MobileBackend is a automated pipeline designed to detect dependencies on vulnerable cloud backends within your APK. Using a combination of static and dynamic analysis tools, we determine what libraries an APK uses and how it interfaces with cloud backends that are open to exploitation. This work is based on the results of this paper from the 28th USENIX Security Symposium.
If you want access to our SkyWalker pipeline, please fill out this form here, and let us know a little more about what you'd like from our platofrm.
If you are an affected party, please make every effort to contact us as soon as possible. We will provide you with a detailed report about the specific vulnerabilities that affect your mobile app and its backend. We encourage you to fix the reported vulnerability as quickly as possible. We are planning to publically disclose our vulnerability findings in August of 2019. Unpatched backends and mobile apps run the risk of being exploited. Mobilebackend.vet will not be responsible for any attacks resulting from developer neglect to fix disclosed vulnerabilities.
MobileBackend is a project that aims to improve the security of Android mobile apps. Mobile apps use cloud services and remote servers, also known as mobile backends, to enrich user’s experience by providing customized content. MobileBackend scans your app, identifies the backends your app uses, and checks them for bugs. These bugs can be used by attackers to compromise your mobile backend, which can result in leaking your user’s data, deleting your app’s content, or injecting malicious code.
We only perform scans on apps for developers and owners of the mobile app. To get started, contact us at email@example.com requesting your app to be scanned. We will verify your ownership of the app and perform an in-depth scan to provide you with any bugs we find.
We do not scan your app by default unless explicitly requested by the developer or owner of the app. If you are being redirected here from a disclosure email that you did not request and want to opt-out, please email us at firstname.lastname@example.org requesting to be removed. Make sure to include your mobile app name, mobile package name, and mobile version name. Additionally, you may be assigned a case number that you should include in your email for us to respond faster.
If you have additional questions, comments, concerns, please feel free to reach out to us at email@example.com. We will response within 48 hours to your request.
If you have any questions for us about SkyWalker or anything else, feel free to reach out to us here: