Ostorlab's Insecure Flutter Apps: A Playground for Learning and Testing Mobile Security
Ostorlab has open-sourced two Flutter applications, designed to be intentionally insecure for testing and educational purposes. The apps, one native to iOS and the other a Java/C++/Flutter app, highlight a variety of common mobile app vulnerabilities. Available under the Apache-2.0 license, they serve as practical resources for understanding Flutter security.
Mon 10 July 2023
zCamera, 100M+ installation app, from remote compromise to data leaks
This article is a technical deep dive, showing how a 100M+ installation image application can exp...
Tue 04 July 2023
New Features & Fixes in July 2023
We're excited to bring you a host of enhancements and features: open-source Flutter vulnerability...
Sat 01 July 2023
AI-powered recommendations and fixes, Improved Flutter Detection, and much more
The new release brings a new AI Engine for improved recommendations, powerful new additions to Fl...
Mon 26 June 2023
Secure Mobile Biometric Authentication: Best Practices and Implementation Guidelines for Kotlin, Swift, and Flutter
In this Article, we define a secure implementation of mobile biometric authentication and provide detailed implementations in the 3 main modern mobile languages, namely Kotlin for Android, Swift for iOS, and Dart for Flutter multiplatform applications.
Flutter Reverse Engineering and Security Analysis
Article on Static and Dynamic analysis techniques for Reverse engineering Flutter Applications. The article goes over runtime patching, custom ABI interception and traffic interception.
Latest posts
Enhanced Security Features, New Automation Rules, and Flexible Yearly Plans for Improved User Experience
Latest release includes several enhancements such as faster navigation, weekly reporting, an export to CSV feature, new vulnerability detections, improved 2-FA authentication, dynamic routing extraction from popular web frameworks, new automation rules for workflow streamlining, and more flexible yearly plans allowing users to utilize testing slots as needed without loss during inactivity.
Mon 01 May 2023
Strategies for writing super fast Python
In this article, we look at different ways to improve the performance of Python which is an interpreted language.
Tue 18 April 2023
Automation rule policies, Artifacts redesign, improved detection and much more.
An overview of all the new features of the Ostorlab platform and its detection capabilities.
Fri 14 April 2023
GodFather Android Malware Analysis
In This article, we analyze the GodFather Android malware, which continues to appear in various formats and primarily targets banking and cryptocurrency applications to steal money and sensitive information for the users.
Fri 14 April 2023
Ostorlab Achieves SOC2 Type 2 Certification for Commitment to Security and Data Protection
Ostorlab has successfully completed its SOC2 Type 2 audit, demonstrating its commitment to security and data protection.
Wed 12 April 2023
Enhanced Attack Surface Detection: Introducing Faster Scans, Mobile App Attack Surface, and Improved Navigation Features
Significant improvements made to the attack surface detection platform, such as advanced asset filtering, search features, quick action buttons, and bulk asset import; it also mentions the ability to track mobile applications' attack surfaces, faster scanning speeds, and a new scan insights feature providing actionable security feedback.
Sat 01 April 2023
Improved automation rules, export options, UI, and support.
Improved automation rules, export options, UI, and support. Added features for search, history details, and saving searches. Fixed bugs and optimized performance.
Wed 01 March 2023
Fix it! at Ostorlab
Ostorlab's Fix it! practice is one of our most successful engineering practices helping us eradicate bugs and kill technical debt.
Sun 19 February 2023
Changelog
View all changesMobile Benchmarking, Monkey Tester Reliability, and Deeper Web Crawling
Tue 23 September 2025