Mobile Application Security Verification Standard Archives - 7ASecurity Blog https://7asecurity.com/blog/ Helping you secure apps and websites Fri, 25 Apr 2025 12:32:33 +0000 en-US hourly 1 https://7asecurity.com/blog/contents/uploads/2019/06/favicon.ico Mobile Application Security Verification Standard Archives - 7ASecurity Blog https://7asecurity.com/blog/ 32 32 7ASecurity Completes Bridgefy Audit https://7asecurity.com/blog/2023/07/bridgefy-audit/ Mon, 31 Jul 2023 11:04:27 +0000 7ASecurity worked with Bridgefy to complete a whitebox pentest of the mobile app, SDK, cloud infrastructure, and privacy to help improve Bridgefy’s overall security posture. What is Bridgefy? Bridgefy, a popular mobile messaging app, allows you to send offline messages by leveraging Bluetooth technology. This app aims to provide secure messaging when infrastructure is not …

The post 7ASecurity Completes Bridgefy Audit appeared first on 7ASecurity Blog.

]]> 7ASecurity Completes ArgoVPN Audit https://7asecurity.com/blog/2023/07/argovpn-audit/ Fri, 28 Jul 2023 09:21:57 +0000 This blog post summarizes a whitebox security review conducted by 7ASecurity against the ArgoVPN platform. What is ArgoVPN? ArgoVPN is a free VPN with an unlimited bandwidth that is developed for Android devices. It allows users to visit blocked websites, online services, social media and messaging apps. The developers designed ArgoVPN to meet the needs …

The post 7ASecurity Completes ArgoVPN Audit appeared first on 7ASecurity Blog.

]]> Hacking Mandated Apps – Part 8: Password Leak via API! [ MSTG-AUTH-1 ] https://7asecurity.com/blog/2019/09/hacking-mandated-apps-part-8-password-leak-via-api-mstg-auth-1/ Wed, 11 Sep 2019 03:14:19 +0000 Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] Part 6: XOR Crypto FAIL [ MSTG-CRYPTO-1 ] Part 7: AES Crypto FAIL [ MSTG-CRYPTO-1 ] The OWASP Mobile Application Security Verification …

The post Hacking Mandated Apps – Part 8: Password Leak via API! [ MSTG-AUTH-1 ] appeared first on 7ASecurity Blog.

]]> Hacking Mandated Apps – Part 7: AES Crypto FAIL [ MSTG-CRYPTO-1 ] https://7asecurity.com/blog/2019/09/hacking-mandated-apps-part-7-aes-crypto-fail-mstg-crypto-1/ Mon, 09 Sep 2019 03:27:21 +0000 Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] Part 6: XOR Crypto FAIL [ MSTG-CRYPTO-1 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog …

The post Hacking Mandated Apps – Part 7: AES Crypto FAIL [ MSTG-CRYPTO-1 ] appeared first on 7ASecurity Blog.

]]> Hacking Mandated Apps – Part 6: XOR Crypto FAIL [ MSTG-CRYPTO-1 ] https://7asecurity.com/blog/2019/09/hacking-mandated-apps-part-6-xor-crypto-fail-mstg-crypto-1/ Fri, 06 Sep 2019 01:40:27 +0000 Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under sectionV3: Cryptography Requirements, as follows: MSTG-CRYPTO-1: …

The post Hacking Mandated Apps – Part 6: XOR Crypto FAIL [ MSTG-CRYPTO-1 ] appeared first on 7ASecurity Blog.

]]> Hacking Mandated Apps – Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] https://7asecurity.com/blog/2019/09/hacking-mandated-apps-part-5-rce-in-webview-mstg-platform-7/ Thu, 05 Sep 2019 00:51:55 +0000 Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V6: Platform Interaction Requirements, as follows: MSTG‑PLATFORM‑7: If native methods of the app …

The post Hacking Mandated Apps – Part 5: RCE in WebView [ MSTG-PLATFORM-7 ] appeared first on 7ASecurity Blog.

]]> Hacking Mandated Apps – Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] https://7asecurity.com/blog/2019/09/hacking-mandated-apps-part-4-how-not-to-implement-ssl/ Wed, 04 Sep 2019 01:14:00 +0000 Part 1: Intro Part 2: Translating APKs Part 3: What is SSL? [ MSTG‑NETWORK‑1 ] The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V5: Network Communication Requirements, as follows: MSTG‑NETWORK‑2: The TLS settings are in line with current best practices, or as close as possible if …

The post Hacking Mandated Apps – Part 4: How NOT to implement SSL [ MSTG‑NETWORK‑2 ] appeared first on 7ASecurity Blog.

]]> Hacking Mandated Apps – Part 3: What is SSL? [ MSTG-NETWORK-1 ] https://7asecurity.com/blog/2019/09/hacking-government-mandated-apps-part-3-what-is-ssl/ Tue, 03 Sep 2019 00:19:16 +0000 Previous blog posts you might have missed and maybe you would like to read first for background: Part 1: Intro Part 2: Translating APKs The OWASP Mobile Application Security Verification Standard classifies the flaw explained in this blog post, under section V5: Network Communication Requirements, as follows: MSTG-NETWORK-1: Data is encrypted on the network using …

The post Hacking Mandated Apps – Part 3: What is SSL? [ MSTG-NETWORK-1 ] appeared first on 7ASecurity Blog.

]]>