Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

Mobile Architecture

Mobile Architecture

Section titled “Mobile Architecture”

5 automated security scanners

Backend API Exposure

Section titled “Backend API Exposure”

Purpose: The Backend API Exposure Scanner is designed to identify and report potential vulnerabilities in backend APIs used by mobile applications. It focuses on detecting mobile-specific endpoints, authentication bypass issues, excessive permissions, inadequate security headers, and TLS/SSL configuration weaknesses that could compromise the security of mobile apps.

What It Detects:

  • Mobile-Specific Endpoints: The scanner identifies API endpoints tailored for mobile use, such as /api/v1/mobile, which might indicate a direct exposure to sensitive data or operations not intended for web access.
  • Authentication Bypass Vulnerabilities: Patterns like ?token=, ?apikey=, and default credentials in URLs are flagged as potential security flaws that could allow unauthorized access.
  • Excessive Permissions: The scanner checks for permissions granted to mobile apps that might not require such extensive access, potentially leading to data leakage or misuse.
  • Security Headers Analysis: It evaluates the presence and correctness of critical security headers like Strict-Transport-Security, which helps in preventing attacks like MITM (Man-in-the-Middle), and other headers aimed at enhancing web application security.
  • TLS/SSL Inspection: Weak cipher suites, outdated protocol versions (like TLSv1.0 and TLSv1.1), and improper SSL configurations are flagged to ensure that the API communication is encrypted and secure.

Inputs Required:

  • domain (string): The primary domain of the backend API, which helps in identifying endpoints relevant to mobile access.
  • app_identifier (string): A unique identifier for the mobile application, used to contextualize the scan within its specific environment.

Business Impact: Identifying and addressing vulnerabilities identified by this scanner is crucial as it directly impacts the security of sensitive data handled by mobile applications. Proper API exposure management ensures that only authorized access points are available, reducing the risk of data breaches and unauthorized use.

Risk Levels:

  • Critical: Vulnerabilities leading to complete authentication bypass or direct exposure of sensitive information without any protection.
  • High: Issues in security headers or TLS configurations that significantly weaken encryption standards used for API communications.
  • Medium: Presence of mobile-specific endpoints and excessive permissions, which might lead to unintended data access but are not as critical as the above issues.
  • Low: Minor deviations in security header settings or outdated but still secure versions of protocols like TLSv1.2.
  • Info: Informal findings related to minor misalignments in API documentation or non-critical protocol compliance that do not directly impact security significantly.

Example Findings:

  • A mobile application endpoint /api/v1/mobile is detected, which might indicate a lack of proper segregation between web and mobile access points.
  • Detection of default credentials in the login URL could lead to unauthorized API usage without explicit user consent or authentication mechanisms.
  • Excessive permissions granted to the mobile app for accessing sensitive data endpoints suggest inadequate authorization checks that can be exploited by malicious actors.

Push Notification Security

Section titled “Push Notification Security”

Purpose: The Push Notification Security Scanner is designed to identify and assess potential vulnerabilities in push notification systems, focusing on preventing hijacking, interception, and token security flaws. It evaluates DNS records, HTTP headers, TLS configurations, and socket connections to ensure secure handling of push notifications.

What It Detects:

  • Notification Hijacking Indicators: The scanner checks for unauthorized access points in DNS records and verifies the presence of SPF, DMARC, and DKIM records to prevent spoofing.
  • Message Interception Vulnerabilities: It analyzes HTTP security headers for proper encryption and content protection and inspects TLS/SSL certificates and cipher suites for outdated or insecure configurations.
  • Token Security Flaws: The scanner evaluates the strength of tokens used in push notifications and detects weak or predictable token generation patterns.
  • DNS Configuration Issues: It validates TXT, MX, NS, CAA, and DMARC records to ensure proper domain configuration, identifying misconfigurations that could lead to notification interception.
  • Socket Connection Vulnerabilities: The scanner performs port scanning to identify open ports that may be exploited and conducts service fingerprinting to detect outdated or vulnerable services.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • app_identifier (string): Application identifier for token analysis (e.g., “com.acme.app”)

Business Impact: Ensuring secure push notification handling is crucial for maintaining trust and protecting sensitive information in mobile applications. This scanner helps organizations identify and mitigate risks associated with notification hijacking, interception, and token security vulnerabilities, which could lead to unauthorized access, data breaches, and loss of user trust.

