Other

Mobile Security Audit & Research Initiative

Our Client’s Backstory

Klika Security Sense, our cybersecurity research division, identified a vulnerability gap within the digital landscape of Bosnia and Herzegovina (BiH). With over 3.5 million mobile subscribers—surpassing the national population—and a growing mobile internet user base, the security of local applications has become a matter of importance. As a technical partner in the region, Klika initiated this research project to evaluate the security posture of the mobile ecosystem across the Finance, Government, Food, and Media sectors, aiming to establish digital safety standards.

The Challenges

The primary obstacle was a lack of awareness and documentation regarding mobile application security. Key challenges included:

Escalating Cyber Threats: An increase in sophisticated attacks, including DDoS, card theft, and ATM network breaches, primarily targeting the banking sector.
Data Exposure: Frequent occurrences of PII (Personally Identifiable Information) leaks due to insecure logging and storage practices.
Fragmented Security Standards: The absence of a data-driven baseline to guide local organizations in fortifying their mobile infrastructures.
Architectural Vulnerabilities: Many local applications lacked protection against threats like repacking, cloning, and Man-in-the-Middle (MitM) attacks.

Solutions

Klika conducted a security audit of approximately 100 mobile applications, utilizing industry-standard penetration testing and vulnerability assessment frameworks. Our solution included:

Comprehensive Application Audit: Executed audits of 100 applications, spanning diverse sectors to identify systemic security deficits.
Multi-Vector Vulnerability Assessment: Targeted critical risk areas, including PII leakage in system logs, phishing susceptibility, and network proxy vulnerabilities.
Man-in-the-Middle (MitM) Testing: Performed analysis to evaluate the integrity of encrypted HTTPS data and susceptibility to interception.
Decompilation & Integrity Analysis: Assessed protection levels against application repacking and cloning to prevent malicious modifications.
Local Data Encryption Review: Conducted deep-dive audits of local database storage to ensure compliance with modern encryption standards.
Sector-Specific Risk Mapping: Categorized findings by industry to provide actionable security recommendations.

The Results

The research project provided the first comprehensive data-driven map of the regional mobile security landscape, revealing areas for remediation.

Baseline Security Mapping: Established an average national safety score of 40 out of 100, providing local organizations with a clear benchmark for improvement.
Financial Sector Insights: Identified that the financial sector was the most vulnerable, with native banking apps scoring as low as 24 out of 100.
Identification of High-Risk Vulnerabilities: Revealed a national average CVSS score of 5.4, categorizing the majority of local applications as "middle-risk" assets.
Strategic Public Impact: The publication of findings prompted local institutions to adopt more rigorous security protocols.
Regional Thought Leadership: Solidified Klika’s position as an authority on cybersecurity in the region, driving a conversation on digital safety.