(929) 590-5818 [email protected]
en
en

Case Study: Andromeda Systems – Mobile App Pentest with Reverse Engineering

Client:
Andromeda Systems — a company specializing in the development of mobile and web applications, RPA, and AI services
Industry:
Software Development
Focus:
Securing applications that interact with client systems and handle sensitive data
Main challenge:
Identifying critical vulnerabilities in the app before release to prevent system compromise and data leakage
Market:
International
Services provided:
reverse engineering, full grey-box pentest using SAST, DAST
Key Takeaways
  • Conducted a grey-box app pentest using SAST, DAST, and reverse engineering
  • Identified critical vulnerabilities that could have led to data leaks; improved resilience to attacks
  • Delivered a final report with security enhancement recommendations to be implemented in future releases
    • 100%
    coverage of critical security elements
    2
    weeks instead of the planned 3 — project duration
    IPO file
    fully analyzed for vulnerabilities
    Case Study: Andromeda Systems – Mobile App Pentest with Reverse Engineering
    May 10, 2025
    14 min
    Is the app secure enough before release? Andromeda Systems reached out for a comprehensive security assessment of their product. In just 2 weeks, Datami performed a grey-box pentest, analyzed the IPO file, conducted reverse engineering, and discovered critical vulnerabilities. As a result, the client received detailed recommendations and significantly enhanced the mobile app's cybersecurity.

    Andromeda Systems is a mid-sized IT company specializing in the development of mobile and web applications, as well as the implementation of solutions based on RPA and artificial intelligence. The company’s products help clients automate business processes.

    For Andromeda, information security is a strategic priority, as even a single vulnerability in an application can lead to the leakage of sensitive data, posing reputational risks and potential financial losses.

    Objectives and challenges
    Andromeda Systems planned to perform a security assessment either before or shortly after the release of its mobile application. The client wanted to ensure that the product did not contain critical flaws that could pose security threats.

    The goal of the project was to identify potential threats, assess risk levels, and provide practical recommendations to enhance cyber resilience.
    • Conduct a full grey-box pentest using SAST, DAST, and reverse engineering
    • Analyze the application's IPO file and related components
    • Identify vulnerabilities, assess their severity, and provide reports with recommendations
    icon
    Penetration testing
    Grey-box pentest using SAST, DAST, and reverse engineering
    icon
    IPO file and components
    Security analysis of the app’s IPO file and related components
    icon
    Report and recommendations
    Final report with identified risks and recommendations
    Datami Methodology: Security Assessment for Andromeda Systems
    Our approach

    Datami conducted a comprehensive security assessment of the Andromeda Systems mobile application, focusing on the analysis of the IPO file, internal components, and service logic.

    The core method was a grey-box pentest. We combined static (SAST) and dynamic (DAST) analysis with reverse engineering, which allowed us to uncover non-standard threats.

    Testing was performed both manually and using specialized tools, providing a complete picture of the application’s security posture.

    Despite limited input data, the team identified critical threats and provided actionable recommendations to enhance cybersecurity.

    Gray-box
    Gray-box
    The testing was conducted with partial access to internal data, enabling realistic attack simulations and identification of system weaknesses without being overly invasive.
    Key project stages and solutions

    As part of the project, Datami conducted a thorough technical assessment of Andromeda’s mobile application, tailoring the approach to the architecture specifics and the characteristics of the provided IPO file.

    The main focus was on analyzing security components, including reverse engineering, SAST, DAST, and the verification of application logic.

    • Preparation
      Assessment of the available information, clarification of technical parameters, and development of a testing plan tailored to the mobile environment.
    • Pentesting execution
      Grey-box penetration testing with SAST/DAST analyses, reverse engineering of the IPO file, and both manual and automated checks of logic, authorization, and data processing.
    • Analysis and reporting
      Documentation of identified vulnerabilities, formulation of recommendations, and delivery of a detailed security assessment report.
    Cybersecurity starts with action
    How we can help you?

    Every cybersecurity case study we solve involves deep analysis, tailored solutions, and measurable results.
    Datami has already helped over 600 companies strengthen their digital defenses — and we can do the same for your business.
    Ready to take action?

    Let’s start with a free consultation!
    Results and recommendations
    Fewer critical risks — more confidence
    Results and recommendations

    At the start of the project, the Andromeda application required an in-depth security assessment due to the potential for critical vulnerabilities in data processing logic, authorization, and API interactions.
    During the grey-box pentest, which included elements of reverse engineering, the Datami team identified several security issues, including critical and medium-level vulnerabilities that could have led to the leakage of confidential information.

