Appicaptor Changelog- October 2016

Top App List can be Integrated
All customers with Appicaptor SmartWeb or Appicaptor Corporate subscriptions can retrieve additional access to the results of the current Top2000 app list for iOS and Android. The results are directly available for a reduced additional fee. Contact the Appicaptor support for a Top App subscription. The Top App results can be individually evaluated or combined with the results of the ordered app tests.

Extension in Appicaptor Web Interface
Within the overview page of the test results, all entries can now be sorted by all columns. By clicking on the column name, the respective column is used for sorting (or the sorting sequence is reversed). This makes it easy to sort all result lists by app type, number of risks, or violation of blacklist rules.

Test Cases
Among other things, the vulnerability patterns for communication protection were expanded. In addition, the security quality of iOS Apps is now evaluated by using the “App Transport Security” configuration. A deviation from the secure default setting, for example to enable unencrypted HTTP connections, is now included in the automatic risk assessment. In addition, the configuration details are listed in the report.

it-sa 2016
We show the risks of poor security quality for apps as al demonstration live on the it-sa from 18th  to 20th October 2016 in Nuremberg (in Hall 12 at booth 430). We will show the example of a trustworthy TV-program app for iOS. When using the app in public WiFi, attackers can misuse the included Cordova calendar plugin to read or delete any appointments on the iPhone, which can result on any modification or deletion of the appointments on all synchronized devices.