Changelog

1.4.0

02.01.2018

Updates:

  • GDPR & FISMA Regulatory Mappings - NowSecure INTEL now includes findings for GDPR or FISMA regulation violations.

  • Scores in Monitor Dashboard - The Monitor Dashboard now includes the latest security score next to the app name for at-a-glance use.

  • Scores in Reports Dashboard - The Reports Dashboard now includes the latest security score next to the app name for at-a-glance use. Users no longer need to click into an app to see the score.

  • Rescans in Reports Dashboard - Rescan requests are now available on this dashboard by clicking on the “INCOMPLETE” box and selecting the “retry your request” option. Users no longer need to click into an app to retry their request.

  • Preserve Searches - Users are now able to browse apps but preserve their search lists by clicking the Search icon in the top left nav.

  • Updated Export (PDF) Report controls - The Export (PDF) report dialog screen now provides more intuitive customization controls.

  • Updated Export (PDF) Report Cover page and Footers - Exported PDF reports have a new polished cover page with additional app testing detail detail and every page footer in Exported PDF Reports footer now provides richer detail including app name, app version, mobile platform, date run, etc.

  • Intercom Integration - Users can now interact with NowSecure Support directly from any web screen in NowSecure INTEL.

Fixes

  • An issue with Internet Explorer that caused monitored apps not to show properly has been fixed.

  • Applications with longer than average names would cause an odd layout on the application detail page. This is now handled properly and shows as intended.

  • Apps that are no longer distributed publicly are now flagged in search results.

1.3.0

01.10.2018

Updates:

  • Email Notification Preferences - Settings can now be toggled for enabling/disabling NowSecure INTEL email notifications about new report availability, and allows the specification of which address notifications should be sent to.

Fixes

  • Mobile Apps that are no longer distributed in the Apple App Store or Google Play Store were not identified previously. This has been fixed and these apps are now flagged appropriately as “Not actively distributed”, within the UI.

  • Occasionally, an incomplete status would show for mobile app testing requests that were still in process. This has been fixed and the request status now shows properly as “Analysis in Progress”.

1.2.0

12.12.2017

Updates:

  • Find apps by app store URL - We’ve made search more flexible – now, not only can you search by app name but also by an app’s Apple App Store or Google Play store URL. Simply paste the entire URL into the NowSecure INTEL search box to go directly to the app details page.

  • Visually enhanced search results for quicker identification of the app you seek - Search result entries now include app icons and display the date of the most current NowSecure INTEL report to improve readability and offer relevant information to users without having to click into an app.

  • API improvements including new endpoints - We refactored the API to make it more intuitive and updated endpoints (e.g., app monitoring, report requests, PDF download) to more closely align with web UI. For more details about the new NowSecure INTEL API, visit https://docs.nowsecure.com/intel/api/spec/ .

Fixes

  • When a user requests a report that they don’t yet have access to, the displayed pop-up menu now makes it easier to request a report or choose to monitor the app from the same window. Continued UI enhancements to the main dashboard and menus.

  • A bug resulting in redundant alerts about new report availability for monitored apps has been fixed.

  • Approximately 0.0005% of reports did not include a finding for a particular vulnerability due to a logic error which has been fixed.

1.1.0

11.21.2017

Updates:

  • Enhanced analysis of SMS communications - Dynamic analysis now inspects SMS communications initiated by an app and populates reporting with a table of data sent by the app over SMS.

Fixes

  • UI improvements to the PDF-export configuration menu.

  • Inclusion of additional data to more intuitively display a given app’s version history and metadata.

  • A bug that incorrectly listed a sample of free applications as paid, which prevented analysis, has been fixed.

  • Monitoring an app now also includes access to the entire historical record of all NowSecure INTEL analyses and reporting for the monitored app.

  • Analysis progress bar for Android apps now behaves as expected. Analysis progress was not showing correctly for some Android applications when a report was requested, making it look like the progress had stalled.

  • More accurate risk-scoring for arbitrary code execution findings by differentiating between “Probable” vs. “Observed” arbitrary code execution.

1.0.0

11.01.2017

Updates:

  • More detailed reporting - Our new INTEL reports include more granular and detailed vulnerability findings, comprehensive test listings, a completely new user interface, and new navigation.

  • More flexible report-export options - INTEL users can now customize and export PDF reports whether they want a one-to-two page overview or a detailed 300 page documents with deep technical information.

  • Centralized dashboard view of monitored apps - INTEL users now have a centralized view of all the apps they monitor with a steady stream of alerts and reports for every new app version hits the Apple App Store or Google Play Store.

