[Editor's Note: Josh Wright provides some really useful insight in how penetration testers and vulnerability assessors can use tools traditionally associated with digital forensics to look for information leakage flaws from mobile applications. The techniques he describes below are powerful yet pretty easy to implement -- That's awesome. Check out the interesting issue Josh discovered in Dropbox using the technique! --Ed.]
By Joshua Wright
As a penetration tester and author of SANS Mobile Device Security and Ethical Hacking (SEC575) course, I get this kind of question a lot:
"My organization is looking at deploying the XYZ app company-wide. Is the app secure? Any significant flaws I should know about?"
With the Apple and Google Play stores each adding nearly 1,000 new apps per day, it's hard to keep up. Analyzing the security of mobile device...