In last days we did some testing of codified security service for finding security problems in mobile applications. This tool works in very simple way and can be integrated with your continuous integration server. It can be used for find such flaws like:
We found also some problems like showing as errors things which are for example typical for MvvmCross framework.
private const string SavedFragmentTypesKey = "__mvxSavedFragmentTypes" private const string SavedTabIndexStateKey = "__savedTabIndex"; public const string ViewModelRequestBundleKey = "__mvxViewModelRequest";
which are not security flaws.
After app testing you get a report, which looks like here:
It can be exported to PDF and shared for example with customer.
Finally, we keep fingers crossed for developers of Codified Security for improvements of their solution. Now this solution is usable and we can recommend it to everyone, but we also see a lot of things which can be improved :) We also are convinced to use this tool in Leaware during development of mobile apps.
More information You can find on their website: https://codifiedsecurity.com