Meet Idroid: Automated Pentesting for Android Apps

Link copied!
André Batista

André Baptista

CTO

Ethiack

May 23, 2024

Ethiack 2.14 was unveiled only a few weeks ago, and we thought it would be a good time to bring more information on our new Artificial Hacker for Android Apps:Idroid.

idroid visualidroid visual

Developed in partnership with Zezadas, this Artificial Hacker is our first when it comes to testing mobile applications. Read on to find out why it matters, the problems it solves, and how to activate it.

The Need for Specialized Mobile Security

Android applications, and mobile apps in general, come with some unique challenges compared to web apps.

To start, mobile devices hold a lot of details about our personal life, including sensitive ones. Therefore, they become more critical assets for both end users and for the organizations that develop them.

On top of this, we have the challenges that arise from mobile app development, and that leads to certain security challenges. For example, mobile devices are feature-rich and thus use complex logic, which can lead to vulnerabilities. They also hold a lot of data in cache, including sensitive user data. But the tools used - both for development and for penetration testing - differ from web apps, which makes testing harder. Code compiling makes it harder to analyze the code, and you need specific tools and skills (such as reversing) to access the code and test it. This added layer of abstraction means that certain vulnerabilities can slip through tests in the pipeline.

These two problems lead to the development of Idroid. It’s built specifically for Android Apps and delivers better performance than conventional SAST methods. All of OWASP Mobile's Top 10 vulnerabilities are covered, as well as other vulnerabilities chosen by the team.

 

Setting up testing for your Android App

Idroid will test your Android apps 24/7. It’ll check for new versions and launch new tests immediately, with any findings being added to your Portal.

To get started, follow these steps:

  • Reach out to our Support team through the Portal to activate Idroid in your account.
  • Once it’s activated, add your Android app to the Assets page. You’ll need your Android package name for this.
  • Once you’ve done it, Idroid will begin testing your App.

And that’s it! Stay tuned for the upgrades we’ll be releasing to Idroid in the near future.

Stay secure!

Don’t wait for the attack.

Secure Your Future with Ethiack

Try Ethiack

If you're still unsure convince yourself with a 30-day free trial. No obligation. Just testing.

signup(datetime.now());

def hello(self): print("We are ethical hackers")

class Ethiack: def continuous_vulnerability_discovery(self: Ethiack): self.scan_attack_surface() self.report_all_findings() def proof_of_exploit_validation(self: Ethiack): self.simulate_attack() self.confirm_exploitability() self.validate_impact()

while time.time() < math.inf: ethiack.map_attack_surface() ethiack.discover_vulnerabilities() ethiack.validate_exploits() ethiack.generate_mitigations() ethiack.calculate_risk() ethiack.notify_users() log.success("✓ Iteration complete")

>>> show_testimonials() They found vulnerabilities no one else did. Fast, real, and actionable results. It's like having a red team on call. >>> check_socials()

signup(datetime.now()) meet(ethiack)

def actionable_mitigation_guidance(ethiack): ethiack.generate_mitigation_steps() ethiack.prioritize_fixes() ethiack.support_teams() def attack_surface_management(ethiack): while time.time() < math.inf: ethiack.map_attack_surface() ethiack.monitor_changes() def quantifiable_risk_reduction(ethiack): ethiack.check_risk_metrics() ethiack.calculate_delta() return ethiack.report_real_risk()

Activate AI penTesting

Start a Free 30-day trial
Made by Büro
Ethiack — Autonomous Ethical Hacking for continuous security Continuous Attack Surface Management & Testing