Security
For Platform 2.0 Only
App Security Checker
모바일 앱의 정보 유출 위험을 비롯하여 잠재적인 보안 취약점에 대응할 수 있도록 점검합니다.
The contents of this page are currently being translated. Thank you for your understanding.
Exhaustive Diagnosis of Vulnerabilities of Mobile App Service Security
Use the App Security Checker to rapidly scan and respond to potential vulnerabilities to mobile services in advance. After the diagnosis, a relevant report will be provided to help you respond to the detected vulnerabilities.
- A Diagnostic Engine built with the Security Scan Know-how of NAVER
- NAVER has accumulated years of experience and know-how while inspecting the security vulnerabilities of mobile apps. Using the diagnostic engine developed on our operating experience, you can conduct a detailed scan of high-risk vulnerabilities.
- Prompt Response to Security Issues
- The analysis engine of the App Security Checker is promptly updated on newly discovered security issues. You can react quickly to the latest security issues through the App Security Checker.
- Diagnostic Report Provided with a Countermeasure
- After the inspection, a diagnostic report is provided that is easy to understand even for non-security experts. The report includes background knowledge of the detected vulnerability, including the risk and its attack scenario. The report also provides detailed information on the vulnerable location, so it can be corrected effectively to protect against a potential security threat.
Detailed Features
App Security Checker is a product that automatically diagnoses the vulnerabilities of a mobile app. It performs various types of diagnoses on the reasons for disqualifying market store registration, improper use of a framework, and vulnerabilities on personal information leakage. Once the diagnosis is complete, you will receive a report via email and SMS. This report contains countermeasures to discovered vulnerabilities, so you not only are apprised of attack scenarios, but also are provided detailed descriptions of code locations that need to be improved.
Customers Recommended for this Service
- Customers who wish to enhance service reliability by improving mobile app vulnerabilities
- Customers who need additional security verification prior to the release of a new service
- Customers who feel burdened by the costly assessment tools or security consulting
Main Provided Features
| Feature | Description |
|---|---|
| Check Diagnosis Status and Result | The web-based console provides a convenient diagnosis history. You can check the number of detected vulnerabilities and the result report for diagnosed cases or cancel the diagnosis in waiting |
| Notification Setting | Upon completion of the diagnosis, a notification on the completion will be sent via the preferred method (email or SMS). (Pre-setting necessary) |
| Diagnostic Report | The diagnostic results are summarized and provided as a report. The report provides detailed information about discovered vulnerabilities and countermeasures to those vulnerabilities. |
Diagnosis Category
| Implementation of an unsafe component | Description | Scans for security issues that may occur due to improper implementation of a component provided by Android. |
|---|---|---|
| Risk | Functions can be misused by calling a component that controls sensitive information from other applications without the consent of the user and may be subject to an intent spoofing attack or a phishing attack that disguises malicious components as legitimate components. | |
| Risk of sensitive information leakage | Description | Scans for use of sensitive information that needs to be indicated on the terms and conditions or the possible leakage of sensitive information that can become the target of malicious applications. |
| Risk | If you collect sensitive information without user consent, you may experience financial loss due to a legal dispute or fine. Also, there is a risk of leaking sensitive information through malicious applications. | |
| Setting unsafe Build | Description | Scans for unsafe versions of SDK and the Build settings on the application that can be exploited. |
| Risk | You can be attacked by using an SDK version with known vulnerabilities. Also, the application logic can be analyzed and altered via unsafe Build settings. | |
| Implementation of an unsafe SSL | Description | Scans for an unsafe implementation of SSL that may disqualify your application for the app market or lead to information leakage. |
| Risk | Registration to the app market may be rejected. There is also a high risk of a man-in-the-middle attack, where the attacker intercepts two parties to hijack information or transmit altered data. | |
| Use of unsafe encryption | Description | Scans for unsafe encryption that is advised not to be used. |
| Risk | There is risk of leaking plain text or transmitting altered cryptograms via a dictionary attack or replay attack. | |
| Back reference on null point | Description | Scans for the codes with inadequate NULL values on variables. |
| Risk | Codes with a NullPointerException have a risk of being the target of malicious application attacks. |
Report Categories
| Category | Description |
|---|---|
| Basic Information | Provides basic information on the user who requested a scan and basic information on the application and the start & end time of the scan. |
| Summary | Provides summary information on detected security issues by each risk level and security issue type. |
| Detailed Information | Provides detailed information on the detected security issues. Provides information on the attack scenario, specific location of code for correction, and the method of correction. |
| Correction Method | Provides detailed description on the correction method and the background information to help the understanding of the users without professional security knowledge. |
Report Sample
Pricing Information
Flexible price plan depending on the usage amount.
App Security Checker fees are charged depending on the number of diagnoses.
| 과금 기준 (건) | 이용 요금 (원) |
|---|---|
| 진단 횟수 당 | 200,000 KRW |
* 최초 진단 후 60일 내 동일한 대상을 다시 진단하는 경우, 추가 2회까지는 별도의 비용이 발생되지 않습니다.
- 동일한 대상이라 함은 최초 진단한 모바일 앱과 패키지 명이 동일한 앱을 의미합니다.
- 재진단 가능 기간이나 횟수를 초과한 경우, 신규 진단 기준으로 요금이 발생됩니다.
* 아래의 경우는 과금되지 않으며 취약점 진단 리포트도 제공되지 않습니다.
- A usage fee is not charged if diagnosis fails due to a system problem of the App Security Checker.
- No cost will be charged if the customer cancels while diagnostics is on standby.
- 진단 중 고객 요청으로 고객지원에서 진단을 중지한 경우 과금되지 않습니다.
이 외에는 정상적으로 과금이 되니, 진단 전에 확인이 필요한 사항들에 대해서 체크해주시기 바랍니다.
Was this page helpful?