Appearance
Security Reports
This section details how to retrieve detailed security analysis reports for applications analyzed through the Mobile Threat Intelligence platform.
Overview
Security reports provide comprehensive analysis of applications including:
- Libraries & Dependencies - Third-party libraries and frameworks used
- Trackers - Analytics and tracking libraries embedded
- Data Access - Sensitive data accessed by the application
- Data Leaks - Potential exfiltration of sensitive information
- Permissions - Requested system permissions
- Components - Application components (activities, services, receivers)
- Vulnerabilities - Security risks and misconfigurations
- Features - Suspicious behaviors detected
- Communications - Network endpoints contacted
- Filesystem Operations - File system access patterns
WARNING
Code location information will be removed from this report and would be accessible once the commercial offer of "Detailed catalog audit" will be raised. Do not rely on "matches" and "flow" properties
Retrieve Application Report
API Endpoint
bash
GET /v2/applications-catalog/application-reportRequest
With version :
bash
curl "https://api.pradeo-security.com/v2/applications-catalog/application-report?package=my.package&system=Android&version=x.y.z" \
-H 'accept: application/json' \
-H "x-access-key: YOUR_ACCESS_KEY" \
-H "x-secret-key: YOUR_SECRET_KEY"Without version (match the latest available report) :
bash
curl "https://api.pradeo-security.com/v2/applications-catalog/application-report?package=my.package&system=iOS" \
-H 'accept: application/json' \
-H "x-access-key: YOUR_ACCESS_KEY" \
-H "x-secret-key: YOUR_SECRET_KEY"On iOS, package is the bundleId.
Handling Analysis Errors
If no report is available, this endpoint will return a 404, please in this case submit the application using Application Submission.
This method try to get the nearest report based on package/system/version provided, you can check the HTTP header :
X-PERFECT-MATCH: true if we find the exact versionX-PENDING-ANALYSIS: true if more report content will arrive
Response Format
The report contains the following sections:
json
{
"libraries": [...],
"trackers": [...],
"frameworks": [...],
"accesses": [...],
"leaks": [...],
"permissions": [...],
"components": [...],
"vulnerabilities": [...],
"features": [...],
"communications": [...],
"filesystem": {...},
"database": [...],
"commands": [...],
"metadata": {...},
"errorCode": "NoError",
"errorMessage": ""
}Report Sections
Libraries
List of detected libraries and dependencies:
json
{
"libraries": [
{
"name": "Google Drive",
"package": "Lcom/google/android/gms/"
},
{
"name": "Google Firebase",
"package": "Lcom/google/firebase/"
}
]
}Trackers
Analytics and tracking services:
json
{
"trackers": [
{
"name": "Google Analytics",
"website": "https://analytics.google.com",
"category": ["Analytics"],
"documentation": []
}
]
}Data Access
Sensitive data accessed by the application:
json
{
"accesses": [
{
"type": "Device",
"matches": [...]
},
{
"type": "Location",
"matches": [...]
},
{
"type": "Contacts",
"matches": [...]
}
]
}Data Leaks
Potential exfiltration of sensitive information:
json
{
"leaks": [
{
"data": {
"type": "Device",
"matches": []
},
"sink": {
"type": "Communication",
},
"flow": {...}
}
]
}Permissions
System permissions requested by the application:
json
{
"permissions": [
{
"permission": {
"name": "android.permission.ACCESS_FINE_LOCATION",
"system": "Android"
},
"manifest": true,
"runtime": {...}
}
]
}Components
Application components (activities, services, receivers, providers):
json
{
"components": [
{
"name": "com.example.MainActivity",
"kind": "Activity",
"exported": true,
"intentFilter": ["android.intent.action.MAIN"]
}
]
}Vulnerabilities
Security risks and misconfigurations:
json
{
"vulnerabilities": [
{
"type": "Potential Hard-Coded Secret",
"vulnerabilities": [
{
"vulnerability": {
"name": "Potential Hard-Coded Secret",
"impact": "MEDIUM"
},
"location": {...},
"vulnerableValue": "secret-key-123"
}
]
}
]
}Vulnerability Types:
- Hard-coded secrets
- Weak cryptography
- Exported components
- SQL injection risks
- Insecure storage
- Weak random generators
Features
Suspicious behaviors detected:
json
{
"features": [
{
"name": "Reflection",
"matches": [...]
},
{
"name": "DynamicCodeLoading",
"matches": [...]
}
]
}Feature Types:
- Reflection usage
- Dynamic code loading
- Native code execution
- Obfuscation
- Root/jailbreak detection
Communications
Network endpoints contacted by the application:
json
{
"communications": [
{
"method": "GET",
"scheme": "https",
"host": "api.example.com",
"port": "443",
"path": "/v1/users",
"query": {}
}
]
}Filesystem Operations
File system access patterns:
json
{
"filesystem": {
"read": [...],
"write": [...],
"delete": [...],
"create": [...]
}
}Metadata
Application metadata:
json
{
"metadata": {
"name": "Example App",
"packageName": "com.example.app",
"version": "1.0.0",
"versionCode": 1,
"sha1": "hash...",
"sha256": "hash...",
"md5": "hash..."
}
}Best Practices
- Cache Results - Store reports locally to minimize API calls
- Version Tracking - Compare reports across versions to track improvements
- Risk Assessment - Use vulnerabilities and permissions for risk scoring
- Regular Updates - Check for updated reports periodically
- Automated Processing - Parse JSON reports programmatically
- Performance - Use specific endpoints for needed sections
Next Steps
- Application Submission - Submit applications for analysis
- Overview - Back to MTI integration overview
- API Reference - Full API documentation
