Usage in the UI
One way to use our MATRIX solution is through the Corellium UI.
Create a Device
To get started, go to the Devices page and click “Create device”. Then choose a project under which to house the device.
For this example, we'll use an iPhone 15 Pro Max.
Select the OS version you'd like to use. For this example, we'll use iOS 17.5.
On Android, you need to manually adjust the device to use 4 cores. During the creation process, choose the "Set advanced boot options" checkbox in order to adjust the amount of CPU cores on the Android device prior to running the tests. This adjustment is only needed when using MATRIX through the UI.
Then, click "Create device" and wait for the device to boot up. This should take a few minutes.
Create a Test
Wait for the device to boot up. This should take a few minutes. Once the device is ready, close the creation dialog and click the "MATRIX" tab on the left.
From here, install an application by clicking the "Install new app" button, or find an existing one from your list of installed applications. Then, select the Application you want to test from the list.
You can also optionally upload a "keywords" text file. This is a newline-separated list of keywords that are case sensitive and will be used to search for vulnerabilities in the application. This could include things like known credentials, API keys, or other sensitive information. To specify regular expressions (regexes) in your keywords .txt file, wrap them in regex(/.../). For instance, to find all credit card numbers that start with “1234,” create a new line in the .txt file that says regex(/^1234/).
Please review our Known Issues MATRIX page for more information regarding if your iOS device supports regex or not.
Once you're ready, scroll back up and click "Create test".
Monitor and Collect Data
Once you've created your test, begin collecting data from your virtual device by clicking "Start monitoring".
While the monitoring is in-progress, start performing all the desired interactions with the application. When you've finished, click the "Stop monitoring" button to stop collecting data.
Run the Test
Once the monitoring is complete, you'll be able to run the test, which includes the checks. Click the "Run test" button to begin.
The test and its checks will run automatically. Once complete, you'll be able to view the results.
View the Results
Finally, you can view your report! In our UI, the report will be broken down into two key areas: the Results and the Details. Results will give you an overview of the app, device, and report itself, as well as a high-level overview of how many tasks passed, failed, or errored. Details will give you a detailed breakdown of the security issues identified by the checks.
Alternatively, you can download the report as a JSON or HTML file. You can learn more about these formats on the Reporting page.
Scroll down to see the results of each check. You can filter the results (2) by severity or test status; as well as click the chevrons to open and close the results.
In a future version of MATRIX, we intend to allow you to customize the status and severity of a check’s results to allow you to identify false positives, or tailor the results to your organization's security profile.
Viewing the Artifacts
You can view the artifacts generated by the test by clicking the "Artifacts" tab. You can learn more about these formats on the Artifacts page.
History and Retesting
You can view the results of your historical MATRIX tests and retest apps as needed. The MATRIX test history can be viewed from both an on and off device state. Click the "View History" button to view your previously ran tests. For more details, visit the History page.
