We are refining an "in-app pen test" service that we may offer in some form in the future (for Android and iOS in general - not Xamarin-specific).
At this point in our service development effort, I am looking for an app built using Xamarin.Android as part of this process. Looking at sample apps won't cut it.
If you think you may have a candidate app and you would benefit from knowing what a skilled hacker can do to that app, please contact me directly [email protected]
Key considerations for you: NO COST TO YOU - and we will, of course, sign a mutual NDA.
Timing is another issue - I would like to settle on our app by EOB May 1. I've reached out to some of our clients and a few other communities as well, but the timing is tight and so I thought i'd give this forum a try as well. The good news is that you'd have results within a week's time._
What would be included with this provisional in-app pen test? Depending on the state of the app...
● Environmental resilience: Root and emulator detection and response.
● Anti-tamper detection and defense: Re-packaging prevention, binary and DEX integrity, and resource integrity.
● Reverse-engineering deterrents: Obfuscated executables (renaming, string encryption, control flow, ...)
● UI security: Screencast prevention, third party keyboards and accessibility services.
● Credentials Management: Encryption, KeyStore and device binding features.
To be clear - this is NOT a sales effort in any shape or form - and i expect that the resulting report will be of significant value to the app owner - even if your app is unbreakable and we have nothing to share - that will have some value too.