Android App Pen Test

@Microlent

I’ve reviewed your request carefully, and this is exactly the kind of focused, practical mobile security assessment I specialise in, not a checkbox audit, but a real attempt to observe, intercept, and break the app under realistic conditions. Your scope is clear: network traffic over Wi-Fi and authentication flows, evaluated against OWASP MASVS-AUTH and real-world attack vectors. That’s how I would approach it. How I’d conduct the assessment 1. Network Traffic and Transport Security • Intercept and analyse all app traffic over Wi-Fi • Validate TLS configuration, cipher suites, and certificate trust • Test certificate pinning static and dynamic and attempt bypass where applicable • Inspect token handling in transit headers, storage, rotation • Attempt MITM, replay, and session hijacking scenarios • Identify any insecure fallback, debug endpoints, or misconfigurations 2. Authentication and Session Handling • Review username and password login flows for: – brute-force protections – rate limiting – error leakage • Validate secure storage of credentials and tokens • Map findings directly to OWASP MASVS-AUTH controls Tooling and setup I typically use a combination of: • Burp Suite Pro primary interception and analysis • mitmproxy for traffic inspection and automation • Frida where runtime inspection or pinning validation is required Happy to proceed once access details are ready. Best regards, Jenifer

@ominfowave

Dear Client, We have expert team available in ANDROID App Development/iOS App Development/ Flutter/Flutter Flow/Kotlin having more than 10 years of experience in this technology. They can easily complete your work with good quality and estimated time. Here is our expertise/specialties : ------------------------------------ All types of social media integration Like Facebook, Google Plus, Twitter. All types of Google API integration Like FCM, Map, Place, Youtube, and Analytics. Storage management with Offline, Online and cloud databases like SQlite, MySql and RealTime database. Online Payment integration with Stripe, Paypal, Braintree etc. Integrate different types of ads network with monetized ads like Appodeal, AdMob,MobVista. InAppPurchase Location Tracking Chatting Application Social media Application Shopping Portal Job Portal Carpooling/Taxi App VPN App Travel App Live Streaming App AI Integration and Machine Learning App Quality work and customer satisfaction through service excellence is our motto. We want to work with you and build a healthy long-term business relationship. Warm Regards, Vishal Nasit Ominfowave Software Services Pvt. Ltd.

@bhbhatia

Greetings of the day! I have gone through the shared description and it seems like you are looking for some pen-tester who can perform an assessment of the defined scope. I have been working with Big4 in the domain of Information Security. I hold an experience of 10+ year in the domain of Vulnerability Assessment & Penetration Testing. Below mentioned is a small description of my experience. I have delivered multiple engagements on areas such as Application Security Assessment, Network Architecture reviews, Vulnerability Assessment, Penetration Tests, Configuration Reviews, Mobile Application Security, Information Security Audits, GE Vendor Assessments, Cloud Security, Maturity Assessment, Phishing & Vishing Simulation, and Source Code Review. I have rendered these services to many global multinational organizations on both small one-time engagements as well as large-scale delivery projects. I have worked with clients across a range of industries, including Information Technology Services, Banking, Financial services(NHB & NBFC), E-commerce, KPO, Automotive, and BPO. I have all professional licensed tools to perform this engagement. List of the licensed tool is mentioned below BurpSuite Acunetix Nessus HPE Webinspect Fortify Kindly message me for sample report. Hope to hear back from you :-)

@hareshfinadiya

Hi, I am Haresh, having 14+ years of experience in Software Testing Industry. - Having unique blend of knowledge in Quality Product Delivery, Processes Management, Functional testing, Integration and regression testing, load and Perfromance Testing which help me to take the Quality of the software to the next level. - Hands on experience on testing Desktop, Web Based, Mobile application and ERP based application. - Hands on experience on automation testing tools on selenium webdriver, jmeter, katalon studio, Appium, cypress, selenium with TestNG freamwork etc.. - Thorough understanding of Product Delivery Life Cycle, Software Testing Life Cycle and Software Development Life Cycle. - Experience in Well conversant with writing Test plan,Test Cases,Bug report, Release Note and Product Health Report. - Worked in various domains like Finance, Retail, Web Portals, Healthcare, ecommnerce, CMS, Eduction Portal, Life Insurance, ERP system etc. - I do have require mobile devices to test mobile view or applications like android and iOS applications. - I have hands on experience with Git, postman, MSSQL Server. Kindly review my profile and let me know you view over the same. Thanks, Haresh

