Checks
Our MATRIX solution runs a specialized set of automated security checks on the device. These checks are designed to identify security issues in the app, such as insecure data storage, insecure network communication, insecure authentication and more.
Specifically, we have implemented checks for iOS and Android across 7 categories: Authentication, Code, Cryptography, Network, Platform, Storage and Resilience. Each of these checks are designed to identify a specific security issue in the app in accordance with the Mobile OWASP Checklist.
Android Checks
The following checks are run on Android devices:
| Category | Check Name |
|---|---|
| Authentication | Insecure Biometric Implementation |
| Code | Insecure Joda Library |
| Code | Insecure libjpeg-turbo Library Version |
| Code | Insecure libpng Library Version |
| Code | Insecure OkHTTP Library Version |
| Code | MinSDK Targets Vulnerable Android Versions |
| Code | Application Utilizes Stack Canaries |
| Code | Safe Browsing Not Enabled in WebViews |
| Code | Application Utilizes Position Independent Code |
| Crypto | Application Contains Hardcoded API Keys |
| Crypto | Application Utilizing Insecure Cryptography |
| Crypto | Application Utilizing Insecure Symmetric Encryption Modes |
| Crypto | Application Contains Hardcoded SQLCipher Key |
| Crypto | Insecure Random Number Generation |
| Network | Application Allows Insecure Network Connections |
| Network | Application Contains Change Cipher Spec Injection Vulnerable OpenSSL Version |
| Network | Application Contains HeartBleed Vulnerable OpenSSL Version |
| Network | Application Contains Insecure HTTP Traffic |
| Network | Application Target SDK Allows for Insecure Network Configuration |
| Network | Application VPN Opts out of Always-On Feature |
| Network | HTTP Cleartext Transmission of Bluetooth MAC Address |
| Network | HTTP Cleartext Transmission of Build Fingerprint |
| Network | HTTP Cleartext Transmission of Device Android ID |
| Network | HTTP Cleartext Transmission of Device IMEI |
| Network | HTTP Cleartext Transmission of DNS Address |
| Network | HTTP Cleartext Transmission of GPS Latitude Coordinates |
| Network | HTTP Cleartext Transmission of GPS Longitude Coordinates |
| Network | HTTP Cleartext Transmission of Sensitive Data |
| Network | HTTP Cleartext Transmission of WiFi MAC Address |
| Network | HTTPS Traffic URL Contains WiFi MAC Address |
| Network | HTTPS Traffic URL Contains Device IMEI |
| Network | HTTPS Traffic URL Contains Device's GPS Longitude |
| Network | HTTPS Traffic URL Contains Device's GPS Latitude |
| Network | HTTPS Traffic URL Contains Sensitive Data |
| Network | HTTPS Traffic URL Contains DNS Address |
| Network | HTTPS Traffic URL Contains Build Fingerprint |
| Network | HTTPS Traffic URL Contains Bluetooth MAC Address |
| Network | HTTPS Traffic URL Contains Android ID |
| Network | Insecure Security Provider |
| Network | Insecure TLS Configuration |
| Network | Cookie missing 'Secure' flag |
| Network | Cookie missing 'HttpOnly' flag |
| Network | Application Utilizes Certificate Pinning Protections |
| Network | Application Utilizes Certificate Validation |
| Platform | Application Manifest Contains Unverified Web Links |
| Platform | Application Utilizes Broadcast Receivers Without Permissions |
| Platform | Application Utilizes Potentially Dangerous Permissions |
| Platform | Application Contains Debuggable Webviews |
| Platform | Application Utilizes Insecure JavaScript Interface |
| Platform | Application Contains WebViews with JavaScript Enabled |
| Platform | Application is Vulnerable to Task Hijacking |
| Resilience | Application Contains Debug Library |
| Resilience | Application Enables Debugging within the Android Manifest |
| Resilience | Janus Exploitation Possible Due to Current Minimum SDK |
| Resilience | Application Utilizes a Weak Signing Key |
| Resilience | Application Utilizes a Weak Signing Scheme |
| Storage | Local Data Exposure: Android ID Stored Insecurely |
| Storage | Local Data Exposure: Application Backups Enabled |
| Storage | Local Data Exposure: Bluetooth MAC Address Logged Insecurely |
| Storage | Local Data Exposure: Bluetooth MAC Address Stored Insecurely |
| Storage | Local Data Exposure: Device Fingerprint Logged Insecurely |
| Storage | Local Data Exposure: Device IMEI Logged Insecurely |
| Storage | Local Data Exposure: Device IMEI Stored Insecurely |
| Storage | Local Data Exposure: DNS Address Logged Insecurely |
| Storage | Local Data Exposure: DNS Address Stored Insecurely |
