• Global App Support - NowSecure INTEL will now surface if the same mobile app binary in the U.S. Google Play or Apple App Store is also published to additional global stores, helping customers better understand the global footprint of an app.

  • Updated Search Results - Search enhancement populates results to one page with infinite scroll v/s multiple pages.

  • Sorting and Filtering - Monitor and Report homepage updates including added sorting and filtering capabilities and faster page load time.


  • Android icon report display fix deployed.

  • Search field text is no longer refreshed while results load.




  • iOS Zip Files in Transit - For added protection of iOS, in light of the ZipperDown vulnerability, a check for zip files sent in transit has been added. A check for zip files in transit already existed for Android.

  • Writable Executable Findings Details - Specifies if writable executable findings are found in private or shared storage, and allows risk assignment based on storage location.

  • Networking Issue Title Name Changes - A number of network issue titles were updated to help more easily identify the underlying vulnerability. These changes are as follows:

    • Broken SSL => Certificate Validation / Hostname Verification
    • Sensitive Data in Transit (with encryption) => Man-in-the-Middle Attack
    • TLS traffic with sensitive data => Certificate Pinning Bypass
  • Sensitive Data in the iOS Keychain - Checks have been added for configured search terms within the iOS keychain including username, password, and any other remaining terms such as Device ID, GPS coordinates, etc.

  • Google’s Core App Quality Regulatory Guidance - A new compliance body has been added to the Regulatory section that reflects Google’s Core App Quality guidelines.

  • Remote Code Execution (Probable) - A new check looks for combination of an Android application sending zip files in transit with writable executable files.





  • Application detail page was updated to promote optimal ordering of assessments.

  • An enhancement to the AFNetworking check surfaces new fields displaying whether use of the vulnerable AFNetworking instance occurred during runtime, and in which module the vulnerability was found.




  • New Analysis Error Codes - NowSecure INTEL now includes error codes for mobile apps that return an incomplete status. This enables NowSecure Support to better assist users with diagnosing and resolving analyses that were unable to complete.


  • Generating PDF reports with a large amount of context data could cause a timeout. In those cases, the context is no longer rendered into PDF reports, and is replaced with a link to view the context within the NowSecure INTEL user interface.

  • A mobile app assessment that had completed only Static or Dynamic analysis – but not both – within a certain time threshold was not able to be re-requested. This issue has been resolved and users are now able to re-request.

  • All ‘Contact us’ links have been updated to open a chat window instead of defaulting to a ‘mailto’ link. This enables streamlined access to NowSecure Support for any questions or issues.




  • GDPR & FISMA Regulatory Mappings - NowSecure INTEL now includes findings for GDPR or FISMA regulation violations.

  • Scores in Monitor Dashboard - The Monitor Dashboard now includes the latest security score next to the app name for at-a-glance use.

  • Scores in Reports Dashboard - The Reports Dashboard now includes the latest security score next to the app name for at-a-glance use. Users no longer need to click into an app to see the score.

  • Rescans in Reports Dashboard - Rescan requests are now available on this dashboard by clicking on the “INCOMPLETE” box and selecting the “retry your request” option. Users no longer need to click into an app to retry their request.

  • Preserve Searches - Users are now able to browse apps but preserve their search lists by clicking the Search icon in the top left nav.

  • Updated Export (PDF) Report controls - The Export (PDF) report dialog screen now provides more intuitive customization controls.

  • Updated Export (PDF) Report Cover page and Footers - Exported PDF reports have a new polished cover page with additional app testing detail detail and every page footer in Exported PDF Reports footer now provides richer detail including app name, app version, mobile platform, date run, etc.

  • Intercom Integration - Users can now interact with NowSecure Support directly from any web screen in NowSecure INTEL.


  • An issue with Internet Explorer that caused monitored apps not to show properly has been fixed.

  • Applications with longer than average names would cause an odd layout on the application detail page. This is now handled properly and shows as intended.

  • Apps that are no longer distributed publicly are now flagged in search results.




  • Email Notification Preferences - Settings can now be toggled for enabling/disabling NowSecure INTEL email notifications about new report availability, and allows the specification of which address notifications should be sent to.


  • Mobile Apps that are no longer distributed in the Apple App Store or Google Play Store were not identified previously. This has been fixed and these apps are now flagged appropriately as “Not actively distributed”, within the UI.

  • Occasionally, an incomplete status would show for mobile app testing requests that were still in process. This has been fixed and the request status now shows properly as “Analysis in Progress”.




  • Find apps by app store URL - We’ve made search more flexible – now, not only can you search by app name but also by an app’s Apple App Store or Google Play store URL. Simply paste the entire URL into the NowSecure INTEL search box to go directly to the app details page.

  • Visually enhanced search results for quicker identification of the app you seek - Search result entries now include app icons and display the date of the most current NowSecure INTEL report to improve readability and offer relevant information to users without having to click into an app.

  • API improvements including new endpoints - We refactored the API to make it more intuitive and updated endpoints (e.g., app monitoring, report requests, PDF download) to more closely align with web UI. For more details about the new NowSecure INTEL API, visit .


  • When a user requests a report that they don’t yet have access to, the displayed pop-up menu now makes it easier to request a report or choose to monitor the app from the same window. Continued UI enhancements to the main dashboard and menus.

  • A bug resulting in redundant alerts about new report availability for monitored apps has been fixed.

  • Approximately 0.0005% of reports did not include a finding for a particular vulnerability due to a logic error which has been fixed.




