How long does an app analysis take?

An app analysis is usually ready within 30-40 minutes, which is relatively fast, compared to a few days of work if the tests were processed manually.

The actual scan time depends on the complexity, the size and possible obfuscation of the app – it may vary from 5-10 minutes to 1-2 hours.

What kind of applications can be analyzed?

Any kind of Android or iOS application can be analyzed which is running on Android 4.x – 9.x or iOS 8.0 – 12.x, native apps (built with Android Studio or XCode), using native code (Java, Objective-C, Swift 3-4) or using frameworks (e.g. Kotlin).

How many users can I have on App-Ray?

You can add as many users as you need. Licenses are assigned to your organization, and users inside access all analysis results – but no one else.

Users can also have different roles: full access, read only and observer.

What if I don’t have the application itself, only a URL?

App-Ray is able to pull applications from HTTP/HTTPS/FTP URLs. If you don’t have the file itself, there are several ways available to fetch them from remote resources, app stores or devices. Let us know about your use case and we’ll provide you the best fitting solution.

Can I integrate App-Ray in the development process?

Yes, App-Ray integration is available. We provide integration for JIRA, Jenkins and we are working on additional integrations as well, based on our REST API. Contact us to see examples and find the best way for your use case.

What is risk score and how is it being calculated?

Risk scores are attributes of the applications and provide an easy way to compare scan results based on how risky the applications are. Based on a mathematic formula, a score number is being calculated, where 0 means the application is safe, and 100 means the application has several serious issues.

How are the issues being categorized?

The issues found in an app are categorized as low, medium and high severity issues, based on our experiences, customer feedbacks and the highest security standards of the industry, such as OWASP. An issue, for example an SQL injection vulnerability will definitely be a high severity issue, while another ones, like voice recording doesn’t necessarily mean problems – therefore they have lower severity.

Custom categorization is also possible in order to see whether the app is compliant with your corporate policies, whether it’s having any issues of the OWASP Mobile Top10 and so on.

How about the most recent issues?

Our extensive developer team is constantly working on keeping our software up-to-date. If there’s a new vulnerability explored, we always do our best to provide a way to detect it in a few days to make sure your apps meet the requirements of even the highest security standards.

How about integration, API?

All of these functionalities are available through REST API as well – the well-documented application interface can help you to integrate App-Ray with all sorts of software for development, mobile device management or other tools. Contact us and we will gladly help you with the details of the API access.


If you have any further questions, feel free to contact us via email: