Mobile app penetration testing typically includes "data at rest" and "data in transit" security testing in context of the mobile application. This is true irrespective of whether it is Android app, or iOS app or Windows Phone app.
Penetration testing tools are used as part of a penetration test to automate certain tasks, improve testing efficiency and discover issues that might be difficult to find using manual analysis techniques alone. Two common penetration testing tool types are static analysis tools and dynamic analysis tools.Customers typically expect the app to be security tested end to end. This involves the mobile app binary as well as the backend web services.
Manual penetration testing layers human expertise on top of professional penetration testing software and tools, such as automated binary static and automated dynamic analysis, when assessing high assurance applications. A manual penetration test provides a wider and deeper approach to ensure great deal of accuracy, which is imperative for the hardening of mobile app from malicious attacks. While the vulnerability assessment does the task of finding security problems, the penetration testing proves that those findings actually do exist and shows ways to exploit those. Thus the penetration testing attempts to exploit security vulnerabilities and weaknesses of the app throughout the environment, attempting to penetrate both at the network level and key applications.