Risk Levels:

  • Critical: Findings that indicate immediate attention are critical (e.g., presence of unverified DNS records or insecure TLS configurations).
  • High: Issues that pose significant risk but may not be immediately exploitable (e.g., outdated cipher suites or weak token generation mechanisms).
  • Medium: Vulnerabilities that require remediation within a reasonable timeframe, typically involving some compromise but with limited impact (e.g., unenforced content security policies).
  • Low: Informative findings that do not directly affect security but can be useful for continuous improvement (e.g., presence of deprecated services on open ports).
  • Info: General information about the environment and configurations, which does not necessarily indicate a vulnerability or risk.

Example Findings:

  1. A domain has no SPF record, which could allow unauthorized entities to spoof emails from your domain.
  2. An application uses RC4 cipher suites in its TLS configuration, which is considered insecure for modern encryption standards.

App Sandbox Isolation

Section titled “App Sandbox Isolation”

Purpose: The App Sandbox Isolation Scanner is designed to detect potential vulnerabilities and improper configurations that could lead to container escape, data leakage between applications, and insecure use of shared storage. This tool aims to ensure mobile apps are properly isolated within their respective sandboxes, enhancing overall security posture.

What It Detects:

  • Container Escape Vulnerabilities: Identifies potential paths or methods that could allow an app to break out of its sandbox environment, including known vulnerabilities in the container runtime or underlying system libraries.
  • Data Leakage Between Applications: Scans for shared storage mechanisms that might expose data between different apps, detecting improper use of shared directories, databases, or other resources.
  • Shared Storage Misconfigurations: Examines shared storage configurations to ensure they are properly secured and not accessible by unauthorized apps, identifying misconfigured permissions or access controls on shared storage locations.
  • Security Headers Analysis: Analyzes HTTP security headers to ensure proper isolation and protection of app data, checking for the presence and correctness of essential headers such as Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options.
  • TLS/SSL Inspection: Inspects TLS/SSL configurations to ensure secure communication channels between apps, detecting outdated or insecure protocols, cipher suites, and certificate issues.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • app_identifier (string): Unique identifier for the app (e.g., package name or bundle ID)

Business Impact: Ensuring proper sandbox isolation and secure configurations is crucial as it directly impacts data protection, application integrity, and overall system security. Misconfigurations can lead to unauthorized access, data leakage, and potential compromise of sensitive information, affecting both end-users and organizations significantly.

Risk Levels:

  • Critical: Conditions that pose a direct threat to the security and functionality of the app or its environment, requiring immediate attention and resolution.
  • High: Conditions that could lead to significant vulnerabilities or data breaches if not addressed promptly, impacting critical business processes.
  • Medium: Conditions that may lead to moderate risks such as increased exposure to potential threats or minor usability issues but do not compromise overall security significantly.
  • Low: Conditions that generally pose minimal risk and can be addressed at a later stage without immediate concern for security or functionality.
  • Info: Informative findings that provide insights into the app’s configuration but currently do not indicate significant risks.

If specific conditions for these risk levels are not detailed in the README, they have been inferred based on typical severity assessments for such tools.

Example Findings:

  • A mobile app is detected to be using an outdated TLS version that could be exploited by attackers.
  • Misconfigured permissions allow another app to read sensitive user data stored within the app’s sandboxed environment.
Section titled “Deep Link Validation”

Purpose: The Deep Link Validation Scanner is designed to ensure the security of deep links within mobile applications by detecting potential vulnerabilities such as URL scheme hijacking, intent redirection, and cross-app information leakage. This tool helps in maintaining secure communication channels between apps and external services through rigorous analysis of domain names, app identifiers, and network configurations.

What It Detects:

  • URL Scheme Hijacking: Identifies unauthorized applications that can intercept URLs intended for specific apps, exploiting predictable or easily guessable URL schemes.
  • Intent Redirection: Analyzes Android application intent filters to detect potential redirection to malicious activities, ensuring proper intent definition and data protection.
  • Cross-App Information Leakage: Examines deep links for sensitive information that could be leaked when navigating between apps, highlighting patterns of confidential data exposure.
  • Security Headers Analysis: Validates the implementation of security headers such as Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options to identify missing or weak configurations that could be exploited by attackers.
  • TLS/SSL Inspection: Inspects SSL/TLS certificates for vulnerabilities including outdated protocols, weak cipher suites, and improper configuration, ensuring secure communication channels are established between the app and external services.

