# llms.txt — LLM context file for mobile.vibehack.dev # Specification: https://llmstxt.org # Last updated: 2026-05-17 # Mobile Security Assessment Tool > Free, browser-based DIY mobile application security assessment platform covering OWASP Mobile Top 10 2024 for iOS and Android applications. ## What this tool does The Mobile Security Assessment Tool helps security professionals, developers, and organisations evaluate their iOS and Android applications against the OWASP Mobile Top 10 2024 — the first major update to the standard since 2016. **No login, no installation.** Everything runs in the browser. ## OWASP Mobile Top 10 2024 Categories Covered - **M1 – Improper Credential Usage** (Critical): Hardcoded credentials, insecure storage, session token mismanagement - **M2 – Inadequate Supply Chain Security** (High): Third-party SDK vulnerabilities, dependency scanning, code signing - **M3 – Insecure Authentication/Authorization** (Critical): Weak auth, MFA, biometrics, session management - **M4 – Insufficient Input/Output Validation** (High): Injection attacks, WebView security, deep link validation - **M5 – Insecure Communication** (Critical): TLS 1.2+, certificate pinning, App Transport Security - **M6 – Inadequate Privacy Controls** (Medium): GDPR/CCPA, data minimisation, consent management - **M7 – Insufficient Binary Protections** (Medium): Code obfuscation, anti-tampering, root/jailbreak detection - **M8 – Security Misconfiguration** (High): Debug flags, permissions, manifest hardening - **M9 – Insecure Data Storage** (Critical): Encryption at rest, Keychain/Keystore usage, database encryption - **M10 – Insufficient Cryptography** (High): AES-256, key management, secure RNG, forward secrecy ## Platform-Specific Checks ### iOS Keychain API, App Transport Security (ATS), Face ID / Touch ID, Sign in with Apple, Secure Enclave, CryptoKit, Data Protection API, Privacy Manifest, App Tracking Transparency, entitlements hardening, background mode restrictions. ### Android Android Keystore, BiometricPrompt API, SafetyNet / Play Integrity attestation, Network Security Config, EncryptedSharedPreferences, SQLCipher, ProGuard/R8, AndroidManifest hardening, exported component security, Jetpack Security library. ## How to use 1. Open https://mobile.vibehack.dev/ 2. Select platform: iOS, Android, or Both 3. Expand any OWASP category card to reveal detailed security checks 4. Tick each control as you verify it in your application 5. Progress bars update in real-time — no data is sent to any server ## CISO Marketplace Ecosystem This tool is one of several free micro-tools published under the CISO Marketplace / vibehack.dev ecosystem: - **Vibe Development Hacking** – https://vibehack.dev/ - **DevSecOps Assessment** – https://devsecops.vibehack.dev/ - **API Security** – https://api.vibehack.dev/ - **Cloud Security Assessment** – https://cloudassess.vibehack.dev/ - **Container Security** – https://container.vibehack.dev/ - **AI Risk Assessment** – https://airiskassess.com/ - **Compliance Assessment** – https://compliance.airiskassess.com/ ## Key statistics (2026) - 7.1 billion smartphone users worldwide - Mobile apps account for 72% of digital interactions - Mobile malware growing 65%+ YoY (accelerated from 54% in 2024) - $23 billion+ lost to mobile fraud annually (up from $16.9B in 2024) - 96% of organisations have at least one unaddressed mobile security gap - Mobile vulnerabilities linked to 45%+ of personal data breaches ## Emerging threats (2026) - AI-powered social engineering & real-time deepfake biometric bypass - SDK supply chain compromises (now affecting 45%+ of mobile apps) - "Harvest now, decrypt later" quantum-ready attacks - 5G/6G MITM and ultra-low-latency interception vectors - Expanded IoT/wearable attack surface via mobile hub apps - Global privacy regulation enforcement (GDPR, CCPA, LGPD, PIPEDA) targeting mobile apps ## Optional extras - [Sitemap](https://mobile.vibehack.dev/sitemap.xml) - [robots.txt](https://mobile.vibehack.dev/robots.txt)