About App Analysis Status

Appthority MTP analyzes an app binary to identify any risks it may contain.

App Analysis Overview
Causes of Collection Failure
Causes of Analysis Failure

App Analysis Overview

An app binary is obtained, which is referred to as "collected", in one of four ways:

As apps are added to managed devices, Appthority MTP identifies the app, and if it does not already exist in the MTP Cloud app catalog, collects it from its app store.
In the Apps tab Add (+)menu, you can:
- Provide a URL to the app.
- Submit a CSV file with identifying information about the app.
- Upload an app binary file.
  See Submit Apps for Analysis.

The Apps tab lists all apps in the Org and shows the Analysis Status as completed, in process, or failed. Detailed results are published in an App Report.

An analysis failure can be either due to an inability to collect the app, or to a characteristic of the app itself.

Causes of Collection Failure

In some cases an app cannot be collected. Here are some possible reasons:

Appthority MTP collects apps from only supported stores. For example, certain country stores such as Croatia, sanctioned third-party stores such as Amazon for Android, and unsanctioned stores such as adult, gambling, and gaming sites are not supported. For a list of supported international app stores by country see System Requirements.
Appthority MTP cannot collect paid apps from international stores. Only free apps can be collected.
Appthority MTP does not collect paid apps costing over $60.
An app may not be collected if it is "stale", meaning an app version is specified that is not the current version in the store. Normally, only the current version is available from app stores. This is not shown in the product, and it is not a security concern, other than it is best practice for users to stay current so as to have the latest security patches.
An app may not be collected if it is "dead", meaning that the app was once on an official app store but it is no longer available. That could signify that an app fails to meet the app store’s policies regarding security. Therefore, dead apps should be considered a security concern, and are listed in MTP Manager.
An app may not be collected if it is a private app from a CSV import or an EMM sync. A private app can only be submitted for analysis in the Apps tab Add (+) > Add Apps from Binary file menu.
An app may not be collected if Appthority MTP did not find a match for the information in a CSV import file. The file must have a specific format. See Submit Apps for Analysis.

Causes of Analysis Failure

In some cases a collected app fails the analysis process. Here are a few possible reasons:

The app only runs on an mobile operating system OS that is currently not supported.
- Appthority supports analysis of public iOS apps that minimally require iOS version 12.4.4 or prior.
- Android apps must support SDK 25 (8.0 Oreo) or newer.
iOS apps must be compiled code, not bitcode builds.
iOS apps must not have Digital Rights Management (DRM) placed on the app binary file. Binaries must be in clear text in order for Appthority MTP to complete the automated app analysis process.

Android apps must be signed. Debug builds are supported.

Many private apps require an internal login to a server, or SSO authentication, as the initial step, which can prevent analysis. For a private app that requires unique login information, also submit test login credentials to your CSM.
Appthority may not be able to analyze an app that has requirements that may prevent Appthority MTP from automatically creating an account on the app. For example, elaborate CAPTCHAs or other forms of human intervention may hinder the app analysis process. Contact your CSM to discuss any app with these characteristics.
Some apps use SDKs that have unusual issues that hinder automated app analysis.
Some apps require a device that is not a mainstream device, and not supported.
Some apps have characteristics that cause a software exception.

Appthority is continually improving its automated analytic capabilities. For any questions please contact your CSM.