    The recommendations covered:

    1. Improving authorization logic and input validation
    2. Enhancing error handling and protection against API misuse
    3. Implementing regular technical audits and pre-release testing
    4. Scheduling periodic technical calls to align security priorities

    As a result of the testing, the system became significantly more resilient to attacks, the overall risk level was substantially reduced, and the client received a structured report with actionable next steps.

    The project was successfully completed within the planned 2-week timeframe — faster than the industry average. The recommendations provided formed the basis for further improvements in the company’s cybersecurity processes.

    Our certificates
    Key project takeaways

    Thanks to Datami’s testing, Andromeda Systems significantly enhanced the security of its mobile application within just two weeks.

    The client gained a clear view of existing threats, achieved a reduced risk level, and received a well-defined action plan for ongoing improvements.

    This case study demonstrated that tech companies developing complex digital products require regular security assessments to minimize financial risks and maintain customer trust.

    Aspect
    Before the project
    After implementation
    Security posture
    High risk of data leakage and unauthorized access due to lack of application testing
    Data leakage and access risks significantly reduced after pentesting
    Critical vulnerabilities
    Potential compromise due to unhandled authorization and validation scenarios
    Critical vulnerabilities identified; protection recommendations provided
    Access risks
    Possibility of unauthorized user access or actions within the system
    Recommendations implemented to strengthen access control and logic
    Security compliance
    Partial compliance with internal policies and practices
    Overall compliance with security requirements improved
    Timeline
    Typical duration for similar projects exceeds 3 weeks
    Project completed faster — in just 2 weeks
    More success stories with Datami
    Browse other project case studies
    Case Fraudline: Scheduled Pentest of a Whistleblowing Platform

    Case Fraudline: Scheduled Pentest of a Whistleblowing Platform

    • Identified 6 technical vulnerabilities: 5 low-risk and 1 informational
    • Performed additional manual testing of business logic
    Services:
    automated gray-box pentest, audit of secure coding practices, additional manual review of business logic
    May 30, 2025
    P2P Platform Case Study: Comprehensive Security and GDPR Compliance Audit

    P2P Platform Case Study: Comprehensive Security and GDPR Compliance Audit

    • Identified 10 vulnerabilities, including 3 critical ones
    • Improved GDPR compliance and avoided potential financial losses of up to $300,000
    Services:
    Penetration testing, smart contract audit, code security review, testing for SQLi, XSS, and RCE vulnerabilities, OSINT analysis, and cloud infrastructure security assessment
    May 27, 2025
    Case Study Grindset Software: Payment System Pentest for PCI DSS Compliance

    Case Study Grindset Software: Payment System Pentest for PCI DSS Compliance

    • Conducted a black-box penetration test of critical payment system components
    • Discovered 15 vulnerabilities; 5 critical issues were resolved within 48 hours
    Services:
    Black-box penetration testing of the payment system, including assessment of web applications, servers, databases, and communication channels
    May 11, 2025
    Back to all cases
    Security image
    Ready to assess your project's security?
    Contact Datami — we’ll help you identify risks, strengthen your cybersecurity, and confidently pass certification.
    Datami articles
    Datami at the Barcelona Cybersecurity Congress 2025: New Horizons in Cybersecurity Datami Newsroom
    Datami Newsroom

    Datami at the Barcelona Cybersecurity Congress 2025: New Horizons in Cybersecurity

    Datami took part in the Barcelona Cybersecurity Congress 2025, one of Europe’s key events dedicated to cybersecurity innovations and technologies.

    Jun 3, 2025
    Why Your Smartphone Is at Risk: 5 Common Myths About Mobile Security Datami Newsroom
    Datami Newsroom

    Why Your Smartphone Is at Risk: 5 Common Myths About Mobile Security

    Most of us take careful care of our smartphones, protecting them from scratches, drops, or other physical damage. But when it comes to digital security, many people ignore potential threats. Cybercriminals eagerly take advantage of this negligence...

    Jun 3, 2025 5 min
    TOP 5 Largest Cryptocurrency Hacks in History Datami Newsroom
    Datami Newsroom

    TOP 5 Largest Cryptocurrency Hacks in History

    The cryptocurrency industry is still in its formative stage, and its highly complex technologies are not always adequately protected. In addition, inexperienced users often make serious mistakes in securing their assets. This creates various opportunities

    Jun 3, 2025 4 min
    Show all articles
    Order a free consulidation
    By submitting this form, I confirm that I have read and agree to the Privacy policy
    We value your privacy
    We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Cookie policy