⟩ Specialized Expertise
6+ YRS · iOS & ANDROID
Mobile App Security
6+ years of deep-dive mobile testing for 100+ iOS/Android apps, uncovering critical vulnerabilities.
What I deliver
- Static & dynamic analysis
- Runtime instrumentation with Frida
- Secure storage & crypto review
- OWASP MASVS compliance
⟩ real-world projects
Selected engagements
Sanitized highlights from real client work — approach, the bug we found, and the fix shipped. Names redacted under NDA.
01
Mobile-wallet pentest (iOS + Android) — bypassed jailbreak detection + cert pinning via Frida, leaked session tokens
02
Healthcare Android app — insecure deeplinks allowed full PHI takeover, fixed via intent validation
03
Ride-hailing iOS app — Keychain misuse + plaintext PII in plist, full OWASP MASVS remediation
⟩ common vulnerabilities & how I find them
Top bugs I hunt — and the steps
The recurring weaknesses I see in this domain, with the repeatable workflow I run from discovery to fix.
01
HighInsecure Data Storage (M2)
- STEP 1Pull APK/IPA, inspect /data/data, Keychain, NSUserDefaults, SharedPreferences
- STEP 2Search for tokens, PII, API keys in plaintext
- STEP 3Verify keystore/Keychain class + access-control flags
- STEP 4Fix: EncryptedSharedPreferences / iOS Keychain with kSecAttrAccessibleWhenUnlocked
02
MediumSSL Pinning Bypass
- STEP 1Hook with Frida + objection to disable TrustManager / NSURLSession checks
- STEP 2MITM traffic via Burp and confirm full API visibility
- STEP 3Test for fallback HTTP and weak TLS versions
- STEP 4Fix: implement multi-cert pinning + integrity checks + RASP
03
HighInsecure Deeplinks / Intent Redirection
- STEP 1Enumerate exported activities, intent filters, custom schemes
- STEP 2Craft malicious intents from a sibling app or browser
- STEP 3Trigger sensitive actions without user consent
- STEP 4Fix: validate intent caller, require signature permissions, restrict exported flags
⟩ arsenal
Tools & frameworks
MobSF
Mobile Security
Frida
Runtime Hooking
Objection
Mobile Pentest
Burp
Web Security
Drozer
Android Pentest
Apktool
APK Reverse
Jadx
Java Decompiler
Hopper
Disassembler
Cycript
iOS Runtime
Ghidra
Reverse Engineering
IDA
Disassembler
Wireshark
Packet Analysis
adb
Android Debug Bridge
Xcode Instruments
iOS Profiling
⟩ engage
Need mobile app security expertise?
⟩ related
More in Specialized Expertise
VAPT & WAPT
6+ years leading 100+ real-world projects, identifying critical vulnerabilities in complex enterprise networks and web applications.
SOC Operations
6+ years managing L1/L2/L3 SOC operations for numerous clients, detecting and responding to advanced threats in real-time.
AI & GenAI Security
6+ years pioneering AI/GenAI security assessments, uncovering novel vulnerabilities in LLMs and securing AI-driven architectures.