App Security Checker
모바일 앱의 정보 유출 위험을 비롯하여 잠재적인 보안 취약점에 대응할 수 있도록 점검합니다.
Exhaustive Diagnosis of Vulnerabilities of Mobile App Service Security
Use the App Security Checker to rapidly scan and respond to potential vulnerabilities to mobile services in advance. After the diagnosis, a relevant report will be provided to help you respond to the detected vulnerabilities.
- A Diagnostic Engine built with the Security Scan Know-how of NAVER
- NAVER has accumulated years of experience and know-how while inspecting the security vulnerabilities of mobile apps. Using the diagnostic engine developed on our operating experience, you can conduct a detailed scan of high-risk vulnerabilities.
- Prompt Response to Security Issues
- The analysis engine of the App Security Checker is promptly updated on newly discovered security issues. You can react quickly to the latest security issues through the App Security Checker.
- Diagnostic Report Provided with a Countermeasure
- After the inspection, a diagnostic report is provided that is easy to understand even for non-security experts. The report includes background knowledge of the detected vulnerability, including the risk and its attack scenario. The report also provides detailed information on the vulnerable location, so it can be corrected effectively to protect against a potential security threat.
App Security Checker is a product that automatically diagnoses the vulnerabilities of a mobile app. It performs various types of diagnoses on the reasons for disqualifying market store registration, improper use of a framework, and vulnerabilities on personal information leakage. Once the diagnosis is complete, you will receive a report via email and SMS. This report contains countermeasures to discovered vulnerabilities, so you not only are apprised of attack scenarios, but also are provided detailed descriptions of code locations that need to be improved.
Customers Recommended for this Service
- Customers who wish to enhance service reliability by improving mobile app vulnerabilities
- Customers who need additional security verification prior to the release of a new service
- Customers who feel burdened by the costly assessment tools or security consulting
Main Provided Features
|Check Diagnosis Status and Result||The web-based console provides a convenient diagnosis history. You can check the number of detected vulnerabilities and the result report for diagnosed cases or cancel the diagnosis in waiting|
|Notification Setting||Upon completion of the diagnosis, a notification on the completion will be sent via the preferred method (email or SMS). (Pre-setting necessary)|
|Diagnostic Report||The diagnostic results are summarized and provided as a report. The report provides detailed information about discovered vulnerabilities and countermeasures to those vulnerabilities.|
|Implementation of an unsafe component||Description||Scans for security issues that may occur due to improper implementation of a component provided by Android.|
|Risk||Functions can be misused by calling a component that controls sensitive information from other applications without the consent of the user and may be subject to an intent spoofing attack or a phishing attack that disguises malicious components as legitimate components.|
|Risk of sensitive information leakage||Description||Scans for use of sensitive information that needs to be indicated on the terms and conditions or the possible leakage of sensitive information that can become the target of malicious applications.|
|Risk||If you collect sensitive information without user consent, you may experience financial loss due to a legal dispute or fine. Also, there is a risk of leaking sensitive information through malicious applications.|
|Setting unsafe Build||Description||Scans for unsafe versions of SDK and the Build settings on the application that can be exploited.|
|Risk||You can be attacked by using an SDK version with known vulnerabilities. Also, the application logic can be analyzed and altered via unsafe Build settings.|
|Implementation of an unsafe SSL||Description||Scans for an unsafe implementation of SSL that may disqualify your application for the app market or lead to information leakage.|
|Risk||Registration to the app market may be rejected. There is also a high risk of a man-in-the-middle attack, where the attacker intercepts two parties to hijack information or transmit altered data.|
|Use of unsafe encryption||Description||Scans for unsafe encryption that is advised not to be used.|
|Risk||There is risk of leaking plain text or transmitting altered cryptograms via a dictionary attack or replay attack.|
|Back reference on null point||Description||Scans for the codes with inadequate NULL values on variables.|
|Risk||Codes with a NullPointerException have a risk of being the target of malicious application attacks.|
|Basic Information||Provides basic information on the user who requested a scan and basic information on the application and the start & end time of the scan.|
|Summary||Provides summary information on detected security issues by each risk level and security issue type.|
|Detailed Information||Provides detailed information on the detected security issues. Provides information on the attack scenario, specific location of code for correction, and the method of correction.|
|Correction Method||Provides detailed description on the correction method and the background information to help the understanding of the users without professional security knowledge.|
Flexible price plan depending on the usage amount.
App Security Checker fees are charged depending on the number of diagnoses.
|Billing standard (case)||Usage Fee per Diagnosis(KRW)|
|Per diagnosis||KRW 200,000|
* In case of re-diagnosis of the same subject within 60 days of the first diagnosis, no additional charges will be billed up to two additional times.
- The same target means an app of which the name of first-diagnosed mobile app and the package name are the same.
- If you exceed the period or number of times you can re-diagnose, you will be charged for new diagnoses.
* In the cases below, you will not be charged and no vulnerability diagnosis report is provided.
- A usage fee is not charged if diagnosis fails due to a system problem of the App Security Checker.
- No cost will be charged if the customer cancels while diagnostics is on standby.
- If diagnosis stopped at Customer Support Center due to customer's request during the diagnosis, you will not be charged.
Except the cases mentioned above, your will be charged as usual. Please check the items you need to check before diagnosis.