Back to portfolio
Specialized Expertise
6+ YRS · iOS & ANDROID

Mobile App Security

6+ years of deep-dive mobile testing for 100+ iOS/Android apps, uncovering critical vulnerabilities.

What I deliver

  • Static & dynamic analysis
  • Runtime instrumentation with Frida
  • Secure storage & crypto review
  • OWASP MASVS compliance
⟩ real-world projects

Selected engagements

Sanitized highlights from real client work — approach, the bug we found, and the fix shipped. Names redacted under NDA.

01

Mobile-wallet pentest (iOS + Android) — bypassed jailbreak detection + cert pinning via Frida, leaked session tokens

02

Healthcare Android app — insecure deeplinks allowed full PHI takeover, fixed via intent validation

03

Ride-hailing iOS app — Keychain misuse + plaintext PII in plist, full OWASP MASVS remediation

⟩ common vulnerabilities & how I find them

Top bugs I hunt — and the steps

The recurring weaknesses I see in this domain, with the repeatable workflow I run from discovery to fix.

01

Insecure Data Storage (M2)

High
  1. STEP 1Pull APK/IPA, inspect /data/data, Keychain, NSUserDefaults, SharedPreferences
  2. STEP 2Search for tokens, PII, API keys in plaintext
  3. STEP 3Verify keystore/Keychain class + access-control flags
  4. STEP 4Fix: EncryptedSharedPreferences / iOS Keychain with kSecAttrAccessibleWhenUnlocked
02

SSL Pinning Bypass

Medium
  1. STEP 1Hook with Frida + objection to disable TrustManager / NSURLSession checks
  2. STEP 2MITM traffic via Burp and confirm full API visibility
  3. STEP 3Test for fallback HTTP and weak TLS versions
  4. STEP 4Fix: implement multi-cert pinning + integrity checks + RASP
03

Insecure Deeplinks / Intent Redirection

High
  1. STEP 1Enumerate exported activities, intent filters, custom schemes
  2. STEP 2Craft malicious intents from a sibling app or browser
  3. STEP 3Trigger sensitive actions without user consent
  4. STEP 4Fix: validate intent caller, require signature permissions, restrict exported flags
⟩ arsenal

Tools & frameworks

MobSF
Mobile Security
Frida
Runtime Hooking
Objection
Mobile Pentest
Burp
Web Security
Drozer
Android Pentest
Apktool
APK Reverse
Jadx
Java Decompiler
Hopper
Disassembler
Cycript
iOS Runtime
Ghidra
Reverse Engineering
IDA
Disassembler
Wireshark
Packet Analysis
adb
Android Debug Bridge
Xcode Instruments
iOS Profiling
⟩ engage

Need mobile app security expertise?

Get in touch
⟩ related

More in Specialized Expertise