Decompiles an APK and extracts Retrofit HTTP annotations and OkHttp3 endpoints from smali bytecode. Outputs a list of API endpoints or a Postman collection.

Parses AndroidManifest.xml from an APK. Extracts package info, activities, services, receivers, intent filters, and highlights security-relevant flags like exported components, debuggable, and allowBackup.

Extracts and categorizes permissions requested by an APK. Dangerous permissions (those that grant access to sensitive user data or device features) are highlighted separately.

Extracts Google and Firebase configuration from an APK. Parses google-services.json if present, then scans resources.arsc for string values using the strings command. If a smali_folder (apktool output) is provided, parses res/values/strings.xml directly for structured key=value output.

Scans an APK for hardcoded secrets and API keys. Without smali_folder: runs strings on classes*.dex and resources.arsc, plus scans text assets inside the APK. With smali_folder (apktool output): scans res/values/strings.xml and assets as plain text files.

Parses Info.plist from an IPA file. Extracts bundle ID, version, URL schemes, App Transport Security settings, background modes, and highlights insecure configurations.

Extracts privacy permission usage descriptions from an IPA's Info.plist. Each permission is categorized by risk level (HIGH / MEDIUM / LOW) with an explanation.

Extracts and analyzes entitlements embedded in the iOS app binary using codesign. Detects dangerous entitlements like get-task-allow (debug builds), iCloud containers, and keychain groups.

Extracts printable strings from an iOS app binary and filters for security-relevant patterns: HTTP/S URLs, API keys, AWS/Firebase/Google credentials, email addresses, and private IP addresses.

Lists all third-party frameworks bundled inside an IPA (from the Frameworks/ directory). Maps known frameworks to categories: networking, analytics, ads, attribution, crash reporting, etc. Highlights privacy-relevant SDKs.

Extracts Google and Firebase configuration from an IPA. Parses GoogleService-Info.plist for API key, project ID, database URL, storage bucket, GCM sender ID, and OAuth client IDs. Also applies Google pattern scanning across all text plist and JSON files in the IPA.

Scans an IPA for hardcoded secrets and API keys. Layer 1: scans text resource files (JSON, XML, .strings, XML plists) inside the IPA. Layer 2: extracts the app binary and runs the strings command to find constants in compiled code.