get in touch with our team for a no-obligation conversation about your security challenges.

Get in touch