Verify the build.
Project the evidence.
Sign the report.
Veriferium runs static, dynamic, and network analysis against your mobile builds — iOS and Android — and correlates the findings into one pipeline. Every report leaves the system through a single, report-safe projection profile: claim, evidence, caveat, signed off.
The Veriferium pipeline
A signed build enters once. Three analyzers run in parallel. Findings correlate. A single profile projects what leaves.
One pipeline,
three vantage points.
Most mobile security tooling forces you to wire static, dynamic, and network analysis together yourself — if it even runs them at all. Veriferium orchestrates all three against the same build, in the same scan, and lands their findings in the same graph. That’s how a manifest permission, a runtime hook, and an outbound request become one attack chain instead of three open tabs.
Three analyzers,
built to disagree.
A finding that survives static analysis, gets re-confirmed by runtime instrumentation, and lines up with a real network request is a finding worth surfacing. The rest get caveated, ranked, or held back.
AST and manifest correlation across iOS and Android, with hardcoded-secret detection, permission graphing, and binary inspection.
- iOS + Android binary & source
- Secrets, certificates, taint sources
- Permission & capability mapping
- 67 generated plugins
Real runtime instrumentation: hand-authored Frida hooks, policy-gated UI driving, and operator-grade manual sessions.
- Frida hook runtime with full inventory
- UI driving v2 (UIAutomator + scripted)
- Manual driving over auth’d WebRTC
- Provider-check: fail-closed, no-network
Hosts, endpoints, taint flows. We capture what flows out of the app and what flows back — then summarize it without leaking it.
- TLS / pinning · host inventory
- Endpoint taxonomy & counts
- Source → sink taint summaries
- Bodies stay inside the boundary
A boundary between
what we see and what we say.
Veriferium’s analyzers see authorization headers, request bodies, runtime memory, and proof payloads. Reports don’t. Every export passes through one projection profile that surfaces findings, summarizes evidence, and seals raw material behind an audited vault. Same discipline applies to API responses, UI, and SARIF.
What the analyzers see.
Internally, Veriferium captures the full picture — headers, bodies, proof code, taint values — and seals it into an encrypted vault with audit and retention policy.
What every report contains.
Externally, every consumer — PDF, SARIF, an API client — reads the same projection: claim, evidence reference, plain-language caveat. No raw bodies, no proof code.
Drive the app like a user.
With a policy that never blinks.
UI Driving v2 turns a real device session into a deterministic, auditable test — whether your operator is tapping the screen by hand or replaying a scripted flow. Every action passes a default-deny policy before it touches the device.
Manual sessions over authenticated WebRTC.
Operators connect to a live device through an authenticated WebRTC session. Coordinates map browser-to-device, gestures pass through the policy gate, and a clean-up path releases provider resources on stop or failure.
Findings that
explain themselves.
Every cross-finding chain is built as a verifiable attack graph: which static source enables which runtime hook which writes to which network sink. Each node carries its own evidence and projection state.
Anatomy of a verifiable chain.
A storyboard, not a CSV. Each step is a finding with its own analyzer provenance, evidence reference, and caveats. Path-source limits are surfaced rather than hidden — you can always see where the graph ends.
Seven export formats.
One projection profile.
Whether a finding leaves the system as a PDF for an auditor, a SARIF file for CI, or a JSON bundle for an engineer, it passes through the same projection. Allowed phrasing is validated automatically. SARIF is forced through the safe profile for CI consumption.
Format coverage.
Pick the surface that fits your audience. Every format is generated from the same projection — there’s no “raw mode.”
Mapped to the standards
your auditors already trust.
Findings, evidence references, and projection metadata are mapped to industry standards to support your assessment workflow — a traceability matrix instead of a screenshot. Coverage is reported qualitatively; Veriferium maps evidence rather than asserting formal compliance.