  • Centralized, dashboard view of all INTEL reports - Similar to the App Monitor Dashboard, INTEL users now have a centralized at-a-glance view of all INTEL reports they’ve run. The dashboard loads automatically and includes up-to-the-minute status updates of all app analyses including static, dynamic, and behavioral tests.

  • Deeper historical and metadata about apps - INTEL users now have access to more robust historical data about an app’s security status, as well as, additional app metadata.

  • Better security and control via role-based access - API customers can now set access permissions for groups and individuals within their teams and accounts.

  • Enhanced examination and validation of Network / Cryptography security in iOS apps - Going beyond traditional file searches or proxying, INTEL now directly hooks specific CFURLConnection and CommonCrypto calls made by iOS apps to provide unprecedented blackbox analysis of how an iOS app secures data in transit and at rest.

  • New check to provide additional information about iOS apps’ use of HTTP - iOS reports now list any endpoints the app communicated with over HTTP during analysis.

  • New man-in-the-middle vulnerability checks for iOS apps that use OkHttp - iOS reports now list an app’s use of OkHttp libraries that are vulnerable to man-in-the-middle attacks via certificate-pinning bypass (vulnerable OkHttp versions include those prior to 2.7.4 and 3.x prior to 3.1.2).

  • Deeper examination of an iOS app’s handling of sensitive data in memory and OSLog - iOS app analyses now includes searching of OSLog locations as part of the Sensitive Data search. This unified logging system stores messages in memory and in a data store, rather than writing to text-based log files.

0.9.0

09.28.2017

Updates:

  • See a list of iOS frameworks embedded in iOS apps - Reports now list iOS frameworks detected within an app and their version numbers to provide deeper insight into the risk profile of an app.

  • View search-term-specific findings - Reports now break-out findings individually for search-terms. For example, if an app transmits sensitive data without encryption, a finding is created for each identified piece of data (e.g., username, password, e-mail, device ID, etc.).

Fixes:

  • Sorting reports by date and app version now functions as expected

0.8.0

08.16.2017

Updates:

  • View more granular information about findings - For example, if an app is found to transmit sensitive data unencrypted, reporting now displays exactly what data is being sent such as username, password, etc.

  • Navigate search results more easily - Results are now paginated

Fixes:

  • Opening a report in a new browser tab or window now functions as expected

  • Improved consistency in reports for iOS apps

  • Reports now render correctly in the Internet Explorer 11 browser

  • App sorting now functions as expected

0.7.1

07.25.2017

Fixes:

  • App version number now displays properly in list of reports

0.7.0

07.24.2017

Updates:

  • Navigation - data tables are now paginated

Fixes:

  • Using the Queue and then Monitor buttons in sequence now functions as expected

0.6.0

07.13.2017

Updates:

  • Receive real-time e-mail notifications on monitored apps - When a new version of an app you’re monitoring is published to the Apple® App Store® or the Google Play™ store, NowSecure Intelligence downloads and assesses the app. As soon as a report is available, you will receive an automated e-mail with a link to the report.

Fixes:

  • Session management improvements now enforce expiration in a more uniform way

  • Screenshots gathered during iOS app analysis now display properly

  • The NowSecure API authorization/JWT token generation process now functions as expected

0.5.4

07.05.2017

Fixes:

  • Breadcrumb navigation now functions properly when additional browser tabs and windows are opened

  • Session management improvements now enforce expiration in a more uniform way

  • Screenshots gathered during iOS app analysis now display properly

  • The NowSecure API authorization/JWT token generation process now functions as expected

  • Queue button for iOS apps now functions properly

  • NowSecure Intelligence added to nowsecure status page https://status.nowsecure.com/

  • Queue UI improvements consolidate apps into a single data table

0.4.0

04.27.2017

Updates:

  • Security Score Now, the most recent version of each app will be measured with the NowSecure Security Score. This score, which ranges from 0 - 100, uses our proprietary algorithm based on CVSS, to rate the security of each mobile app.

  • Category Filtering We added a dropdown menu at the top of every individual app report that allows you to more easily navigate the report findings. You can now quickly filter the findings by Artifact, Permissions, Code, Network, etc.

Fixes:

  • Important app information (Last Seen, App Created, App Updated, and App Install Size) is now accurate.

  • Sensitive Data in Transit (With and Without Encryption) no longer surfaces duplicate findings.

0.3.0

04.05.2017

Updates:

  • iOS Search Users can now search for iOS apps just like they previously could for Android apps.

  • App Pinning Users can now pin individual app version reports so they can more easily return to them later. To pin a report, simply click the pin button within the individual report window. Pinned reports can then be found by clicking the pin icon on the home dashboard.

Fixes:

  • Fixed issue affecting proper logout.