Appearance
Security Reports
This section details how to retrieve detailed security analysis reports for applications analyzed through the Mobile Threat Intelligence platform.
Overview
Security reports provide comprehensive analysis of applications including:
- Libraries & Dependencies - Third-party libraries and frameworks used
- Trackers - Analytics and tracking libraries embedded
- Data Access - Sensitive data accessed by the application
- Data Modifications - Changes made to user data
- Data Leaks - Potential exfiltration of sensitive information
- Permissions - Requested system permissions
- Components - Application components (activities, services, receivers)
- Vulnerabilities - Security risks and misconfigurations
- Features - Suspicious behaviors detected
- Communications - Network endpoints contacted
- Filesystem Operations - File system access patterns
Retrieve Application Report
API Endpoint
bash
GET /v2/applications-catalog/analyses/{application_id}/reportRequest
bash
curl "https://api.pradeo-security.com/v2/applications-catalog/analyses/<application-id>/report" \
-H 'accept: application/json' \
-H "x-access-key: YOUR_ACCESS_KEY" \
-H "x-secret-key: YOUR_SECRET_KEY"Handling Analysis Errors
While using /v2/applications-catalog/applications, you can manage state by getting these properties :
hasAvailableReport: hint if a report is availableavailableReport: indicate the higher analysis done (manifest < overview < deep)
Endpoint /v2/applications-catalog/analyses/{id}/report return an error property error property on 404 with one of these values :
NO_BINARY_AVAILABLE: This application has no binary, so no analysis will be start until uploadANALYSIS_FAILED: All analysis for this application is on failed statusUNDER_ANALYSIS: No report available for now but in analysis, come back laterAPPLICATION_NOT_KNOWN: id you provide is not an application id
Response Format
The report contains the following sections:
json
{
"libraries": [...],
"trackers": [...],
"frameworks": [...],
"accesses": [...],
"dataModifications": [...],
"leaks": [...],
"permissions": [...],
"components": [...],
"vulnerabilities": [...],
"features": [...],
"communications": [...],
"filesystem": {...},
"database": [...],
"commands": [...],
"metadata": {...},
"errorCode": "NoError",
"errorMessage": ""
}Report Sections
Libraries
List of detected libraries and dependencies:
json
{
"libraries": [
{
"name": "Google Drive",
"package": "Lcom/google/android/gms/"
},
{
"name": "Google Firebase",
"package": "Lcom/google/firebase/"
}
]
}Trackers
Analytics and tracking services:
json
{
"trackers": [
{
"name": "Google Analytics",
"website": "https://analytics.google.com",
"category": ["Analytics"],
"documentation": []
}
]
}Data Access
Sensitive data accessed by the application:
json
{
"accesses": [
{
"type": "Device",
"matches": [...]
},
{
"type": "Location",
"matches": [...]
},
{
"type": "Contacts",
"matches": [...]
}
]
}Data Modifications
Changes made to user data:
json
{
"dataModifications": [
{
"type": "Account",
"matches": [...]
},
{
"type": "Contacts",
"matches": [...]
}
]
}Data Leaks
Potential exfiltration of sensitive information:
json
{
"leaks": [
{
"data": {
"type": "Device",
"matches": []
},
"sink": {
"type": "Network",
"category": "HTTP",
"name": "POST"
},
"flow": {...}
}
]
}Permissions
System permissions requested by the application:
json
{
"permissions": [
{
"permission": {
"name": "android.permission.ACCESS_FINE_LOCATION",
"system": "Android"
},
"manifest": true,
"runtime": {...}
}
]
}Components
Application components (activities, services, receivers, providers):
json
{
"components": [
{
"name": "com.example.MainActivity",
"kind": "Activity",
"exported": true,
"intentFilter": ["android.intent.action.MAIN"]
}
]
}Vulnerabilities
Security risks and misconfigurations:
json
{
"vulnerabilities": [
{
"type": "Potential Hard-Coded Secret",
"vulnerabilities": [
{
"vulnerability": {
"name": "Potential Hard-Coded Secret",
"impact": "MEDIUM"
},
"location": {...},
"vulnerableValue": "secret-key-123"
}
]
}
]
}Vulnerability Types:
- Hard-coded secrets
- Weak cryptography
- Exported components
- SQL injection risks
- Insecure storage
- Weak random generators
Features
Suspicious behaviors detected:
json
{
"features": [
{
"name": "Reflection",
"matches": [...]
},
{
"name": "DynamicCodeLoading",
"matches": [...]
}
]
}Feature Types:
- Reflection usage
- Dynamic code loading
- Native code execution
- Obfuscation
- Root/jailbreak detection
Communications
Network endpoints contacted by the application:
json
{
"communications": [
{
"method": "GET",
"scheme": "https",
"host": "api.example.com",
"port": "443",
"path": "/v1/users",
"query": {}
}
]
}Filesystem Operations
File system access patterns:
json
{
"filesystem": {
"read": [...],
"write": [...],
"delete": [...],
"create": [...]
}
}Metadata
Application metadata:
json
{
"metadata": {
"name": "Example App",
"packageName": "com.example.app",
"version": "1.0.0",
"versionCode": 1,
"sha1": "hash...",
"sha256": "hash...",
"md5": "hash..."
}
}Best Practices
- Cache Results - Store reports locally to minimize API calls
- Version Tracking - Compare reports across versions to track improvements
- Risk Assessment - Use vulnerabilities and permissions for risk scoring
- Regular Updates - Check for updated reports periodically
- Automated Processing - Parse JSON reports programmatically
- Performance - Use specific endpoints for needed sections
Report Example
See the MTI Application Documentation for a complete real-world example of a full security report.
Next Steps
- Application Submission - Submit applications for analysis
- Overview - Back to MTI integration overview
- API Reference - Full API documentation