| Storage | Local Data Exposure: Global Read Permissions |
| Storage | Local Data Exposure: Global Write Permissions |
| Storage | Local Data Exposure: GPS Latitude Logged Insecurely |
| Storage | Local Data Exposure: GPS Latitude Stored Insecurely |
| Storage | Local Data Exposure: GPS Longitude Logged Insecurely |
| Storage | Local Data Exposure: GPS Longitude Stored Insecurely |
| Storage | Local Data Exposure: Insecure Hardcoded API Keys |
| Storage | Local Data Exposure: Insecure Hardcoded Passwords |
| Storage | Local Data Exposure: Sensitive Values Logged Insecurely |
| Storage | Local Data Exposure: Sensitive Values Stored Insecurely |
| Storage | Local Data Exposure: Sensitive Values Stored Insecurely in Memory |
| Storage | Local Data Exposure: WiFi IP Address Logged Insecurely |
| Storage | Local Data Exposure: WiFi IP Address Stored Insecurely |
| Storage | Local Data Exposure: WiFi MAC Address Logged Insecurely |
| Storage | Local Data Exposure: WiFi MAC Address Stored Insecurely |
iOS Checks
The following checks are run on iOS devices:
| Category | Check Name |
|---|---|
| Authentication | Biometric Bypass Possible |
| Code | Application Uses Custom URL Schemes |
| Code | Application Utilizes PIC Binary Protections |
| Code | Application Utilizes Stack Smashing Protections |
| Code | Application Utilizes a Deprecated API |
| Code | Application Utilizes Insecure Serialization API |
| Code | Application Utilizes an Insecure Nanopb Library |
| Code | Application Utilizes ARC Binary Protections |
| Code | Insecure API Usage in Binary |
| Code | Usage of malloc Instead of calloc in Binary |
| Crypto | Application Encodes Data Using Insecure Cryptography |
| Crypto | Application Utilizes Insecure Cryptography |
| Crypto | PBKDF2 Iteration Count <10k |
| Network | App Transport Security (ATS) Disabled |
| Network | Application Contains Insecure HTTP Traffic |
| Network | HTTP Cleartext Transmission of Device IMEI |
| Network | HTTP Cleartext Transmission of GPS Latitude Coordinates |
| Network | HTTP Cleartext Transmission of GPS Longitude Coordinates |
| Network | HTTP Cleartext Transmission of Sensitive Data |
| Network | HTTP Cleartext Transmission of WiFi MAC Address |
| Network | App Transport Security (ATS) Selectively Disabled |
| Network | HTTPS Traffic URL Contains Device's GPS Longitude |
| Network | HTTPS Traffic URL Contains Device's GPS Latitude |
| Network | HTTPS Traffic URL Contains WiFi MAC Address |
| Network | HTTPS Traffic URL Contains Device IMEI |
| Network | HTTPS Traffic URL Contains Sensitive Data |
| Network | Cookie missing 'Secure' flag |
| Network | Cookie missing 'HttpOnly' flag |
| Network | HTTP Cleartext Transmission of Advertiser ID |
| Network | Application Utilizes Certificate Pinning Protections |
| Network | Insecure TLS configuration |
| Network | Application Contains Change Cipher Spec Injection Vulnerable OpenSSL Version |
| Network | Application Contains Heartbleed Vulnerable OpenSSL Version |
| Platform | Application Utilizes Potentially Dangerous Permissions |
| Platform | Potentially Insecure iOS Entitlements |
| Resilience | Components Contain Debug Symbols |
| Storage | Local Data Exposure: Sensitive Values Stored in Memory |
| Storage | Local Data Exposure: Device IMEI Logged Insecurely |
| Storage | Local Data Exposure: Device IMEI Stored Insecurely |
| Storage | Local Data Exposure: Global Write Permissions |
| Storage | Local Data Exposure: GPS Latitude Logged Insecurely |
| Storage | Local Data Exposure: GPS Latitude Stored Insecurely |
| Storage | Local Data Exposure: GPS Longitude Logged Insecurely |
| Storage | Local Data Exposure: GPS Longitude Stored Insecurely |
| Storage | Local Data Exposure: Insecure Hardcoded API Keys |
| Storage | Local Data Exposure: Insecure Hardcoded Passwords |
| Storage | Local Data Exposure: Sensitive Data Logged Insecurely |
| Storage | Local Data Exposure: Sensitive Values Stored Insecurely |
| Storage | Local Data Exposure: WiFi IP Address Stored Insecurely |
| Storage | Local Data Exposure: WiFi MAC Address Logged Insecurely |
| Storage | Local Data Exposure: WiFi MAC Address Stored Insecurely |
| Storage | Local Data Exposure: Advertiser ID Stored Insecurely |
| Storage | Local Data Exposure: Advertiser ID Logged Insecurely |
| Storage | Application Utilizes Deprecated Keychain Attributes |
| Storage | Sensitive Values Stored Insecurely within NSUserDefaults |
| Storage | Sensitive Data Exposed Through Device Keyboard Cache |