Enabling Smart Savings with End-to-End App Security Assessment for MeSusu
How Seasia Infotech helped a goal-based savings app launch with zero open vulnerabilities and full GDPR readiness.
Project Overview
MeSusu makes disciplined saving simple. Users set a goal (school fees, emergencies, trips), deposit small amounts every day, and unlock bonuses on completion – all without needing a bank account thanks to mobile-money integration. With financial data and personal identifiers flowing through the app, security testing for mobile apps and regulatory compliance were mission-critical.
Project Overview
MeSusu makes disciplined saving simple. Users set a goal (school fees, emergencies, trips), deposit small amounts every day, and unlock bonuses on completion – all without needing a bank account thanks to mobile-money integration. With financial data and personal identifiers flowing through the app, security testing for mobile apps and regulatory compliance were mission-critical.
Key Challenges the Business Faced
MeSusu asked Seasia Infotech to run an accelerated, end-to-end security test cycle that would identify gaps, guide fast fixes, and prove compliance to investors and regulators.
Sensitive data everywhere
- PII, transaction histories, KYC documents.
Multiple threat surfaces
- Android, iOS, Node.js APIs and a MongoDB cluster.
Regulatory clock ticking
- The team needed full GDPR compliance for mobile apps before launch.
Seasia Infotech’s Comprehensive Solution
Seasia Infotech developed a next-generation AI-powered video creation tool powered by Generative AI and Computer Vision. The automated video creation platform allows MetaBuild to generate professional-quality videos directly from text or image inputs.
Methodology
- Threat Modeling & Scope Definition
- Automated Recon & Static Analysis – MobSF, OWASP ZAP.
- Manual Penetration Testing – Business-logic abuse, auth bypass, API fuzzing.
- GDPR Assessment – Consent flows, data-deletion paths, logging & audit trails.
- Secure-Code Workshops – Daily defect triage with MeSusu dev squad.
- Regression Validation – Retest after fixes, final sign-off.
Key Areas Tested
- Goal-Based Savings Workflow – Integrity of contribution tracking and payouts.
- Reward Distribution – Anti-fraud controls around bonus unlocks.
- Mobile-Money Integration – Token handling, callback validation.
- Identity & Consent Management – Sign-up, KYC, ‘Right to be Forgotten’.
- Referral & Incentive Programs – Abuse vectors and enumeration risks.
Our Technology Stack
Programming Languages
Kotlin (Android)
Swift (iOS)Backend
MongoDBAuthorization
JWT tokens
Device BiometricsSecurity Tooling
Burp Suite
MobSF
OWASP ZAP
Postman
GDPR checklistProgramming Languages
Kotlin (Android)Swift (iOS)Backend
MongoDBAuthorization
JWT tokensDevice BiometricsSecurity Tooling
Burp SuiteMobSFOWASP ZAPPostmanGDPR checklistResults Delivered
12 Vulnerabilities Closed
1 High, 3 Medium, 8 Low — all remediated pre-launch.
100% GDPR Compliance
Verified consent logs, data-export & deletion flows.
Hardened Mobile Apps
Biometric unlock, root detection, certificate pinning, improved crypto.
90% Fix Rate in 2 Sprints
Action-oriented reports and daily syncs cut turnaround time dramatically.
Zero Findings in Final Audit
MeSusu sailed through both internal and third-party mobile app security audits.
Why MeSusu Chose Seasia Infotech
Fintech Security DNA
20+ regulated financial products secured.
Sprint-Aligned Delivery
Findings delivered in daily, developer-friendly bite sizes.
Regulatory Know-How
GDPR, PCI DSS, SOC 2, ISO 27001 experts on call.
Transparent Collaboration
Shared Jira board, live Slack channel, and fix-validation videos.
Ready to Bulletproof Your Fintech App?
Seasia’s mobile app development security engineers can embed with your team, hunt for vulnerabilities, and shepherd fixes, fast. Let’s safeguard your next release.
What They Say
Working with Seasia Infotech has been an incredible experience from start to finish. What began as a vision for a centralized real estate marketplace...
Vish Walia
CEO at Realesta
