Mobile App Insights Endpoints

See the Introduction for an overview of the API and information relevant to all API operations.

List Insights

This endpoint provides a JSON object with a mobile_app_insights and a pagination_information key. The mobile_app_insights key contains a list of insights related to a Data Theorem’s customer’s apps while the pagination_information key provides cursor based pagination details for the JSON object response.

In addition to the insights data, the JSON objects contains a link to the insights on the customer facing portal for the linked mobile app.

The JSON object response can be filtered based on the following query parameters:

  • cursor - retrieve a paginated list of mobile app insights using the specified cursor.
  • mobile_app_platform - filters the list of mobile app insights to apps within the specified platform.
  • mobile_app_release_type - filters the list of mobile app insights to apps within the specified release type.
  • mobile_app_bundle_id - filters the list of mobile app insights to apps with the given bundle id. This query parameter should be used in combination with the mobile_app_platform and mobile_app_bundle_id in order to filter down to a specific mobile app.

Additional app data can be retrieved with the include query parameter, multiple can be passed in one request:

  • ios_entitlements - the response will include the mobile app’s entitlements.
  • ios_privacy_manifests - the response will include a list of each privacy manifest and any SDK data associated with it.

When retrieving ios_privacy_manifests, these can have SDK links, and will include

  • file_name - path to the PrivacyInfo.xcprivacy file.
  • binary_file - path to the associated binary.
  • manifest_as_json - contents of PrivacyInfo.xcprivacy file as a JSON string.
  • has_sdk_info - whether there is related SDKs to this PrivacyInfo.xcprivacy file.
  • related_sdks - SDK id and sdk_in_mobile_app_id.

Sample Request

1
2
3
4
GET https://api.securetheorem.com/apis/mobile_security/results/v2/mobile_app_insights
GET https://api.securetheorem.com/apis/mobile_security/results/v2/mobile_app_insights?include=ios_entitlements
GET https://api.securetheorem.com/apis/mobile_security/results/v2/mobile_app_insights?include=ios_privacy_manifests
GET https://api.securetheorem.com/apis/mobile_security/results/v2/mobile_app_insights?include=ios_entitlements&include=ios_privacy_manifests

Sample Response

The following sample response shows insights for an Android app, as well as for an iOS app. Note that certain insights are specific to one platform or the other – such fields are prefixed with android_ or ios_.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
{
  "mobile_app_insights": [
    {
      "mobile_app_id": "12345",
      "mobile_app_platform": "ANDROID",
      "mobile_app_release_type": "APP_STORE",
      "mobile_app_bundle_id": "com.foo.bar",

      // Android specific insights
      "android_target_sdk_version": "27",
      "android_minimum_sdk": "22",
      "android_version_name": "5.5.2",
      "android_version_code": "8858",
      "android_apk_signature_key_size": "4096 bit",
      "android_sha512_hash": "93a34b3242d908c3843434d74842a13...",
      "android_exposed_app_activities": [
        "com.foo.MainActivity",
        "com.bar.SplashActivity"
      ],
      "android_exposed_app_content_providers": [
        "com.foo.Provider"
      ],
      "android_exposed_app_services": [
        "com.foo.CheckRuntimePermissionActivity",
        "com.bar.WebViewActivity",
        "com.buzz.ConfigActivity"
      ],
      "android_exposed_app_broadcast_receivers": [
        "com.foo.UpdateReceiver",
        "com.bar.BroadcastReceiver",
        "com.buzz.BootReceiver"
      ],
      "android_native_components_loaded": [
        "com.foo.Bar"
      ],
      "android_permissions": [
        "android.permission.CAMERA",
        "android.permission.RECORD_AUDIO",
        "android.permission.WRITE_EXTERNAL_STORAGE"
      ],

      // Cross-platform insights
      "microphone_accessed_by": [
        "foo::Bar::async::foo_bar<unsigned long long, long long>::next"
      ],
      "camera_accessed_by": [
        "Foo.CameraInputController"
      ],
      "calendar_data_accessed_by": [
        "Foo::Calendar::Bar"
      ],
      "contacts_accessed_by": [
        "_foo_BARContactStore"
      ],
      "photo_library_accessed_by": [
        "GIFCreator.FooController"
      ],
      "reminders_accessed_by": [
        "FooBarReminder"
      ],
      "location_accessed_by": [
        "FooLocationSDK",
        "NavigationBar"
      ],
      "advertisement_identifier_accessed_by": [
        "FBAdUtility",
        "FBSDKAppEventsUtility"
      ],
      "open_server_ports": [
        "127.0.0.1:631"
      ],
      "content_of_the_app_container": [
        "FooBar"
      ],
      "hard_coded_secrets": [
        "FooSecretKey"
      ],
      "custom_fonts": [
        "arial.ttf",
        "Foo-Medium.ttf",
        "Bar-Bold.ttf"
      ],

      // Communication insights
      "communicates_with_first_party_origins": [
        "http://foo.bar",
        "https://foo.baz"
      ],
      "communicates_with_third_party_origins": [
        "https://api.crashlytics.com",
        "https://data.flurry.com",
        "https://graph.facebook.com"
      ],
      "communicates_with_countries": ["KE", "CN"],
      "communicates_with_ip_addresses": [
        "1.2.3.4",
        "5.6.7.8"
      ],
      "communicates_with_blacklisted_ip_addresses": [
        {
          "ip_address": "5.6.7.8",
          "category": "MALWARE",
          "reason": "MALWARE"
        }
      ],

