TunesKit Music Converter for Spotify Review – A No-Fuss Solution to Listening to Spotify Offline!
Last updated October 12, 2019
ImmuniWeb Mobile App Scanner Review – The Ultimate Solution for Finding App Vulnerabilities!
Last updated May 21, 2024
Being the most popular mobile platforms worldwide, Android and iOS still have their own security-related battles to fight. Being a hugely open platform, Android is prone to malware that can easily find its way to millions of devices via the Google Play Store. In 2017 alone, more than 5 million apps were found to contain malicious packages, according to Kaspersky Lab. This situation is a bit better with iOS, which is known for its rigorous approval process before apps get served on the App Store. Still, as Symantec finds, the rate of iOS malware appearing in the App Store has tripled in 2017. This is why you’ll be happy to know that there’s a service that tests Android and iOS apps for 13 different vulnerabilities and weaknesses. Welcome to our ImmuniWeb Mobile App Scanner review.
Before we start digging deeper into this online service, here are some basic information that you need to know.
Next, take a look at the following table that describes the biggest advantages of this service, as well as our final verdict. This might come in handy if you compare ImmuniWeb Mobile App Scanner with other similar services on the market.
Finally, let’s dive into the specifics of this interesting Web-based service. Keep on reading our full review.
ImmuniWeb Mobile App Scanner – The Specifics
We will be taking a look at this service starting at its Web interface, and then we’ll dive deeper by explaining what ImmuniWeb Mobile App Scanner can do and how to use it. So, let’s get started.
Platform Compatibility
Since this is a Web-based service, you can use it on pretty much all platforms. Being platform-agnostic, it reaches the highest level of platform/device compatibility. Our Score: 10/10.
To use ImmuniWeb Mobile App Scanner, all you need is a Web browser. This means that you can use it on any Web-connected device. There are two methods of submitting an app for testing. You can upload your mobile app or scan an existing app from the Google Play Store. Since iOS users need to upload their apps, this can be technically done on any device. However, MacOS seems to be the preferred platform if you want to test your app in the easiest way possible.
User Interface
This is a highly technical solution that digs deep into the code of your app. Still, the service is incredibly easy to use, even for non-developers. Our Score: 10/10.
After opening ImmuniWeb Mobile App Scanner in your browser, you’ll be greeted by a fairly simple interface. At the top of the page, you can find five tabs, with the ‘Main’ tab already open. By browsing through the available tabs, you can learn what this service can do, how to use it, check the pricing structure, and provide your feedback as well.
As you can imagine, the ‘Main’ tab is where all the action happens. At the top, you can submit your application. There’s an option that lets you hide your app from showing up among results on this page, and you can also opt for or out of malware scanning. For this purpose, ImmuniWeb Mobile App Scanner is relying on VirusTotal to scan apps for any malware-related abnormalities.
The rest of the ‘Main’ tab page gives helpful statistics and overviews of the previously tested apps. You can sort this list by checking out the highest or lowest scores first. Then, there’s a section that showcases apps with malware discovered. Finally, you can see two pie charts explaining the weakest aspects of all the scanned apps as well as a breakdown of encryption stats.
Features & Capabilities
Without any doubt, ImmuniWeb Mobile App Scanner is perhaps the most powerful online service for testing apps for vulnerabilities. Our Score: 10/10.
The most prominent feature of this service is the OWASP Mobile Top 10 testing. This includes ten groups of possible vulnerabilities: improper platform usage, insecure data storage, insecure communication, insecure authentication, insufficient cryptography, insecure authorization, client code quality, code tampering, reverse engineering, and extraneous functionality. As you can see, this is a very comprehensive test that digs deep into an application’s code.
To be able to submit your application, you need to make sure that your Android or iOS app is properly packaged. Here’s what you need to know about testing apps, based on a platform they come from.
- Android Applications: ImmuniWeb Mobile App Scanner works with native and hybrid (Cordova, PhoneGap, React, Xamarin) Android applications. You can either submit your application as a standalone APK file, or you can select an app that’s already on the Google Play store.
- iOS Applications: The service works with native and hybrid iOS apps. You will need to upload the IPA file properly compiled as a Simulator App in Xcode. Therefore, you need to have developer privileges to test iOS apps. ImmuniWeb Mobile App Scanner can’t scan iOS app found on the iOS App Store, so the only way is to upload IPA files.
