Ethiack Blog

Meet Idroid: Automated Pentesting for Android Apps

Written by André Baptista | 23/05/24 10:00

Ethiack 2.14 was unveiled only a few weeks ago, and we thought it would be a good time to bring more information on our new Artificial Hacker for Android Apps: Idroid.


Developed in partnership with Zezadas, this Artificial Hacker is our first when it comes to testing mobile applications. Read on to find out why it matters, the problems it solves, and how to activate it.


The Need for Specialized Mobile Security

Android applications, and mobile apps in general, come with some unique challenges compared to web apps.

To start, mobile devices hold a lot of details about our personal life, including sensitive ones. Therefore, they become more critical assets for both end users and for the organizations that develop them.

On top of this, we have the challenges that arise from mobile app development, and that leads to certain security challenges. For example, mobile devices are feature-rich and thus use complex logic, which can lead to vulnerabilities. They also hold a lot of data in cache, including sensitive user data. But the tools used - both for development and for penetration testing - differ from web apps, which makes testing harder. Code compiling makes it harder to analyze the code, and you need specific tools and skills (such as reversing) to access the code and test it. This added layer of abstraction means that certain vulnerabilities can slip through tests in the pipeline.

These two problems lead to the development of Idroid. It’s built specifically for Android Apps and delivers better performance than conventional SAST methods. All of OWASP Mobile's Top 10 vulnerabilities are covered, as well as other vulnerabilities chosen by the team.

 

Setting up testing for your Android App

Idroid will test your Android apps 24/7. It’ll check for new versions and launch new tests immediately, with any findings being added to your Portal.

To get started, follow these steps:

  • Reach out to our Support team through the Portal to activate Idroid in your account.
  • Once it’s activated, add your Android app to the Assets page. You’ll need your Android package name for this.
  • Once you’ve done it, Idroid will begin testing your App.

And that’s it! Stay tuned for the upgrades we’ll be releasing to Idroid in the near future.

Stay secure!