Mobile application audit

Risks associated with mobile app are similar to thos of web apps, beyond technical vunerabilities the point is identify problems realted to data flow and permissions


Mobile applications security audit services (Android + iOS)

Proliferation of smartphones has generated an alarming sceneario because of the quick growth of mobile applications. Cyber criminals may obtain easily credentials to gain access and steal critical data or private information accross networks.

Our approach to Mobile app security

The massive use of wireless technologies places mobile devices as one of the main objectives of cyber attackers. Mobile applications are used for personal use but also may be connected with your business, compromising your organization safety if you leave any gap unprotected.

Nowadays, news are full of stories about cyber attacks an vulnerabilities. All developers should ensure their apps efficiently before launching it. Start now auditing your mobile to prevent incidentes and public security breaches that could damage your company reputation

Risks of not securing your mobile App

Judgments, legal costs and regulatory penalties

Compromise sensitive personal & business data

Damages for reputation loss

Economic losses by fraud

Damages for reputation loss

What our clients say


Why do you need to audit your App?

If your company offer services that are accessed over the internet by customers through an app, you have to worry about it and be sure that security is ensured. Anytime someone develope a mobile app, security is put aside and 52% of the times is forgotten because of lack of time.

But having a mobile application safe is a priority for any business, and it should be covered in early stages of development. Building a secure app and shielding your server to mitigate as much as possible the risks of a data breach should be a main issue for any organization.

Auditing mobile application is necessary to protect the privacy and guaranttee the confidenciality managed by the mobile app and other third parties tools connected. At Puffin security we offer comprehensive mobile application audit services covering all the existing platforms: Android, iOS, Windows phone…

Goals of periodical mobile audit

Due to the sensitive information App can handle and the resources they access, it is necessary to perform periodically a security audit. Our experienced auditors and penetration pentesters can help you to protect your mobile app efficiently

Identify vulnerabilities and potential security breachs

Analize your website security status as seen by potential attackers

Determine the real business risks for all the players of your company

Benefits of mobile app auditing

With a mobile security audit we can find vulnerabilities in applications and servers before attackers do, reducing the risk of data loss

Early Stage Detection

Mitigate risks by detecting and remediating security vulnerabilities. Even better if you ask us an audit during the software development life cycle.

Boost security

Increase end user confidence and company reputation by boosting your defences and meeting the highest security standards.

Reveal vulnerabilities

Illuminate breaches that could be exploited by an attacker for gaining access to your environment and system, and reduce risks of compliance penalties

Advantages of Puffin services

Why working with Puffin

Our cyber security consultants of Puffin Security will research into your mobile app locate any important security gap, reviewing your code architecture for completing a final report with all the vulnerabilites found

Effectiveness and efficiency

Commitment to results. We use methodologies that ensure the quality policy (ISO 9001) and the achievement of an optimal compromise, prioritizing to response time and speed of execution.

Tailored approach service

Adapt test and rules of engagement to uncover unique vulnerabilities. offering services with flexibility and adequate prices .

Expert execution

Performed by elite security testing consultants on-site or remote. We accredit experience in complex organizations in security projects, providing knowledge in the triple aspect: organizational, legal and technical

A multilayered defense on depth

A multilayered review defenses of management, risk management and internal audit to ensure that cyber security controls are well designed to protect the information assets and are operating effectively.

Compliance with ethical codes

Compliance with audit standards and ethical codes ISACA Code of Ethics, ISSA ethical code, OSSTMM Rules of Engagement, in addition to the standards referenced in the audit methodology.


Mobile app audit methodology

When performing a mobile audit we also rely on OWASP methodology. Anyway the mobile app review is much broader than a web application, because it requests and sends constantly info to a server on the internet. Besides some of the data are also stored in the phone. We use highly efficient tools and methodologies to evaluate and identify security problems in mobile applications. Our tests are based on industry standards such as OWASP, WASC, OSSTMM, business logic tests and scoring systems based on CVSS.

To perform these kind of tests we rely on a large range of tools, depending on the characteristics of the mobile application. Besides the previous methodologies used for the communication of the app, we also use BurpSuite (like with the web app audit service). All these processes made automatically by these tools, must be analized manually by our consultants to avoit false positives. Once all he information is analized our staff will prepare the final report with reliable and concrete information.

Phases of the Audit Process

Analysis of the communications security

Detection of unsafe data stored

Detect weak or unsafe authentication

Analize the cryptography and identify unsafe ciphers

Review of third-party libraries versions and security

Look for unexpected features of the APP logic


Documentation Deliverables

Once all of this is complete you will receive a final and tailored report with a detailed information about all the tests and results discovered in the mobile application security audit. In this document you will find all the knowledge you need to implement in order to mitigate vulnerabilities and weakness found. In your final report you will find specific details about how to fix the gaps customized for your language and platform.

Prioritize Controls and Mitigate Risk
$600 Billion

is the ammount that Cyber crime costs the world a year

Interested in auditing?

Discover all our types of cyber security audit for testing your security plan and all the gaps that can address to a data breach

What our clients say


Years auditing companies


Data breaches prevented


Countries we have worked at


Companies we have worked with

Around 98% of the apps that have been tested are vulnerable to cyber attack

At Puffin Security we deep into your organization beyond technology. We consider structures, processes, strategy and people, analysing security within the context of your business

Related services you may be interested


Adversarial testing


Manage the security of your company


Enhance your cyber security

Why working with us
View more services