Your mobile app does a lot of things

Don't let unknown vulnerabilities put user data at risk

Scan your app for free

AppCritique finds vulnerabilities, data leaks, and everything in between

Mobile apps are a necessary component of today’s communications. To operate effectively in the mobile environment, organizations are being called on to visualize, integrate, and leverage disparate information sources to dramatically extend their performance, efficiency, and reach. Users are eager to adopt these new tools anywhere, in the office and on the move. Mobile apps—whether built in-house or purchased from the outside—must be secure for both users and organizations.

Despite their ability to enhance productivity and business operation, mobile apps can introduce functional, performance, and security issues. Mobile malware is increasing at an alarming pace, and the methods by which insecure apps can affect other apps, mobile devices, and/or the underlying network infrastructure are becoming much more complex. An insecure app can lead to lost productivity, loss of data, legal liability, damage to brand credibility—and worse. In today’s world, mobile app vetting is an essential part of a holistic enterprise cybersecurity plan, and Booz Allen’s AppCritique capability can help you meet this need.

Dev-friendly mobile application security

Developing an app is hard. Ever-evolving platform API's, cross-platform requirements, and timely delivery pressures make it harder. AppCritique can help relieve some of the pressures of shipping a great app by providing a second look at potential security threats that may exist. Our proprietary app analysis engine was developed by our mobile forensics and network security subject matter experts, and provides extensive coverage in all things app security. We stay tuned in to the Android and iOS developer and cybersecurity communities, and update our checks on a weekly basis.


  • Data accessible to other apps
  • Components vulnerable to manipulation
  • Unauthenticated or unfiltered input


  • Local SQL injection
  • Unsafe native code
  • Dynamically loaded code


  • Data accessible in unencrypted backups
  • Publicly accessible sensitive info
  • Credentials outside secure store


  • Unique identifiers
  • Geolocation information
  • PII sent to third parties


  • Screenshots
  • Clipboard
  • URL & keyboard caches


  • Incorrect certificate validation
  • Unencrypted protocols
  • Weak endpoint encryption


  • Deprecated hash functions
  • Insecure random number generation
  • Hard-coded keys


  • Unobfuscated code
  • Hard-coded passwords
  • Unnecessary client-side data


  • App-specific zero-day exploits
  • Man-in-the-middle attack scenarios
  • …and more!

Assessment Options


  • Fully automated analysis
  • Any app that you or your company owns
  • Results in minutes to hours
  • Detailed PDF report based on findings
  • Dozens of checks including some of the latest detectable vulnerabilities or issues


Contact Us
  • Intensive dynamic analysis conducted by the experts.
  • Static and dynamic checks
  • Back-end analysis
  • Developer Q&A
  • Detailed PDF report which includes dynamic as well as network analysis

Are you interested in other services such as continuous scanning, or a specific industry requirement validation? Please contact us to arrange a customized AppCritique solution.

Helping address Government standards

AppCritique helps you connect mobile applications to the security requirements important to your mission. Our reports map security checks to requirements such as the National Information Assurance Partnership (NIAP) protection profile for application software. Need to map security checks to a different standard? Let us know.

Connecting apps to community guidelines

All AppCritique security checks reference the OWASP Mobile Top 10 threat categories. These 10 categories represent a community consensus of the most critical security risk categories to mobile applications. The AppCritique team closely follows the OWASP mobile security project as a resource which guide all stages of mobile application security efforts.

Contact Appcritique

For questions, feedback or sales inquiries, contact us at: