mobile-security-review

Audit mobile apps against OWASP Mobile Top 10 (M1-M10): credential hardcoding, supply chain dependencies, insecure auth/token storage (Keychain/Keystore), input validation (deep links, WebView XSS), certificate pinning (OkHttp, TrustKit, Alamofire), privacy (PII in logs, clipboard, screenshots), binary protections (ProGuard/R8, obfuscation, anti-tampering), security misconfiguration (backup, exported components, permissions), data-at-rest encryption (SQLCipher, EncryptedSharedPreferences), root/jailbreak detection, and biometric authentication. Supports Flutter, React Native, native iOS, and native Android. Use when auditing mobile app security posture before release or pentest.