Mobile application security evaluation

Introduction
Function
Advantage
Scene

Introduction

The mobile application evaluation system is developed by Manxi Technology, which draws on the advantages of peer products and combines with market regulatory needs. It adopts static code, resource, data scanning and detection, runtime data mining, runtime content detection, and other technologies, in accordance with evaluation requirements such as 'Network Security Level Protection Requirements', 'China Financial Mobile Payment Client Technical Specifications', and 'Mobile Internet Application Software Security Evaluation Outline', It can detect security vulnerabilities and non compliances in mobile applications, and address serious issues such as permission abuse, illegal information collection, and information leakage. In combination with current relevant laws, regulations, and regulatory requirements, it provides administrative law enforcement basis for regulatory agencies, evaluation agencies, and others. At the same time, it can also locate vulnerability information for app enterprises and provide professional repair suggestions.

Function

Decompile

Support decompilation analysis of Dex, odex, apk, oat, jar, class, aar files in Android applications;
Multi Dex Decompiling

Support multi dex decompilation of Android applications, and use DEX virtual fusion technology to make decompilation faster;
One bond shelling

Support device memory dump, which can be used for shelling and Dex automatic decryption;
Equipment service

The platform supports the real machine operation mode, and can simulate debugging, cracking, injection and other attacks on applications with one click;
Executable decompilation

Support decompilation of SO, Bin, ELF and other executable files, and identify the self-protection capability of code reverse engineering prevention;
Custom detection policy

User defined detection strategies are supported, which can focus on the detection items that users care about;
API interface

Support API interface call, facilitate enterprise independent access;
Custom Report Template

Support enterprises to customize report templates, and modify risk levels, solutions, report styles, etc. of detected items in reports;

Advantage

优势	详情
Reverse engine	The system has DeX, elf, so, binary file reverse engine, dynamic debugging engine, disassembly engine, JavaScript parsing engine, which can carry out reinforcement strength test on reinforced applications and conduct comprehensive security evaluation on applications, so as to improve the data supporting evaluation.
Basic data support	The system collects all aspects of data. The system has a large number of third-party SDK lists, offline IP location libraries, offline proxy IP location libraries, offline IPV6 location libraries, offline proxy IPV6 location libraries, and refined permission data lists, which makes the data in the evaluation report more accurate and detailed.
In depth standard interpretation	Through in-depth interpretation of national laws, regulations and industry standards, evaluation items are formulated according to the relevant standards and requirements of each mobile application, so that each evaluation point has rules to follow.
Open evaluation process	In the professional report issued, each evaluation point will describe the evaluation process in detail, so that readers can reproduce and exclude according to the process, and include corresponding solutions, so that readers can make effective and low-cost rectification. No manual operation saves costs.
Fully automatic one button operation	It does not require the participation of professional security technicians, greatly reduces the labor cost and technology learning cost, and the evaluation report is authentic and reliable. The application evaluation time is short, so the application security evaluation results can be obtained immediately, saving the waiting time, and realizing the rapid discovery and repair of application problems.
Protect customer data privacy	Support local separate deployment, effectively isolate user application information and evaluation results, and protect enterprise data privacy and security.

Scene

Supervision/testing functional organization

National regulators, testing institutions, application safety assessment units, regulatory units of various industries, relevant government departments, etc.
Regulated/constrained units

Regulated units, objects designated for verification by relevant policies, such as banks, mutual funds and securities.
Enterprise application security internal demand

Enterprise units with multiple departments and branches, and most of them have special security testing departments. Such as electric power, petroleum, social security bureau, tax bureau, operator, etc.
App contains sensitive information business

If the business of enterprise apps involves user sensitive information, transaction information and other content, they tend to pay more attention to the data security of apps, the existence of high-risk vulnerabilities and other situations, such as financial, hotel, government, transportation and so on.