Unified security analysis · Android + iOS

mSAS
Mobile Security Analysis Suite

Comprehensive static analysis for .apk and .ipa files. Real DEX & Mach-O parsing, manifest analysis, certificate inspection, entropy-aware secrets detection. All running in your browser.

Analyze APK Analyze IPA
100% client-side No upload, no telemetry Browser-based, no install SARIF / JSON / CSV / PDF export ADB WebUSB device auditing
APKDEX · AXML · Cert · Secrets
IPAMach-O · Plist · Entitlements · ATS
Rules230+ · OWASP · MASVS · CWE
ExportSARIF 2.1 · JSON · CSV · PDF
ADBWebUSB · Shell · Files · Security

Choose Your Platform

Pick the tool that matches your target platform — static analysis or live device auditing — and start in seconds.

~/tools/apk-auditor
📱

APK Auditor

Deep static analysis for Android applications. Scans DEX bytecode, AndroidManifest.xml, signing certificates, and identifies 150+ security patterns including cryptography flaws, insecure storage, and code execution risks.

150+ Rules DEX Bytecode Manifest Audit Certificate Check Native Libs Entropy Scanner MASVS Mapping OWASP Coverage SARIF Export
Launch APK Auditor
~/tools/ipa-auditor
🍎

IPA Auditor

Deep static analysis for iOS applications. Inspects Mach-O binaries, Info.plist, provisioning profiles, entitlements, ATS configuration, and detects 80+ security issues across privacy, data storage, and network security domains.

80+ Rules Mach-O Binary Plist Analysis Provisioning Entitlements ATS Audit Privacy Checks Framework Scan SARIF Export
Launch IPA Auditor
~/tools/adb-auditor
🤖

ADB Auditor

Browser-based Android device security auditing over WebUSB. Connect live devices, browse filesystems with root support, run shell commands, analyze app storage and permissions, capture screenshots, and run OWASP MASTG-aligned security scans in real time.

WebUSB + ADB App Analysis File Browser Shell Access Root Mode Screenshot Security Audit Logcat Viewer SARIF Export
Launch ADB Auditor