Enabling Smart Savings with End-to-End App Security Assessment for MeSusu

How Seasia Infotech helped a goal-based savings app launch with zero open vulnerabilities and full GDPR readiness.

Protect Your App — Start Now

Project Overview

INDUSTRY

Fintech

PROJECT DURATION

6 Weeks

MeSusu makes disciplined saving simple. Users set a goal (school fees, emergencies, trips), deposit small amounts every day, and unlock bonuses on completion – all without needing a bank account thanks to mobile-money integration. With financial data and personal identifiers flowing through the app, security testing for mobile apps and regulatory compliance were mission-critical.

Project Overview

INDUSTRY

Fintech

PROJECT DURATION

6 Weeks

INDUSTRY

Fintech

PROJECT DURATION

6 Weeks

Key Challenges the Business Faced

MeSusu asked Seasia Infotech to run an accelerated, end-to-end security test cycle that would identify gaps, guide fast fixes, and prove compliance to investors and regulators.

Sensitive data everywhere

PII, transaction histories, KYC documents.

Multiple threat surfaces

Android, iOS, Node.js APIs and a MongoDB cluster.

Regulatory clock ticking

The team needed full GDPR compliance for mobile apps before launch.

Seasia Infotech’s Comprehensive Solution

Seasia Infotech developed a next-generation AI-powered video creation tool powered by Generative AI and Computer Vision. The automated video creation platform allows MetaBuild to generate professional-quality videos directly from text or image inputs.

Methodology

Threat Modeling & Scope Definition
Automated Recon & Static Analysis – MobSF, OWASP ZAP.
Manual Penetration Testing – Business-logic abuse, auth bypass, API fuzzing.
GDPR Assessment – Consent flows, data-deletion paths, logging & audit trails.
Secure-Code Workshops – Daily defect triage with MeSusu dev squad.
Regression Validation – Retest after fixes, final sign-off.

Key Areas Tested

Goal-Based Savings Workflow – Integrity of contribution tracking and payouts.
Reward Distribution – Anti-fraud controls around bonus unlocks.
Mobile-Money Integration – Token handling, callback validation.
Identity & Consent Management – Sign-up, KYC, ‘Right to be Forgotten’.
Referral & Incentive Programs – Abuse vectors and enumeration risks.

Our Technology Stack

Programming Languages

Kotlin (Android)

Swift (iOS)

Backend

Node.js

Express

MongoDB

Authorization

JWT tokens

Device Biometrics

Security Tooling

Burp Suite

MobSF

OWASP ZAP

Postman

GDPR checklist

Results Delivered

12 Vulnerabilities Closed
1 High, 3 Medium, 8 Low — all remediated pre-launch.
100% GDPR Compliance
Verified consent logs, data-export & deletion flows.
Hardened Mobile Apps
Biometric unlock, root detection, certificate pinning, improved crypto.
90% Fix Rate in 2 Sprints
Action-oriented reports and daily syncs cut turnaround time dramatically.
Zero Findings in Final Audit
MeSusu sailed through both internal and third-party mobile app security audits.

Why MeSusu Chose Seasia Infotech

Fintech Security DNA
20+ regulated financial products secured.
Sprint-Aligned Delivery
Findings delivered in daily, developer-friendly bite sizes.
Regulatory Know-How
GDPR, PCI DSS, SOC 2, ISO 27001 experts on call.
Transparent Collaboration
Shared Jira board, live Slack channel, and fix-validation videos.

Ready to Bulletproof Your Fintech App?

Seasia’s mobile app development security engineers can embed with your team, hunt for vulnerabilities, and shepherd fixes, fast. Let’s safeguard your next release.

Talk to our security testing specialists

What They Say

A unified, enterprise-grade suite of proprietary AI tools that accelerates software delivery, enhances system reliability, and significantly reduces time A unified, enterprise-grade suite of proprietary AI tools that accelerates software delivery, enhances system reliability, and significantly. Read More