Bishop Fox Mobile Application Security Assessment is a professional penetration testing service that provides manual and dynamic analysis of Android and iOS mobile applications. The service follows OWASP Mobile Security Testing Guide (MSTG) and OWASP Mobile Application Verification Standard (MASVS) methodologies to identify security vulnerabilities. The assessment includes binary and file-level analysis to identify vulnerabilities in mobile applications, regardless of source code availability. When source code is provided as part of a Hybrid Application Assessment, consultants use it to validate and locate vulnerabilities. Without source code, the team attempts to reverse engineer the application binary to reconstruct source code and identify security issues. Testing covers the OWASP Top 10 Mobile Risks including Improper Platform Usage, Insecure Data Storage, Insecure Communication, Insecure Authentication, Insufficient Cryptography, Insecure Authorization, Client Code Quality, Code Tampering, Reverse Engineering, and Extraneous Functionality. The service includes runtime patches, network interception, filesystem storage analysis, device keystore storage examination, binary reverse engineering, and server-side testing. Consultants also inspect application APIs and dynamically instrument application binaries to identify business logic issues. The team uses virtualized mobile devices to conduct assessments, providing testing efficiency without managing physical devices. Reports are customized to the specific application and organization, providing actionable security guidance beyond generic risk ratings.