Checks aligned to the OWASP MASVS / Mobile Top 10: insecure storage, transport security, secrets, platform interaction, and reverse-engineering resilience.
53 checks · progress and notes saved in your browser
How the app stores sensitive data at rest on the device — preferences, databases, files, backups, logs, clipboard, and the platform key stores.
How the app protects data in transit — TLS configuration, certificate validation, pinning, and resistance to traffic interception.
Local and remote authentication, session handling, biometric/local auth, and the correctness of cryptographic primitives used by the app.
How the app interacts with the OS and other apps — IPC, exported components, deep links, and embedded WebViews.
Resistance to reverse engineering and tampering, and protection of secrets embedded in the app package.