My Android and iOS applications are ready for a full-scale security check and I’m looking for a Certified Ethical Hacker who specialises in mobile VAPT to carry it out. Although I’d like the usual end-to-end coverage, the real priority is deep, dynamic analysis: I want to see how the apps behave in real time under hostile conditions, with a special eye on insecure communication channels. Here’s what I expect you to tackle: • Probe every network interaction for weaknesses—SSL/TLS mis-configurations, certificate-pinning bypasses, API endpoint tampering, man-in-the-middle scenarios and any other gaps that could leak data in transit. • Examine runtime behaviour for issues such as improper authentication, code injection, or logic flaws that only surface once the app is running. • Where dynamic findings point to a likely code-level problem, dip into the static side to confirm root causes so your remediation advice is concrete. Deliverables I need from you: 1. A comprehensive report outlining each vulnerability (risk rating, reproduction steps, screenshots / poc scripts). 2. Clear remediation guidance that my dev team can act on quickly. 3. A short debrief call or recorded walkthrough so everyone understands the findings. Tooling is up to you—Burp Suite with a mobile extension, OWASP ZAP, Frida, custom scripts, whatever achieves reliable, repeatable results. Just let me know what you plan to use before kicking off so we can align environments. Tell me about similar mobile tests you’ve led, any CVEs you’ve filed, and the turnaround time you can commit to. Once agreed, I’ll provide the APK, IPA and test credentials so you can begin right away.