A novel approach for detecting vulnerable backends used by mobile apps. To keep up to date with MobileBackend pipeline, sign up for our news letter!

About MobileBackend

MobileBackend is a automated pipeline designed to detect dependencies on vulnerable cloud backends within your APK. Using a combination of static and dynamic analysis tools, we determine what libraries an APK uses and how it interfaces with cloud backends that are open to exploitation. This work is based on the results of this paper from the 28th USENIX Security Symposium.

Important Information

If you are an affected party, please make every effort to contact us as soon as possible. We will provide you with a detailed report about the specific vulnerabilities that affect your mobile app and its backend. We encourage you to fix the reported vulnerability as quickly as possible. We are planning to publically disclose our vulnerability findings in August of 2019. Unpatched backends and mobile apps run the risk of being exploited. Mobilebackend.vet will not be responsible for any attacks resulting from developer neglect to fix disclosed vulnerabilities.

What is MobileBackend?

MobileBackend is a project that aims to improve the security of Android mobile apps. Mobile apps use cloud services and remote servers, also known as mobile backends, to enrich user’s experience by providing customized content. MobileBackend scans your app, identifies the backends your app uses, and checks them for bugs. These bugs can be used by attackers to compromise your mobile backend, which can result in leaking your user’s data, deleting your app’s content, or injecting malicious code.

How do I request my Android app to be scanned?

We only perform scans on apps for developers and owners of the mobile app. To get started, contact us at help@mobilebackend.vet requesting your app to be scanned. We will verify your ownership of the app and perform an in-depth scan to provide you with any bugs we find.

How do I opt-out?

We do not scan your app by default unless explicitly requested by the developer or owner of the app. If you are being redirected here from a disclosure email that you did not request and want to opt-out, please email us at help@mobilebackend.vet requesting to be removed. Make sure to include your mobile app name, mobile package name, and mobile version name. Additionally, you may be assigned a case number that you should include in your email for us to respond faster.

I have additional questions, how do I get them answered?

If you have additional questions, comments, concerns, please feel free to reach out to us at help@mobilebackend.vet. We will response within 48 hours to your request.


If you have any questions for us about SkyWalker or anything else, feel free to reach out to us here: