Scanning an Android mobile app

Upload the APK file. It must be signed.

About this task

Support: Android versions up to 8.0 are supported.
Limitations:
  • If the APK file requires a specific mobile device (vendor), scanning might not be possible.
  • Apps with a root check are not supported.
  • Apps that require MDM (mobile device management) software to be installed on the mobile device are not supported.
  • Xamarin apps are not supported
Tip: Before you upload your APK file, make sure it can be installed on a mobile device.

Procedure

To scan your mobile app:

  1. If your app connects to a back-end server that is not available on the Internet ("private app") and an Presence does not yet exist on that server: Create an ASoC Presence.
  2. If you not yet done so: Create an application for your scans.
  3. In the Application, click Create Scan.
  4. In the What type of app? screen:
    • Public app: Click Mobile > Android > Public.
    • Private app: Click Mobile > Android > Private, then select the correct AppScan Presence from the list.
      Note: If an AppScan Presence has not yet been created, you can create it now by clicking Create Presence, and following the instructions here.
  5. In the Select your APK file screen: Drag-and drop the APK file, or browse to it and click Open.
  6. In the Name your scan screen:
    1. You can optionally change the scan name (the default scan name is the file name).
    2. If your app requires users to log in, select Yes and enter a valid user name and password so that ASoC is able to log in to the app to test it.
      Tip: Use test credentials rather than the credentials of an actual user.
    3. If your app requires a third credential, click Does the app require a third credential?, and enter a valid value, for example:
      PIN# = 1234
    4. Personal Scan: If you do not want the issues found in this scan to be aggregated with the rest of the issues found in this application, select the Run as a Personal Scan check box. For details see Personal scans.
    5. You can optionally select/clear the Send me an email when the scan is complete check box (selected by default).
    6. Click Scan.

Results

The new scan is added to the Scans view with its starting time, and a progress bar indicates that the scan is running. When the scan is complete the progress bar closes, the results are summarized in a graph, and (if selected) you receive an email notification. See Working with Scan Results.
Note: Free plan scans are limited to four hours in length, so large or complex sites may not be completely covered by these.