This Tool Helps You Build Secure Mobile Apps
- Rendezvous
- 3.6K
Mobile phones have become an indispensable part of our life and these days there is an app for everything. A recent study has shown that Americans check their phones 80 times a day and Millennials Check Their Phones 150 Times a Day.
The worst case is when you lose your privacy, in September 2018, 90 million Facebook user accounts were exposed by a security breach. With this kind of situation, it’s very important for the app developers as well as end users to take care of their privacy and safety of their app usage. This is where AppScanOnline comes into the picture, it helps app developers to scan their app for any vulnerabilities and stay alert all the time.
Research Stash had a chance to talk to the creators of AppScanOnline and learn what inspired them to build this platform.
Can you tell us about your founding team members and what inspired you to build AppScanOnline?
AppScanOnline was originally developed by the Institute for Information Industry’s Cybersecurity Technology Institute (CSTI) as the brainchild of Mr. Jack Tien, Deputy Director and Ms. Emmily Tien, Section Manager.
It was initially called Crystal Mobile Application Scan (CMAS) and was solely available (in the Chinese language) for the Taiwan market as a manual service offering with no e-commerce functionality.
As the service was well received, but not yet global ready, CSTI inquired if III’s International Division could identify a partner to assist in the internationalization efforts.
International Division’s Alf Lien reached out to Solomonic’s CEO, Mr. Lester Neo, a leading Singapore eCommerce system integrator with over 15 years of experience successfully running the eCommerce websites for high profile brands such as Singapore Airlines, Hong Kong Air and Changi Recommends, to name a few, to develop a professionally designed, English language version of CMAS, later rebranded as AppScanOnline by integrating with the CMAS backend which is jointly run by Solomonic and III.
How does AppScanOnline work?
III powers the core engine for AppScanOnline dynamic and static analysis technology to provide Mobile App Automated vulnerability detection, identifying OWASP action security risks, as well as Industrial Development Bureau App standards.
For mobile App developers, simply upload the mobile App installer file (.apk files for Android and .ipa files for iOS) to the website and after few minutes (depending on the complexity of the mobile App), a detailed report will be generated.
There is a free trial version (in which a basic outline report is created) as well as Professional and Pay-Per-Use options (which provide a detailed analysis report and an Endorsement Certificate)
How different is AppScanOnline compared to other tools?
There are numerous competitors both paid (Ostorlab, Quixxi, NowSecure, etc.) as well as free options (Nviso Apk Scan). ASO differs from them due to the easy-to-use interface and the insightful generated reports, which provide an accurate snapshot of the mobile app vulnerabilities based on the latest OWASP industry standard guidelines.
What are the greatest challenges you faced while pursuing the idea of AppScanOnline and how did you address them?
One of the greatest challenges is how to build up word of mouth for the website as well as how to be in compliance with the General Data Protection Regulations (GDPR), which the website team is working on supporting in the near future.
How does AppScanOnline intend to penetrate the domestic & international market?
For the international market, to build up our online presence, we are doing a multi-pronged marketing strategy.
We are also maintaining a blog, which curates industry-relevant news and posts timely notices such when we do schedule server upgrades. We are also cultivating our target audience through social media channels such as Facebook and LinkedIn to raise awareness.
For the domestic market, we partnered with organizations such as the Mobile Application Security Alliance and will contact other companies and organizations related to mobile development such as accelerators and incubators.
What is your business model?
The ASO business model is subscription based. We offer a Pay-Per-Use ($99 USD) or annual Professional service options ($599 USD/year) and will be doing promotional campaigns throughout the year.
What is your plan for the future and where do you see AppScanOnline in the next five years?
As Institute for Information Industry and Solomonic are continuously developing other online services such as an upcoming IoT cybersecurity service, we plan on offering these additional services in our product roadmap and will definitely keep the Research Stash posted and invite you and interested audiences to our exclusive beta testing phases.
Anything exciting happening in the near future?
Many things, as mentioned, an expansion of the testing services is coming up and we have a special promotion for Research Stash readers. Instead of the usual $99 USD for the Pay-Per-Use, we are offering $30 USD. Just type in the Promo Code: RS-30 to take advantage of this special offer.
Did you scan your app for FREE on AppScanOnline? Let us know your experience in the comments below
If you liked this article, then please subscribe to our YouTube Channel for the latest Science & Tech news. You can also find us on Twitter & Facebook.