      "portal_url": "https://securetheorem.com/app/12345/info",
      "links": [
        {
          "href": "mobile_apps/12345",
          "rel": "mobile_app",
          "type": "GET"
        },
        {
          "href": "mobile_app_insights?mobile_app_bundle_id=com.foo.bar&mobile_app_release_type=PRE_PROD&mobile_app_platform=ANDROID",
          "rel": "self",
          "type": "GET"
        }
      ]
    },
    {
      "mobile_app_id": "67890",
      "mobile_app_platform": "IOS",
      "mobile_app_release_type": "PRE_PROD",
      "mobile_app_bundle_id": "com.foo.bar",

      // iOS specific insights
      "ios_minimum_sdk": "8.0",
      "ios_base_sdk": "10.3",
      "ios_healthkit_accessed": true,
      "ios_supports_apple_watch": true,
      "ios_supports_face_id": true,
      "ios_supports_imessage": true,
      "ios_permissions": [
        "Photo Library (Write Only)",
        "Location (Always)",
        "FaceID"
      ],
      "ios_universal_links_domains": [
        "test.ly",
        "foob.ar"
      ],
      "ios_app_extensions": [
        "iMessage App",
        "Custom Keyboard",
        "Watch App"
      ],
      // Available with their include parameter
      "ios_entitlements": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n<plist version=\"1.0\">\n<dict>\n<key>application-identifier</key>\n<string>G2CH4R123V.com.example.app</string>\n<key>aps-environment</key>\n<string>production</string>\n<key>com.apple.developer.default-data-protection</key>\n<string>NSFileProtectionComplete</string>\n<key>com.apple.developer.team-identifier</key>\n<string>G2CH4R123V</string>\n</dict>\n</plist>",
      "ios_privacy_manifests": [
        {
          "file_name": "MyApp.app/PrivacyInfo.xcprivacy",
          "binary_file": "MyApp.app/MyApp",
          "manifest_as_json": "{\"NSPrivacyAccessedAPITypes\": [{\"NSPrivacyAccessedAPIType\": \"NSPrivacyAccessedAPI...",
          "has_sdk_info": false
        },
        {
          "file_name": "MyApp.app/Frameworks/MySDK.framework/PrivacyInfo.xcprivacy",
          "binary_file": "MyApp.app/Frameworks/MySDK.framework/MySDK",
          "manifest_as_json": "{\"NSPrivacyAccessedAPITypes\": [{\"NSPrivacyAccessedAPIType\": \"NSPrivacyAccessedAPI...",
          "has_sdk_info": true,
          "related_sdks": [
            {
              "id": "44d15a7a-e0b5-5a21-94b6-a61d5e427dc7", 
              "sdk_in_mobile_app_id": "67890-005432"
            }
          ]
        }
      ],

      // Cross-platform insights
      "reminders_collected_by": [
        "FooBarReminder"
      ],
      "microphone_accessed_by": [
        "foo::Bar::async::foo_bar<unsigned long long, long long>::next"
      ],
      "camera_accessed_by": [
        "Foo.CameraInputController"
      ],
      "calendar_data_accessed_by": [
        "Foo::Calendar::Bar"
      ],
      "contacts_accessed_by": [
        "_foo_BARContactStore",
        "ContactsDataSource.FOO"
      ],
      "photo_library_accessed_by": [
        "GIFCreator.FooController"
      ],
      "location_accessed_by": [
        "FooLocationSDK",
        "FooLocationManager",
        "FooBatteryOptimizer"
      ],
      "advertisement_identifier_accessed_by": [
        "FBAdUtility",
        "FBSDKAppEventsUtility"
      ],
      "open_server_ports": [
        "127.0.0.1:631"
      ],
      "content_of_the_app_container": [
        "FooBar"
      ],
      "hard_coded_secrets": [
        "FooSecretKey"
      ],
      "custom_fonts": [
        "arial.ttf",
        "Foo-Medium.ttf",
        "Bar-Bold.ttf"
      ],

      "communicates_with_first_party_origins": [
        "http://foo.bar",
        "https://foo.baz"
      ],
      "communicates_with_third_party_origins": [
        "https://api.crashlytics.com",
        "https://data.flurry.com",
        "https://graph.facebook.com"
      ],
      "communicates_with_countries": ["RU"],
      "communicates_with_ip_addresses": [
        "1.2.3.4",
        "5.6.7.8"
      ],
      "communicates_with_blacklisted_ip_addresses": [
        {
          "ip_address": "5.6.7.8",
          "category": "HIJACKED_DOMAIN",
          "reason": "HIJACKED_DOMAIN"
        }
      ],

      "portal_url": "https://securetheorem.com/app/67890/info",
      "links": [
        {
          "href": "mobile_apps/67890",
          "rel": "mobile_app",
          "type": "GET"
        },
        {
          "href": "mobile_app_insights?mobile_app_bundle_id=com.foo.bar&mobile_app_release_type=PRE_PROD&mobile_app_platform=IOS",
          "rel": "self",
          "type": "GET"
        }
      ]
    }
  ],
  "pagination_information": {
      "total_count": "2"
  }
}