Scanning & Analysis
The service digs pretty deep into submitted apps. The results pinpoint problematic areas exactly, which is a huge benefit. Our Score: 9.5/10.
To show you exactly how the ImmuniWeb Mobile App Scanner works, we’ll do a sample test. We are going to test WhatsApp for Android, which is one of the most popular apps on this platform. Here’s how the entire procedure went:
- We are going to test the latest version of WhatsApp Messenger, already found on the Google Play Store. Therefore, we will input ‘WhatsApp’ in the search field at the top of the page;
- After a few seconds, a detailed selection of results will appear. This is because ImmuniWeb has a comprehensive selection of tools that run in the background. Since WhatsApp is a popular app, it’s being often tested. In general, your APK or IPA files will need around 10 minutes to be fully scanned and tested.
- At the top of the page, we can see some basic information like the application’s name, version, ID, as well as when the test started and ended. There’s also a nice overview telling us that there are 2 highly dangerous vulnerabilities discovered. In total, WhatsApp has 23 problematic areas, 7 of which are low risk and 5 are medium risk.
- There are three tabs of results that you can review: Mobile Application Behavior, Mobile Application Audit, and Mobile Application Communications. The first one lists the application’s access to different parts of Android. For example, we can see that WhatsApp has the ability to access your microphone and record audio, contacts, storage, messaging, phone, camera, and location.
- Now, the most important part of this test is the second tab: Mobile Application Audit. In terms of WhatsApp, what’s problematic is that this app can access external storage, which can also be accessed by potentially dangerous apps. This brings a risk of data corruption and tampering. Also, the app contains potentially sensitive hardcoded data that can easily be extracted.
- The final tab provides a list of incoming and outgoing data sources and their safety. For WhatsApp, ImmuniWeb Mobile App Scanner revealed that a number of malicious websites have been found.
To get a complete image of your application’s safety, you also need to make sure that its backend doesn’t have any issues. However, this kind of testing isn’t available here. You need to sign up for ImmuniWeb Mobile (premium-priced) for this kind of testing.
Customer Support
If you wish to upgrade your experience or ask a question, you can rely on calling the company or sending an email. Our Score: 9/10.
ImmuniWeb is a suite of digital products made by a company named High-Tech Bridge, based in Geneva, Switzerland. Founded in 2007, the company is known for its breakthrough in AST technology. Today, High-Tech Bridge offers their cybersecurity services to Swiss financial institutions and international organizations. What this means is that they’ve developed a comprehensive support system that comes into play after you buy a product.
In case you have any questions prior to buying a product, you need to rely on the company’s email. There’s no live-chat or other kinds of support, which is understandable since this is an enterprise solution. Still, making sure that even small businesses can work with a reliable support system wouldn’t hurt.
Pricing
You can use the ImmuniWeb Mobile App Scanner free of charge. For a more comprehensive and continuous testing, the company offers a premium-priced option. Our Score: 9/10.
We are happy to say that the Mobile App Scanner can be used free of charge for individual and on-demand testing. However, there are two types of APIs that developers can use if they want continuous testing.
- Free API allows 20 requests in 3 minutes, and 50 requests in total per 24 hours per on IP address. Even though the testing will continue even after the limitation is exceeded, the results won’t be available unless you upgrade to a paid subscription.
- Unlimited API, as its name says, brings unlimited experience. Prices start at $200.00 per month and you need to contact the company for additional information.
The Verdict
All in all, ImmuniWeb Mobile App Scanner is the best service of its kind. It provides a highly reliable testing method that dives deep into numerous groups of vulnerabilities and malware.
- PROS: Very easy to use; API implementation for developers; In-depth scan; 13 areas of vulnerabilities supported; Malware scanning.
- CONS: None really (for the free version).
- OUR SCORE: 9.6/10
Final Thoughts
Dear readers, this is where we end our article about ImmuniWeb Mobile App Scanner. If you have anything to add, make sure to leave a comment down below.
Before you go, we’d like to ask you to share this article online. Also, you can follow us on Facebook and Twitter. Thanks!
| Review Summary ImmuniWeb Mobile App Scanner is the best way to thoroughly test Android and iOS apps. As such, it's well above its competitors (if you manage to find any). | 9.6 Overall Score | ||
| Platform Compatibility | 10 | ||
| User Interface | 10 | ||
| Features & Capabilities | 10 | ||
| Scanning & Analysis | 9.5 | ||
| Customer Support | 9 | ||
| Pricing | 9 | ||