Changelog

1.0.1

11.21.2017

Updates:

  • Enhanced analysis of SMS communications - Dynamic analysis now inspects SMS communications initiated by an app and populates reporting with a table of data sent by the app over SMS.

Fixes

  • UI improvements to the PDF-export configuration menu.

  • Inclusion of additional data to more intuitively display a given app’s version history and metadata.

  • A bug that incorrectly listed a sample of free applications as paid, which prevented analysis, has been fixed.

  • Monitoring an app now also includes access to the entire historical record of all NowSecure INTEL analyses and reporting for the monitored app.

  • Analysis progress bar for Android apps now behaves as expected. Analysis progress was not showing correctly for some Android applications when a report was requested, making it look like the progress had stalled.

  • More accurate risk-scoring for arbitrary code execution findings by differentiating between “Probable” vs. “Observed” arbitrary code execution.

1.0

11.01.2017

Updates:

  • More detailed reporting - Our new INTEL reports include more granular and detailed vulnerability findings, comprehensive test listings, a completely new user interface, and new navigation.

  • More flexible report-export options - INTEL users can now customize and export PDF reports whether they want a one-to-two page overview or a detailed 300 page documents with deep technical information.

  • Centralized dashboard view of monitored apps - INTEL users now have a centralized view of all the apps they monitor with a steady stream of alerts and reports for every new app version hits the Apple App Store or Google Play Store.

  • Centralized, dashboard view of all INTEL reports - Similar to the App Monitor Dashboard, INTEL users now have a centralized at-a-glance view of all INTEL reports they’ve run. The dashboard loads automatically and includes up-to-the-minute status updates of all app analyses including static, dynamic, and behavioral tests.

  • Deeper historical and metadata about apps - INTEL users now have access to more robust historical data about an app’s security status, as well as, additional app metadata.

  • Better security and control via role-based access - API customers can now set access permissions for groups and individuals within their teams and accounts.

  • Enhanced examination and validation of Network / Cryptography security in iOS apps - Going beyond traditional file searches or proxying, INTEL now directly hooks specific CFURLConnection and CommonCrypto calls made by iOS apps to provide unprecedented blackbox analysis of how an iOS app secures data in transit and at rest.

  • New check to provide additional information about iOS apps’ use of HTTP - iOS reports now list any endpoints the app communicated with over HTTP during analysis.

  • New man-in-the-middle vulnerability checks for iOS apps that use OkHttp - iOS reports now list an app’s use of OkHttp libraries that are vulnerable to man-in-the-middle attacks via certificate-pinning bypass (vulnerable OkHttp versions include those prior to 2.7.4 and 3.x prior to 3.1.2).

  • Deeper examination of an iOS app’s handling of sensitive data in memory and OSLog - iOS app analyses now includes searching of OSLog locations as part of the Sensitive Data search. This unified logging system stores messages in memory and in a data store, rather than writing to text-based log files.

0.9.0

09.28.2017

Updates:

  • See a list of iOS frameworks embedded in iOS apps - Reports now list iOS frameworks detected within an app and their version numbers to provide deeper insight into the risk profile of an app.

  • View search-term-specific findings - Reports now break-out findings individually for search-terms. For example, if an app transmits sensitive data without encryption, a finding is created for each identified piece of data (e.g., username, password, e-mail, device ID, etc.).

Fixes:

  • Sorting reports by date and app version now functions as expected

0.8.0

08.16.2017

Updates:

  • View more granular information about findings - For example, if an app is found to transmit sensitive data unencrypted, reporting now displays exactly what data is being sent such as username, password, etc.

  • Navigate search results more easily - Results are now paginated

Fixes:

  • Opening a report in a new browser tab or window now functions as expected

  • Improved consistency in reports for iOS apps

  • Reports now render correctly in the Internet Explorer 11 browser

  • App sorting now functions as expected

0.7.1

07.25.2017

Fixes:

  • App version number now displays properly in list of reports

0.7.0

07.24.2017

Updates:

  • Navigation - data tables are now paginated

Fixes:

  • Using the Queue and then Monitor buttons in sequence now functions as expected

0.6.0

07.13.2017

Updates:

  • Receive real-time e-mail notifications on monitored apps - When a new version of an app you’re monitoring is published to the Apple® App Store® or the Google Play™ store, NowSecure Intelligence downloads and assesses the app. As soon as a report is available, you will receive an automated e-mail with a link to the report.

Fixes:

  • Session management improvements now enforce expiration in a more uniform way

  • Screenshots gathered during iOS app analysis now display properly

  • The NowSecure API authorization/JWT token generation process now functions as expected

0.5.4

07.05.2017

Fixes:

  • Breadcrumb navigation now functions properly when additional browser tabs and windows are opened

  • Session management improvements now enforce expiration in a more uniform way

  • Screenshots gathered during iOS app analysis now display properly

  • The NowSecure API authorization/JWT token generation process now functions as expected

  • Queue button for iOS apps now functions properly

  • NowSecure Intelligence added to nowsecure status page https://status.nowsecure.com/

  • Queue UI improvements consolidate apps into a single data table

0.4.0

04.27.2017

Updates:

  • Security Score Now, the most recent version of each app will be measured with the NowSecure Security Score. This score, which ranges from 0 - 100, uses our proprietary algorithm based on CVSS, to rate the security of each mobile app.

  • Category Filtering We added a dropdown menu at the top of every individual app report that allows you to more easily navigate the report findings. You can now quickly filter the findings by Artifact, Permissions, Code, Network, etc.

Fixes:

  • Important app information (Last Seen, App Created, App Updated, and App Install Size) is now accurate.

  • Sensitive Data in Transit (With and Without Encryption) no longer surfaces duplicate findings.

0.3.0

04.05.2017

Updates:

  • iOS Search Users can now search for iOS apps just like they previously could for Android apps.

  • App Pinning Users can now pin individual app version reports so they can more easily return to them later. To pin a report, simply click the pin button within the individual report window. Pinned reports can then be found by clicking the pin icon on the home dashboard.

Fixes:

  • Fixed issue affecting proper logout.