  • Enhanced analysis of SMS communications - Dynamic analysis now inspects SMS communications initiated by an app and populates reporting with a table of data sent by the app over SMS.


  • UI improvements to the PDF-export configuration menu.

  • Inclusion of additional data to more intuitively display a given app’s version history and metadata.

  • A bug that incorrectly listed a sample of free applications as paid, which prevented analysis, has been fixed.

  • Monitoring an app now also includes access to the entire historical record of all NowSecure INTEL analyses and reporting for the monitored app.

  • Analysis progress bar for Android apps now behaves as expected. Analysis progress was not showing correctly for some Android applications when a report was requested, making it look like the progress had stalled.

  • More accurate risk-scoring for arbitrary code execution findings by differentiating between “Probable” vs. “Observed” arbitrary code execution.




  • More detailed reporting - Our new INTEL reports include more granular and detailed vulnerability findings, comprehensive test listings, a completely new user interface, and new navigation.

  • More flexible report-export options - INTEL users can now customize and export PDF reports whether they want a one-to-two page overview or a detailed 300 page documents with deep technical information.

  • Centralized dashboard view of monitored apps - INTEL users now have a centralized view of all the apps they monitor with a steady stream of alerts and reports for every new app version hits the Apple App Store or Google Play Store.

  • Centralized, dashboard view of all INTEL reports - Similar to the App Monitor Dashboard, INTEL users now have a centralized at-a-glance view of all INTEL reports they’ve run. The dashboard loads automatically and includes up-to-the-minute status updates of all app analyses including static, dynamic, and behavioral tests.

  • Deeper historical and metadata about apps - INTEL users now have access to more robust historical data about an app’s security status, as well as, additional app metadata.

  • Better security and control via role-based access - API customers can now set access permissions for groups and individuals within their teams and accounts.

  • Enhanced examination and validation of Network / Cryptography security in iOS apps - Going beyond traditional file searches or proxying, INTEL now directly hooks specific CFURLConnection and CommonCrypto calls made by iOS apps to provide unprecedented blackbox analysis of how an iOS app secures data in transit and at rest.

  • New check to provide additional information about iOS apps’ use of HTTP - iOS reports now list any endpoints the app communicated with over HTTP during analysis.

  • New man-in-the-middle vulnerability checks for iOS apps that use OkHttp - iOS reports now list an app’s use of OkHttp libraries that are vulnerable to man-in-the-middle attacks via certificate-pinning bypass (vulnerable OkHttp versions include those prior to 2.7.4 and 3.x prior to 3.1.2).

  • Deeper examination of an iOS app’s handling of sensitive data in memory and OSLog - iOS app analyses now includes searching of OSLog locations as part of the Sensitive Data search. This unified logging system stores messages in memory and in a data store, rather than writing to text-based log files.




  • See a list of iOS frameworks embedded in iOS apps - Reports now list iOS frameworks detected within an app and their version numbers to provide deeper insight into the risk profile of an app.

  • View search-term-specific findings - Reports now break-out findings individually for search-terms. For example, if an app transmits sensitive data without encryption, a finding is created for each identified piece of data (e.g., username, password, e-mail, device ID, etc.).


  • Sorting reports by date and app version now functions as expected




  • View more granular information about findings - For example, if an app is found to transmit sensitive data unencrypted, reporting now displays exactly what data is being sent such as username, password, etc.

  • Navigate search results more easily - Results are now paginated


  • Opening a report in a new browser tab or window now functions as expected

  • Improved consistency in reports for iOS apps

  • Reports now render correctly in the Internet Explorer 11 browser

  • App sorting now functions as expected




  • App version number now displays properly in list of reports




  • Navigation - data tables are now paginated


  • Using the Queue and then Monitor buttons in sequence now functions as expected




  • Receive real-time e-mail notifications on monitored apps - When a new version of an app you’re monitoring is published to the Apple® App Store® or the Google Play™ store, NowSecure Intelligence downloads and assesses the app. As soon as a report is available, you will receive an automated e-mail with a link to the report.


  • Session management improvements now enforce expiration in a more uniform way

  • Screenshots gathered during iOS app analysis now display properly

  • The NowSecure API authorization/JWT token generation process now functions as expected




  • Breadcrumb navigation now functions properly when additional browser tabs and windows are opened

  • Session management improvements now enforce expiration in a more uniform way

  • Screenshots gathered during iOS app analysis now display properly

  • The NowSecure API authorization/JWT token generation process now functions as expected

  • Queue button for iOS apps now functions properly

  • NowSecure Intelligence added to nowsecure status page

  • Queue UI improvements consolidate apps into a single data table




  • Security Score Now, the most recent version of each app will be measured with the NowSecure Security Score. This score, which ranges from 0 - 100, uses our proprietary algorithm based on CVSS, to rate the security of each mobile app.

  • Category Filtering We added a dropdown menu at the top of every individual app report that allows you to more easily navigate the report findings. You can now quickly filter the findings by Artifact, Permissions, Code, Network, etc.


  • Important app information (Last Seen, App Created, App Updated, and App Install Size) is now accurate.

  • Sensitive Data in Transit (With and Without Encryption) no longer surfaces duplicate findings.




  • iOS Search Users can now search for iOS apps just like they previously could for Android apps.

  • App Pinning Users can now pin individual app version reports so they can more easily return to them later. To pin a report, simply click the pin button within the individual report window. Pinned reports can then be found by clicking the pin icon on the home dashboard.


  • Fixed issue affecting proper logout.