Inputs Required:

  • domain (string): The primary domain to analyze (e.g., acme.com). This is crucial for DNS queries, HTTP requests, and SSL/TLS certificate inspection.
  • app_identifier (string): The app identifier or package name (e.g., com.acme.app). This helps in identifying specific apps and their deep link configurations for detailed analysis.

Business Impact: Ensuring the security of deep links within mobile applications is paramount as it directly impacts data privacy, application integrity, and user trust. Vulnerabilities such as URL scheme hijacking can lead to unauthorized access to sensitive information, while cross-app leakage can expose confidential data to unintended parties. Security headers and TLS configurations are critical for establishing secure communication channels that protect against eavesdropping and tampering attacks.

Risk Levels:

  • Critical: Missing or improperly configured security headers can result in severe vulnerabilities allowing full network access without proper authentication, leading to potential data theft or system compromise.
  • High: Outdated TLS protocols or weak cipher suites can lead to the exposure of sensitive information through eavesdropping attacks, compromising user privacy and application trust.
  • Medium: Improper configuration of security headers might not directly expose critical vulnerabilities but still represents a significant risk as it does not meet industry best practices for secure communication.
  • Low: Informational findings regarding TLS configurations or missing headers are considered low severity unless they indicate potential future risks that could evolve into higher issues with changing threat landscapes.

Example Findings:

  • A deep link in an app redirects to a malicious site due to a predictable URL scheme, potentially leading to unauthorized data access and theft.
  • The Strict-Transport-Security header is missing from the server response, allowing for potential man-in-the-middle attacks that can expose user credentials during transmission.

Certificate Pinning Implementation

Section titled “Certificate Pinning Implementation”

Purpose: The Certificate Pinning Implementation Scanner is designed to identify potential bypass attempts and certificate validation issues in mobile applications by analyzing the implementation of certificate pinning. This ensures that the application only trusts specific certificates, mitigating risks from man-in-the-middle attacks.

What It Detects:

  • Pinning Bypass Detection: Identifies patterns indicating potential bypasses of certificate pinning mechanisms and checks for known vulnerabilities or misconfigurations in SSL/TLS implementations.
  • Certificate Validation Issues: Examines the validity and trustworthiness of certificates used by the application, detecting outdated, self-signed, or untrusted certificates.
  • Security Headers Analysis: Inspects HTTP security headers to ensure they are properly configured, looking for patterns like strict-transport-security, content-security-policy, x-frame-options, and x-content-type-options.
  • TLS/SSL Inspection: Analyzes the SSL/TLS configuration of the application’s endpoints, detecting weak cipher suites, outdated protocol versions (e.g., TLSv1.0, TLSv1.1), and insecure algorithms (e.g., RC4, DES, MD5).
  • DNS Record Validation: Validates DNS records to ensure they are correctly configured for security purposes, checking for patterns in TXT, MX, NS, CAA, and DMARC records.

Inputs Required:

  • domain (string): The domain of the application to scan (e.g., acme.com).
  • app_identifier (string): The unique identifier for the mobile application (e.g., com.acme.app).

Business Impact: Ensuring that applications correctly implement certificate pinning and configure security headers appropriately is crucial for maintaining a secure network environment. Misconfigurations can lead to unauthorized access, data leakage, and other severe consequences related to cybersecurity incidents.

Risk Levels:

  • Critical: Conditions where the scanner identifies clear bypass attempts or misconfigurations in SSL/TLS settings that significantly weaken application security.
  • High: Conditions where there are indications of potential bypasses or weak configurations that could be exploited by attackers.
  • Medium: Conditions where improvements in SSL/TLS settings or stronger configuration practices would enhance security but do not pose an immediate threat.
  • Low: Informal or inconsequential issues that, while worth addressing for improved security posture, do not significantly impact application security.
  • Info: Routine checks or configurations that provide minimal to no risk and are primarily informative.

Example Findings:

  1. The application fails to implement strict-transport-security headers, allowing for potential SSL/TLS downgrade attacks.
  2. A self-signed certificate is used in production, which poses a high security risk as it cannot be verified by third-party services.