Case Study: Online Ticket Purchase Services Provider achieves protection from credential theft and MITM attacks with Apriorit

Online Ticket Purchase Services Provider - Customer Case Study

Online Ticket Purchase Services Provider operates mobile apps that let customers browse events, buy tickets, and view purchases. They engaged Apriorit to perform black-box security testing of a new Android app version to ensure account access data was protected both in motion and at rest, after discovering the app relied on cloud-stored financial data and needed focused analysis of authentication and transport security.

Apriorit performed installation and traffic analysis, discovered vulnerabilities (credentials and access tokens sent in plaintext, unencrypted local SQLite cache, incomplete root/startup checks) and delivered a report plus a prototype for runtime access-key generation (credentials hash + salt, device ID and timestamp) and AES message-body encryption. The client implemented Apriorit’s recommendations (SSL pinning, encrypted message bodies, no local credential storage, database encryption) and the updated app passed a second-round check; Apriorit’s engagement totaled 60 man-hours for testing and 40 man-hours to build the prototype, significantly reducing MITM and local-exposure risks.