@arehman171

Hi there, I can perform a focused Android security assessment covering Wi-Fi traffic interception and authentication flows in line with OWASP MASVS-AUTH, using tools like Burp Suite, mitmproxy, and Frida. I’ll test TLS/cert pinning, token handling, session security, and brute-force resilience, then deliver a clear, actionable report with severity ratings and remediation steps. After fixes, I’ll re-verify all critical and high-risk findings to ensure the app is secure before release. Let's chat to proceed.

@DigitalNightOwl8

Hi , Good afternoon! Already have something live to show you I am professional mobile engineer with skills including OAuth, Testing / QA, Network Security, Mobile App Development, Android, API Testing, Penetration Testing and Mobile App Testing. Please contact me to discuss more regarding this project. Eager to hear your feedback

@offensiumvault

Hello, Offensium Vault Private Limited can perform an authorized Android application security assessment covering Wi-Fi traffic security and authentication flows (username/password + OAuth). ✔ ISO/IEC 27001:2022 & ISO 9001:2015 certified cybersecurity company ✔ Strong experience in Android pentesting aligned with OWASP MASVS-AUTH ✔ Safe, legal, non-destructive testing on beta build + staging backend Scope: • Intercept and analyze all Wi-Fi traffic • TLS configuration & certificate pinning validation • Token handling, replay risk, MITM & session hijacking checks • Username/password security, brute-force protection, enumeration • OAuth token exchange, refresh logic, reuse & logout invalidation Tooling: • Burp Suite Pro / mitmproxy • Frida / Objection (runtime testing, pinning checks) Deliverables: • Concise PDF report with severity (CVSS/OWASP), repro steps, screenshots/pcaps & remediation • Verification pass after fixes for Critical/High findings You provide the APK, test accounts, and API/OAuth keys. Ready to start immediately. — Offensium Vault Private Limited

@nicolasalexandro

Hey — saw your post about Android App Pen Test, i wanna work and im ready to start immediately.

@fedoraozora

saya akan berusaha mengerjakan pekerjaan ini dengan baik karena saya perlu biaya untuk kuliah dan asalakan diberi penjelasan secara jelas

@raipradeep733

As an experienced backend engineer with a particular adeptness for security, I bring a unique skill set that directly addresses the needs of your Android app pen test project. My deep understanding of Node.js and Express will allow me to effectively analyze the backend of your application, ensuring a thorough examination from all angles. With my proficiency in using tools like Burp Suite Pro, mitmproxy, Frida and the like, I guarantee an insightful penetration testing process. Over my 10+ years in this field, I have continuously emphasized not just identifying vulnerabilities but also providing actionable solutions. This commitment is reflected in my deliverables - a concise PDF report detailed with reproducible steps, screenshots or packet captures and clear remediation advice as per industry standards. Moreover, I believe my work doesn't conclude with the identification of problems but extends to aiding the implementation of fixes. For this reason, my verification pass after applying remedies would ensure that no critical or high-risk items are left unaddressed.

@dushyant317

I bring 13 years of professional experience delivering high-quality results. I have strong expertise in all the required skills listed for this project. My approach ensures accuracy, clear communication, and timely delivery. I am confident I can exceed your expectations with efficient, reliable work. Looking forward to contributing to your project—ready to begin immediately.

