1. Client-side risks
- Insecure local storage of sensitive data.
- Weak certificate pinning and transport security.
- Missing root/jailbreak detection and tamper protection.
2. Server-side risks
Most impactful issues are in the APIs behind the app — authorisation, authentication and business logic. Test them as rigorously as the app.
3. Standards
We align to the OWASP MASVS and MASTG for verification and testing coverage.
How CyberSigma helps
We test your Android/iOS apps and their APIs against OWASP MASVS — the full mobile attack surface, not just the app binary.
This guide is educational and not legal advice. Requirements evolve — validate specifics against the current standard or regulation for your situation.
