Your Android app sits on the Play Store where anyone, including attackers, can download it. With free tools, they can open it up and read the inner workings in minutes. I do the same thing, find the security issues that put your business and your customers at risk, and give you a clear report on what to fix.
Email hello@mdpsec.com with your app's Play Store link
You ship an Android app to the Play Store
You do not have an in-house mobile security team
You handle user accounts, payments, or sensitive data
You want to know what is exposed in your app before someone else finds it
The app file your customers download from the Play Store is the same file an attacker downloads. With free tools available to anyone, they can open it up and read what is inside in under 5 minutes. Passwords, keys, and shortcuts your developers left behind are all visible.
The cheap automated security tools your team may have run only catch the obvious problems. They miss the issues that actually let attackers steal customer accounts, drain wallets, or impersonate your support team. Those need a human who knows what to look for.
If you have had a security test done before, it was probably a website test, not a mobile app test. Your mobile app is a separate piece of software with its own set of risks, and it usually gets overlooked.
All work is done by reading your app's code. I do not connect to your servers, create accounts, or run anything against your live systems.
Live testing of your servers and APIs, end-to-end attack demonstrations against your production app, your iOS app, your website, infrastructure testing, retesting after fixes, and compliance certifications. All of these are available as deeper engagements after the security check.
A link to your app on the Play Store is all I need. Sign a short agreement, pay 50% upfront. No meetings, no setup, no access to your systems required.
3 business days of focused review by me personally. You only hear from me if I have a question. No subcontractors, no juniors, no offshore team.
A PDF report covering what I found, why it matters in plain language, and exactly what your team needs to do to fix it. Pay the remaining 50%.
If you want, a 30-minute call to walk through the report. Most clients just forward it to their dev team and start fixing.
Real examples of issues I have found in production apps:
Each is available as a deeper engagement after the security check.
Email hello@mdpsec.com with your app's Play Store link. Agreement back within 24 hours.
The security check is the starting point. Most clients use it to find what is exposed in their app, then go deeper only if they need to.
I read your app's code and confirm what attackers could do with it.
I run the app live, attack the issues end to end, test your servers and APIs, and cover your iOS app too. Includes a retest after your team fixes things.
Ongoing coverage as your app changes. Checks on new releases and a direct line to me for security questions.
You can stop at Step 1. The deeper steps are only for clients who want to go further.
Yes. The report has two parts. The first is a plain English summary that explains what was found and what it means for your business. The second is the technical detail your developers need to actually fix it. You read the first part, your team works on the second.
This is a focused review, not a full audit. I read the inner workings of your app and confirm the risks through the code. I do not run live attacks against your servers or demonstrate end-to-end exploits, which is what costs more time and money. You get the most important information for the lowest cost. Deeper engagements come after, only if you want to go further.
No. All work is done by reading the code in your app. I do not send any requests to your servers, do not create any accounts, and do not run anything against your live systems. There is zero risk to your production environment.
No. I work from the same app file your customers download from the Play Store. All you need to give me is a link to your app. No source code, no developer access, no internal logins.
Before any work begins, we sign a short agreement that covers confidentiality and how I handle and dispose of any data related to your app. Your identity and the findings are never shared without your written permission.
Your dev team fixes the issues using the steps in the report. If you want me to go further, deeper testing of your live app, your servers, your iOS app, or verifying the fixes are correct, that is available as a separate engagement.
Yes. A short, plain-English agreement that defines exactly what I will and will not do, the timeline, payment terms, and confidentiality. It protects both of us.
Australia. I work with clients worldwide. All communication is by email. No meetings required to get started, just your app details and a signed agreement.
Send me a link to your app on the Play Store. I will send back an agreement within 24 hours and a full report within 4 business days.