Presentation done on Bsides Lisbon 2015 alongside Herman Duarte.

Based on our experience on testing mobile applications, both on Android and iOS, we challenged ourselves on doing an assessment of both app stores’ applications, using OWASP mobile top 10 as a reference in terms of vulnerabilities to search for. As a criteria for choosing the apps to test, we focused on the most common mobile applications available in the Portuguese Android and iOS app stores, from several categories such as finance, social media, medical and security. For this talk we expect to highlight the most interesting design choices both good and bad and what should be done to avoid such mistakes.