I have two production-level mobile apps—one on iOS, one on Android—and I want a clear, trustworthy picture of how secure they really are. Your job is to run a full penetration test focused on identifying vulnerabilities only; I’m not looking for remediation work at this stage, just an honest, detailed map of every weakness you can uncover. You may use any standard mobile-testing toolkit you prefer (Burp Suite, OWASP MSTG methods, MobSF, Frida, dynamic and static analysis, etc.) as long as your approach is non-destructive and respects user data. The apps rely on typical RESTful APIs with token-based authentication, but I’ll provide test accounts, source APK/IPA files, and backend endpoints as needed. What I expect as the final deliverable: • A consolidated report covering both iOS and Android versions • Each finding ranked by severity, with clear reproduction steps and supporting screenshots or logs • Practical, high-level remediation recommendations for my development team Please estimate how long you need for a full assessment of both builds and include any similar mobile engagements you’ve done. I’m ready to start as soon as you sign an NDA.