App-Ray logo

An X-Ray for apps

App-Ray is a fully automatic security analysis suite for Android apps. It identifies vulnerabilities, privacy violations, and insecure code patterns in any Android application. It thereby helps to understand the security implications of apps before deployment and helps to enforce regulatory compliance.

Applications Areas

  • Mobile Application Management
    • Take informed decisions when approving apps
    • Know the overall threat level every single app
    • Ensure apps' compliance with mobile security regulations before roll-out
  • Development and Test
    • Find data leaks and vulnerabilities before your customers do
    • Increase confidence by reporting security standard of your apps to customers
    • Discover insecure coding practices
    • Complement functional and regression testing with in-depth security inspection
    • Integration into continuous integration process
  • Pentesting
    • Find SQL injections
    • Unintentionally exported components
    • Information leaks
    • Static passwords, keys, and access tokens
    • Weak cryptography and broken TLS
    • Check for known vulnerabilites
    • Function call tracing
    • Inspection of network traffic, plaintext recovery from TLS


  • Discover security flaws
    • Exploits and malicious code
    • Remote code execution via 3rd-party libraries
    • Incorrect usage of encryption and TLS
    • Secret keys left in source code
    • SQL injections
    • Intent spoofing
  • Learn about data usage and leaks of an app
    • Data sources and sinks
    • Information leaks and loss of data
  • See if security best practices are applied
    • Encrypted communication and data storage
    • Protection against tapjacking
    • Improperly exported components
  • Be aware of user tracking and advertising capabilities
    • Libraries which track your location and behavior
    • Crash reporters revealing your private data
    • Aggressive advertisements
  • Get detailed information for your manual security evaluation
    • Code structure: Classes, Methods, Call graphs
    • Permissions, Interfaces, Components
    • Files and network traffic from runtime analysis
  • Receive clear customized reports
    • Evaluation according to your security requirements
    • Clear overview report, detailed inspection results
  • and much more

How it works

App-Ray combines bleeding-edge analysis static and dynamic analysis techniques developed by Fraunhofer AISEC research. It operates on Android bytecode and does not require the source code of an application. Users can choose whether they want to manually interact with the application in the test environment or whether the analysis should run fully automatically an unassisted.

Meta Data Analysis

In a first preparatory step, an app's meta data is assessed, revealing information about the application's permissions, components, and structure. Information gathered in this step sets the scope for the following static analysis.

Static Analysis

Static analysis investigates the bytecode and structure of an application withouth executing it. App-Ray features a highly efficient bidirectional data flow tracing, revealing unwanted data flows which can impose violations of security and privacy requirements. Threats to data integrity and secrecy such as SQL injections or unprotected Intents will be identified in this step.

Plain Dynamic Analysis

During plain dynamic analysis, the original app is executed in a test environment and its behavior is analyzed. Screenshots are taken, network traffic is recorded, and a full trace of syscalls and accessed files is created. Private information sent out to advertisement and user profiling platforms is identified. Users can choose whether they wish to interact with the app or whether the analysis runs fully automatically.


Instrumentation makes slight modification to the app in order to extract specific information from it in a hybrid static/dynamic analysis. Guided by potential findings from the static analysis step, specific versions of the app are crafted which automatically jump to relevant parts and provide meaningful information when executed.

Hybrid Analysis

Guided by knowledge gained from static analysis and modifications injected by instrumentation, App-Ray's hybrid analysis engine investigates the app's runtime behavior under specific security-relevant conditions and ensures that critical parts of the app are executed and observed. Tracing of individual function calls and register values allow deep insights into the app's behavior. The hybrid engine attempts to provoke execution of vulnerable code fragments and records encrypted traffic in plaintext, allowing inspection for private information.


App-Ray presents its most relevant findings in a clearly structured overview. A drill-down into detailed analysis results and raw data of the analysis is possible. All analysis results are stored in App-Ray and can be retrieved at a later time. In addition, a signed report document can be downloaded.

See it in Action


App-Ray comes in two flavors: Hosted and On Site


  • Scan your own Apps
  • Overview of Threats
  • Detailed Findings
  • Cloud Based Service

More Info

On Site

  • Scan your own Apps
  • Overview of Threats
  • Access to Raw Data
  • Customized Tests
  • On Site Installation

More Info
The Hosted license is intended for security professionals and pentesters.
App-Ray saves hours of repetitive work and provides detailed analysis data.

Get started immediately and focus on your strengths, instead of routine tasks.

  • Define your own security requirements and check apps against them
  • Get access to all detailed analysis results
  • Use App-Ray with the hassle-free web interface
  • Updates and bug fixes will be applied regularly
For Corporate customers, we provide full control over App-Ray with our on site installation.

Integrate App-Ray into your IT infrastructure or Mobile Device Management (MDM) solution and set up a Trusted AppStore.

  • Tests can tailored to your individual security criteria
  • Access raw results for programmatic evaluation and integration into your development chain
  • Integration into your existing IT infrastructure
  • Updates and bug fixes on a regular basis

If you are interested in a free demo, please do not hesitate to contact us:

Access the demo

An online demo of App-Ray is available for a closed user group. If you have retrieved a demo account, click here to get started.

About Us

Julian Schütte

Julian graduated from Technical University of Darmstadt in 2007 with a Diploma (equiv. MS) in Computer Science and a focus on IT security. In 2013, he received his doctorate from Technical University of Munich based on his studies on security policy frameworks for distributed and dynamic service architectures.
Since 2007 he is working for Fraunhofer where he is conducting research on secure mobile systems. Since 2013, he is co-leading a research group for service & application security. Besides his research activities, Julian pursues the development of tools which allow people to use complex technology in a secure and easy way.

www Xing LinkedIn

Dennis Titze

Dennis graduated from Technical University of Munich in 2012 with a Master of Science in Computer Science and a focus on IT security.
Since 2012 he is working for Fraunhofer AISEC where he is doing his PhD in the context of information flow analysis.
Besides his PhD studies he is conducting research on secure mobile systems and on automated application analysis.