Ethiack 2.14 was unveiled only a few weeks ago, and we thought it would be a good time to bring more information on our new Artificial Hacker for Android Apps: Idroid.
Developed in partnership with Zezadas, this Artificial Hacker is our first when it comes to testing mobile applications. Read on to find out why it matters, the problems it solves, and how to activate it.
Android applications, and mobile apps in general, come with some unique challenges compared to web apps.
To start, mobile devices hold a lot of details about our personal life, including sensitive ones. Therefore, they become more critical assets for both end users and for the organizations that develop them.
On top of this, we have the challenges that arise from mobile app development, and that leads to certain security challenges. For example, mobile devices are feature-rich and thus use complex logic, which can lead to vulnerabilities. They also hold a lot of data in cache, including sensitive user data. But the tools used - both for development and for penetration testing - differ from web apps, which makes testing harder. Code compiling makes it harder to analyze the code, and you need specific tools and skills (such as reversing) to access the code and test it. This added layer of abstraction means that certain vulnerabilities can slip through tests in the pipeline.
These two problems lead to the development of Idroid. It’s built specifically for Android Apps and delivers better performance than conventional SAST methods. All of OWASP Mobile's Top 10 vulnerabilities are covered, as well as other vulnerabilities chosen by the team.
Idroid will test your Android apps 24/7. It’ll check for new versions and launch new tests immediately, with any findings being added to your Portal.
To get started, follow these steps:
And that’s it! Stay tuned for the upgrades we’ll be releasing to Idroid in the near future.
Stay secure!