iOS Security Audits & Mobile App Penetration Testing
OWASP MASVS reviews, Secure Enclave and Keychain hardening, jailbreak and instrumentation defence, regulated-environment compliance. The output is a prioritised remediation list with reproduction steps and the specific code change for each finding. At LivaNova I ran OWASP MASVS audits on a patient-data medical app and pushed it past 70% compliance.
- OWASP MASVS L1 / L2 / R reviews: L1 for consumer apps, L2 for finance and health, R for apps with dedicated adversaries
- Secure Enclave, Keychain, and File Protection configuration audits
- jailbreak detection and anti-Frida hardening for apps with real adversaries
- offensive testing with Frida and mitmproxy — verifying your defences hold against real attack tools
What clients say
"Vadim was instrumental to the success Epsy enjoyed on iOS, taking it from an idea on a Miro board to the highest rated and most downloaded app of its kind on the store."
James C. · Mobile Engineering Lead, Epsy
"We had a strict deadline, and Vadim managed to complete the job in time. He gave us meaningful feedback and suggested better approaches, not trying to blindly stick to our specification."
Founder · Pre-seed streaming service
"I can say with confidence that it will be difficult to find a better developer. Vadim is achievement-oriented, highly organized, with very good communication skills."
Alex Z. · Co-Founder, eda.so
Related work
Why an approved app can still fail a security audit
An iOS security audit on why App Review approval is not security: secrets in the binary, weak key derivation, and an agentic-AI attack surface.
How I accidentally became PureGym's unofficial Apple Wallet developer
Tired of fumbling with the gym app every morning, I reverse-engineered their API to build an Apple Wallet pass that gets me in with a quick wrist scan and discovered a bizzare security theatre along the way.
Epsy
Health companion app for epilepsy patients.
Silk
The health metric your phone doesn't track
Debunked the "iOS is secure by default" myth in 90 minutes. Walked through real pentesting techniques, tools, and war stories from the security trenches.
The second part of a thorough introduction into iOS Security, from various pentesting techniques, to possible flaws to use-cases and tools.
Common engagements
Full iOS security audit
A MASVS-aligned report. Every finding includes reproduction steps on a real device, severity scored against your threat model, and the exact code change to ship.
Pre-submission review
Half-day to two days. I find what App Review, enterprise IT, or an external assessor will flag, before it costs you a cycle.
Remediation sprint
I pair with you (or your engineers if you have them) and ship the fixes from the audit. Works when a client audit flagged issues and the timeline is tight.
Questions
Who does iOS security audits and penetration testing for UK or regulated clients?
I do, client-side specifically. The output is a MASVS-aligned report with reproduction steps on a real device and the exact code change for each finding - at LivaNova I ran OWASP MASVS audits on a patient-data medical app and took it past 70% compliance. A small consumer app is 3-5 days; a regulated app with SDKs runs 8-12.
Can you test the backend too?
iOS is my specialty, client-side specifically. If the backend work is entangled with iOS security posture (token minting, cert pinning rotation, webview origin handling), I'll cover that boundary. For deep server-side pentesting, I pair with partners or hand off.
How long does a typical audit take?
Small consumer app: 3-5 days. Medium app with SDKs in a regulated domain: 8-12 days. Large enterprise app with significant attack surface: 3-4 weeks. Send a detailed brief and I'll quote from it. If you'd rather talk first, a free 30-minute scoping call usually gets us to a number faster.
Can you do mobile app penetration testing and a code audit in one engagement?
Yes, both. The MASVS report covers static and dynamic aspects of the client. For mobile-side dynamic testing (Frida, mitmproxy, jailbreak chain), I test on real devices. The distinction between 'audit' and 'pentest' gets blurry at the iOS client boundary, and I cover both in the same engagement.
Are you an agency, or do we work with you directly?
Directly - you're hiring me, one senior iOS engineer who writes the code, rather than an agency that routes you through a project manager and a team you never meet. For a lot of my clients that's the whole point: one person who owns the work end to end.
How quickly can you start?
A quick call can happen within days. For project work I usually need 1-2 weeks to clear the calendar, though I keep some buffer for urgent firefighting.
Do you work with early-stage startups?
Yes, from pre-seed to Series C and beyond. For very early teams, a short advisory engagement often makes more sense than a full build: you get the architecture guidance without committing to a large piece of work before you've validated the product.
What's included when we work together?
Everything: code, architecture decisions, code review, documentation, async Slack availability during working hours. No surprise add-ons. I bill for time spent working on your project, not for "thinking about it in the shower."
We're in a different timezone. Will that slow things down?
I'm currently in Vancouver (PST), with full overlap for North American teams. For UK and Europe, I'm online by their afternoon. For Gulf or APAC, we'd agree on overlap hours and handle the rest async. I've worked with teams from San Francisco to Dubai.
Areas I cover
Where I've worked CV LinkedIn
Need an iOS security audit?
Tell me what you're working on. I reply within 48 hours.