Overview
Bugsmirror RunLock is an advanced dynamic application security testing tool that offers runtime vulnerability detection in Android and iOS mobile applications by running apps on real physical devices. RunLock is known for assessing over 30 runtime threats.
This is an automated tool that provides results within 24 business hours, making the testing and deployment process easier and less time-consuming. The report highlights vulnerabilities and provides actionable recommendations, including PoC and steps for reproduction, helping you strengthen your app’s security against dynamic and runtime threats.
How Bugsmirror RunLock works:
Bugsmirror RunLock is an automated tool; it just requires an APK file or ipa file. It tests the app against different runtime threats, identifies security bypasses, and provides a report within a few hours, which makes it very time-efficient and with no false positives.
-
Assess how the app behaves under adversarial runtime environments (rooted/jailbroken, emulator).
-
Simulate dynamic attacks using hooking frameworks (e.g., Frida, Xposed, Magisk) and analyze bypass success.
-
Identify runtime integrity issues like tampering, or unauthorized memory/code modifications.
-
Evaluate protections against screen mirroring, remote control, overlay attacks, tap jacking, and keylogging.
-
Review real-time network usage for secure connections and detection of proxy/VPN misuse.
-
Benchmark the application’s runtime resilience against common tools used in mobile exploitation.
Why Choose RunLock:
- Threat severity level (high/medium/low) to take measured actions.
- Give the report in 24 business hours.
- CVSS risk scores (Common Vulnerability Scoring System).
- Government guidelines and industry standard-aligned categories (including RBI, NPCI, OWASP MASVS, etc.).
- Attempts are made to bypass existing app security measures. Pass/fail/bypassed results.
- Make it easier for developers to fix issues, for leaders to understand risk, and for compliance teams to use the findings for audits.
RunLock Dashboard Overview
The RunLock tab provides a summary of your scanning activity:
- Total Scans: Total number of scans performed.
- Completed: Scans successfully completed.
- Failed: Scans that failed due to technical issues.
- Pending: Scans yet to start.
- Processing: Scans currently in progress.
Start a new DAST scan by clicking on the + New Release button.
All scanned files are listed below and can be easily searched using the search bar.
You can also download a sample report directly from the MASST portal.