There is from memory discussion groups about Android and iOS security.
Now there is a thing where a new researched flamed about Facebook's app leaking personal information but they had omitted the fact that is the point and goal of that app.
I have been asked to come up with an approach for bench marking in Mobile app security.
Security researchers told me that it is wrong to compare SAST (Static app security testing) scanner reports of two different mobile applications. For example they said that I cannot take Facebook app and compare it with other apps as the vulnerabilities reported by the SAST scanner can be handled at a different layer or by business processes. So its not possible to bench mark using SAST scanner reports.
If this is the case, how would I go about bench marking on the mobile app security front as including Pen testing as well in addition to SAST Scanner reports will require too much man power due to the manual effort involved.
Would be grateful if anyone could help on this.