NowSecure

NowSecure

Category: Mobile
License: Commercial
Visit Website →

NowSecure provides automated mobile application security and privacy testing with a focus on data protection compliance.

The platform identifies unauthorized data collection, third-party sharing violations, and insecure storage patterns that could expose sensitive user information.

NowSecure aligns with OWASP Mobile Application Security Verification Standard (MASVS) and provides both automated testing and expert penetration testing services.

What is NowSecure?

NowSecure is a mobile application security platform that combines automated analysis with professional security services.

The platform performs deep analysis of mobile apps to identify security vulnerabilities and privacy violations that could impact users and violate regulatory requirements.

The platform stands out for its emphasis on privacy analysis.

Modern mobile apps collect vast amounts of user data, often through third-party SDKs that developers may not fully understand.

NowSecure maps data flows to identify what information is collected, where it is sent, and whether it is properly protected.

NowSecure offers both self-service automated testing through NowSecure Platform and guided testing that combines automation with expert analysis.

The company also provides penetration testing as a service for organizations that need comprehensive manual assessments.

Key Features

Automated Security Testing

NowSecure Platform performs automated static and dynamic analysis on iOS and Android applications.

The testing engine evaluates apps against OWASP MASVS requirements, identifying vulnerabilities in authentication, data storage, network communications, and platform interaction.

Automated tests detect:

  • Insecure data storage (SharedPreferences, Keychain misuse)
  • Weak or missing certificate pinning
  • Sensitive data in logs and crash reports
  • Hardcoded credentials and API keys
  • Improper session management
  • Vulnerable third-party libraries

Privacy Analysis

The privacy analysis engine tracks how applications handle user data.

It identifies:

  • Personal information collected by the app
  • Third-party services receiving user data
  • Data transmitted without encryption
  • Information stored in unprotected locations
  • Tracking identifiers and fingerprinting techniques
  • Compliance gaps with GDPR, CCPA, and other regulations

Mobile SBOM Generation

NowSecure generates Software Bill of Materials for mobile applications, cataloging all third-party SDKs, libraries, and frameworks.

The SBOM tracks known vulnerabilities in dependencies and provides visibility into the mobile software supply chain.

OTT Application Support

Beyond traditional mobile apps, NowSecure tests Over-The-Top (OTT) applications for streaming devices, smart TVs, and gaming consoles.

This includes apps for Roku, Apple TV, Fire TV, and Android TV platforms.

Penetration Testing Services

NowSecure employs security researchers who perform manual penetration testing.

These assessments go beyond automated scanning to identify complex vulnerabilities like business logic flaws, authentication bypasses, and chained attack scenarios.

Integration

NowSecure integrates with CI/CD pipelines to automate security testing during the development process.

GitHub Actions

name: NowSecure Mobile Security

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

jobs:
  security-test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Build Android App
        run: ./gradlew assembleRelease

      - name: NowSecure Auto Scan
        uses: nowsecure/nowsecure-action@v1
        with:
          token: ${{ secrets.NOWSECURE_TOKEN }}
          app_file: app/build/outputs/apk/release/app-release.apk
          group_id: ${{ secrets.NOWSECURE_GROUP_ID }}

      - name: Check Results
        uses: nowsecure/nowsecure-action/check@v1
        with:
          token: ${{ secrets.NOWSECURE_TOKEN }}
          min_score: 70
          fail_on_high: true

Jenkins Pipeline

pipeline {
    agent any
    environment {
        NOWSECURE_TOKEN = credentials('nowsecure-api-token')
        NOWSECURE_GROUP = credentials('nowsecure-group-id')
    }
    stages {
        stage('Build') {
            steps {
                sh './gradlew assembleRelease'
            }
        }
        stage('Security Scan') {
            steps {
                sh '''
                    pip install nowsecure-cli

                    # Upload and scan
                    ns-cli auto \
                      --token $NOWSECURE_TOKEN \
                      --group $NOWSECURE_GROUP \
                      --file app/build/outputs/apk/release/app-release.apk \
                      --wait

                    # Check for high-severity findings
                    ns-cli results \
                      --token $NOWSECURE_TOKEN \
                      --format json \
                      --min-score 70
                '''
            }
        }
    }
    post {
        always {
            archiveArtifacts artifacts: 'nowsecure-report.json', allowEmptyArchive: true
        }
    }
}

Azure DevOps

trigger:
  - main

pool:
  vmImage: 'ubuntu-latest'

steps:
  - task: Gradle@3
    inputs:
      gradleWrapperFile: 'gradlew'
      tasks: 'assembleRelease'
      publishJUnitResults: false

  - script: |
      pip install nowsecure-cli
      ns-cli auto \
        --token $(NOWSECURE_TOKEN) \
        --group $(NOWSECURE_GROUP) \
        --file $(Build.SourcesDirectory)/app/build/outputs/apk/release/app-release.apk \
        --wait \
        --output nowsecure-results.json
    displayName: 'NowSecure Security Scan'

  - task: PublishBuildArtifacts@1
    inputs:
      pathToPublish: 'nowsecure-results.json'
      artifactName: 'SecurityReport'

Fastlane Integration

# Fastfile
lane :security_scan do
  gradle(task: "assembleRelease")

  # Upload to NowSecure
  sh("ns-cli auto " \
     "--token #{ENV['NOWSECURE_TOKEN']} " \
     "--group #{ENV['NOWSECURE_GROUP']} " \
     "--file ../app/build/outputs/apk/release/app-release.apk " \
     "--wait")

  # Generate report
  sh("ns-cli report " \
     "--token #{ENV['NOWSECURE_TOKEN']} " \
     "--format pdf " \
     "--output ../security-report.pdf")
end

API Usage

NowSecure provides a REST API for programmatic access:

# Upload application for analysis
curl -X POST \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -F "file=@app-release.apk" \
  "https://api.nowsecure.com/app/upload?group=GROUP_ID"

# Get assessment results
curl -X GET \
  -H "Authorization: Bearer YOUR_TOKEN" \
  "https://api.nowsecure.com/app/ASSESSMENT_ID/results"

# Generate SBOM
curl -X GET \
  -H "Authorization: Bearer YOUR_TOKEN" \
  "https://api.nowsecure.com/app/ASSESSMENT_ID/sbom?format=cyclonedx"

When to Use NowSecure

NowSecure is well-suited for organizations where mobile app privacy and data protection are primary concerns.

Consider NowSecure when:

  • Privacy compliance (GDPR, CCPA) is a regulatory requirement
  • You need to understand what data third-party SDKs are collecting
  • Mobile SBOM generation is required for supply chain security
  • You want both automated testing and access to expert pen testers
  • OTT applications (smart TV, streaming devices) need security testing

The platform works particularly well for consumer-facing applications in industries like finance, healthcare, and retail where user data protection is paramount.

The combination of automated privacy analysis and expert services provides comprehensive coverage of both technical vulnerabilities and data handling risks.

Other Mobile Tools

AppKnox
AppKnox

Gartner Leader, 40% Faster Testing

Data Theorem Mobile Secure
Data Theorem Mobile Secure

#1 Gartner Cloud Native Apps

esChecker
esChecker

Real Device Farm, No False Positives

MobSF
MobSF

Open-Source All-in-One Mobile

See all Mobile tools