We carry our lives around on our phones.
You hear it all the time and it's true. But as "bring your own device" becomes the norm in private enterprise and government, we're increasingly toting more than just our own lives. Through enterprise mobility apps we're carrying around access to company networks, proprietary data, sensitive customer information, and more.
With that kind of accessibility, a single compromised device could mean severe consequences for organizations and the lives of their customers and employees. If you're charged with developing, integrating, or maintaining mobile apps, you had better be certain that they're secure.
That’s why Booz Allen created AppCritique, to make it easier to thoroughly vet Android and iOS mobile apps for security vulnerabilities.
Today’s enterprise mobile app developers have their hands full. The mobile development ecosystem evolves at a rapid pace—far faster than the PC software world. Android and iOS software application program interfaces (APIs) change on a 9-month basis. Keeping apps updated with these latest features along with security fixes from Google and Apple is beyond a full-time job. Simultaneously maintaining full awareness of known vulnerabilities and threat actor’s evolving tools, techniques, and procedures is a juggling act that’s next to impossible.
AppCritique’s free, fully-automated mobile app vulnerability analysis service puts uploaded apps through dozens of checks, including for some of the latest detectable vulnerabilities. By providing detailed security reports within hours or even minutes, it frees app developers to better concentrate on delivering in-demand features and capabilities that take full advantage of iOS and Android’s latest functionality.
Booz Allen's Corey Garst and Chris Forant lead the project team that developed AppCritique. Corey is an expert in mobile security research and analysis, while Chris is an app developer and cybersecurity expert who works with our U.S. intelligence community clients.
“Some of Booz Allen’s best app developers, malware analysts, and penetration testers created AppCritique. We designed this unique tool to generate the most comprehensive mobile app security reports possible,” says Corey. “Our engine is built for flexibility, so we often add security checks based on evolving platform documentation, emerging appsec research, and industry awareness publications like the Open Web Application Security Project Top 10.”