Know Your Customer
If your company is experiencing fraud related to identity validation and biometric verification, we can provide a solution. We help your organization assess the implementation of facial recognition and identity verification SDKs used in mobile applications (Android & iOS), regardless of whether the development is native or hybrid.
During these assessments, our team of professionals performs both static and dynamic analysis to determine whether the SDKs in use are insecure, contain known vulnerabilities, or can be exploited due to their implementation. The goal is to identify weaknesses in the biometric process, improve security, and deliver a detailed technical report with findings and recommendations.
What do we offer?
We help your company improve cybersecurity for We help your company improve cybersecurity for third-party implementations commonly used in mobile KYC processes, by assessing implementations such as:
- Biometric capture and processing
- Liveness detection and its different implementations
- Document validation (depending on the process)
- Anti-fraud controls
- Deepfake protection
- Binary protections or those derived from RASP mechanisms
How do we detect it?
By using Tungstenic (our static and dynamic analysis tool), we can quickly identify which vendor is implemented in each application, as well as how it has been integrated.
Some of the many biometric protections we detect:
What types of tests do we perform?
- We analyze the implementation of KYC SDKs in both native and non-native integrations, reviewing how they are embedded within the application and how they interact with other components, on both Android and iOS platforms. This applies regardless of whether the application is developed natively or using hybrid frameworks (Flutter, React Native, Expo.io, etc.).
- We evaluate vulnerabilities associated with the entire KYC process, including data submission, processing, and data extraction (OCR), with a focus on documents used during identity verification.
- We perform tests focused on modifying, creating, and manipulating documents required in the KYC process, analyzing how the implementation behaves under these scenarios.
- We use tools developed by Just Mobile Security (JMS) to generate and manipulate images, videos, and gestures, including camera spoofing techniques, aimed at evaluating the robustness of implemented biometric controls.
- These types of assessments are often directly related to the analysis of binary protections and RASP mechanisms, which are reviewed and, when applicable, bypassed by the Just Mobile Security team as part of the security evaluation process.