Dear Mariano, Thank you for this question, we will add this information into our page in the near future, we are currently in the process of improving this landing page.
You can see the list of vulnerabilities the service detects in our documentation here https://appscan.bluemix.net/mobileAnalyzer/SCX/documentation As for the analysis, we are using Interactive Application Security Testing, aka GlassBox, which allows us to monitor the application in run time and be indifferent to the language it is written in, so Java or native is not an issue. Just to show the strength of this service, below are links to posts that our security researchers published in the last couple of months about vulnerabilities that were detected with this technology (I hope this doesn't paint this post as a commercial one): http://securityintelligence.com/apache-cordova-phonegap-vulnerability-android-banking-apps http://securityintelligence.com/vulnerabilities-firefox-android-overtaking-firefox-profiles http://securityintelligence.com/new-vulnerability-android-framework-fragment-injection Thanks, Eitan On Monday, February 9, 2015 at 4:49:55 PM UTC+2, mariano wrote: > > Dear Eitan, > > is there a white paper or piece of documentation that explain what > analysis is performed and what kind of security vulnerabilities are > detected by this service? > > Regards, > Mariano > > 2015-02-07 19:13 GMT+01:00 Eitan Worcel <[email protected] <javascript:>>: > >> Hi, >> >> We in IBM have built a new service that allows you to easily upload your >> apk file to our site, and receive a security report with details on the >> security vulnerabilities that were found in it. >> I'm the product manager of this service and I would really appreciate it >> if you could let me know what you think of this new service. >> Use this link https://ibm.biz/BdEw9f to register to a free 30 days trial >> >> Thanks, >> Eitan >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] >> <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> Visit this group at >> http://groups.google.com/group/android-security-discuss. >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