@annabellep0

I am a perfect fit for your project requiring a thorough security assessment of your Android app’s Wi-Fi traffic and login flows. I understand the need for a clean, professional, and seamless evaluation focusing on certificate pinning, TLS, token handling, brute-force protections, and OWASP MASVS-AUTH compliance. With expertise in mobile app security, I’ll use Burp Suite Pro and Frida to intercept, analyze, and test vulnerabilities, delivering a user-friendly PDF report with severity ratings, reproducible steps, and remediation advice. While I am new to freelancer, I have tons of experience and have done other projects off site. I would love to chat more about your project! Regards, Annabelle Pretorius

@garronwallace

I’m confident I’m the right person for this project. Your focus on testing wifi traffic security and detailed authentication flows against OWASP MASVS-AUTH standards shows a commitment to a modern, smooth, and secure user experience. I bring deep expertise in mobile app security testing, including intercepting traffic with Burp Suite Pro, verifying TLS and token handling, and assessing authentication logic for vulnerabilities. I’m new to Freelancer, but I have strong real-world experience and have completed many successful projects outside the platform. Let’s talk through your goals — I’d love to help bring this to life. Regards, Garron Levi Wallace

@mikeb09

I'm happy to help with the security assessment of your Android app. I'll test Wi-Fi traffic and login flows, using tools like Burp Suite Pro and Frida. I'll check certificate pinning, TLS config, token handling, and auth mechanisms. You'll get a PDF report with findings, severity levels, reproducible steps, and remediation advice. I'll also verify fixes after they're applied. To get started, I'll need the APK, test accounts, API keys, and access to the staging backend. Looking forward to working with you. Best regards, Mike Banda

@kamaleshp1

I am an Offensive Security–certified OSCP professional with 5 years of hands-on experience delivering comprehensive penetration testing and security assessment services. My expertise includes web, mobile, thick client, API, and network penetration testing, as well as source code reviews and configuration security reviews. I have successfully supported clients across the Gulf region and Europe, helping organizations identify, validate, and remediate security vulnerabilities in complex enterprise environments.

@vaibhavatkale

Hello There I can perform a focused security assessment of your Android app’s Wi-Fi traffic and authentication flows. I’m an eMAPT-certified mobile pentester with 6+ years’ experience, including work for enterprise clients like Mastercard. I’ll intercept and analyse requests over Wi-Fi (TLS, cert pinning, token handling, MITM/session risks) and validate username/password + OAuth flows against OWASP MASVS-AUTH. Tools will include Burp/mitmproxy/Frida. Deliverables: concise PDF report (severity + PoC steps/screenshots/pcaps, remediation guidance) and a short re-test after fixes. We can connect over a call and discuss next steps!

@shahrubina42

I am a Business Analyst with 5 years of experience supporting security assessments and application risk reviews. I will evaluate Wi-Fi traffic and authentication flows against OWASP MASVS-AUTH, focusing on TLS, certificate pinning, token handling, OAuth, and session security. I will deliver a concise, severity-rated report with clear remediation steps and perform a verification pass after fixes. Ready to start immediately.

@rkssjagadish

Hi, I’m Jagadish, a Cybersecurity Analyst and Penetration Tester with experience in Android, API, and OAuth security testing, aligned with OWASP Mobile Top 10. I will perform a complete security assessment of your Android app, focusing on Wi-Fi traffic interception and authentication flows, as requested. Testing Scope MITM testing using Burp Suite Pro / mitmproxy TLS configuration and certificate pinning validation Token leakage, replay, and session hijacking checks Brute-force protection and rate-limit testing Secure credential storage validation OAuth token exchange, refresh, revocation, and logout testing IDOR, privilege escalation, and access control checks Static analysis using MobSF / JADX Dynamic testing with Frida (SSL pinning/root bypass) Business logic and auth-flow flaws Deliverables Concise PDF report with severity (CVSS/OWASP), PoC steps, screenshots/packet captures, and remediation Post-fix verification for Critical and High issues Tools Burp Suite Pro, Frida, MobSF, JADX, adb I’m comfortable working with beta builds, staging backends, test accounts, and API keys. Looking forward to securing your application.

@Amarachi20

Hello, I can perform a focused security assessment of your Android app, covering Wi‑Fi traffic interception and authentication flows (password + OAuth) in line with OWASP MASVS-AUTH. I’ll test TLS, certificate pinning, token handling, MITM risks, brute‑force protection, and session management. You’ll receive a clear PDF report with severity ratings, repro steps, evidence, and remediation advice, plus a verification pass after fixes. I can work with Burp Suite, mitmproxy, and Frida. Best regards, Amarachi