NowSecure Auto tests are run on real, rooted devices. The devices are comprised of Google Developer devices (Nexus series) and a mixture of iOS devices (iPad and iPhone). You can upload two types of mobile apps for security analysis:
Android app (.apk) - We install the application as is, no special modification is required to the binary, however, the application must be able to run on Android 6.0.1.
iOS app (.ipa) - We replace the embedded provisioning profile with a wildcard profile and resign the app. Resigning the app currently results in the removal of all entitlements. For this reason, a non-encrypted build is required, and the application needs to be exported as a developer, ad-hoc, or enterprise build.
Note: See API documentation to upload a mobile app from the command line or through a Continuous Integration application.
To upload Android or iOS apps to NowSecure Auto, click on the “+” button in the Dashboard.
Select a group from the Upload to Group modal and click the Confirm button.
From the dialogue box, select the .apk or .ipa file you would like to analyze and click the “Open” button. The app will now upload to NowSecure Auto where you can configure your assessment.
After the app is uploaded, Preflight Check will test every application before installation on the device for File Validity and Encryption. Both of these conditions would previously cause an application to fail our security analysis.
Configure Your Assessment After the app upload and preflight check is completed, you have the option to Configure or Run an assessment. The Configuration Screen allows you to create login credentials and other sensitive information to track during the test.
NowSecure Auto will immediately queue up available security tests for the uploaded mobile app. You can click on the app card to view the tests progress.