This article explains the basic features of the Appthority MTP App Report.
All Appthority users can get an app report in HTML, PDF, or JSON format from either:
An API user can use the Appthority API to get a report in JSON format. See
The report is divided into sections. At the top, at a glance you can see the overall risk that the app represents to your enterprise. The Risk Score is based on the highest-risk Threat Indicator discovered during app analysis. Subsequent sections, listed by links at the top, give you more information.
You may want to share a report with your colleagues and need a way to export it from MTP Manager. You can export the report to either HTML, PDF or JSON formats.
The General Information section shows basic information about the app, such as its package name and developer. The Market Category is from the App or Play Store.
The top of the THREATS section lists the Appthority Threat Indicators that describe behaviors of the app. Threat Indicators in Appthority may be activated by the Org Admin, or left as inactive. (Usually there are Appthority Policies associated with the Threat Indicators that are active.)
Whether a Threat Indicator is active or inactive, the app analysis process tells you about the app's behaviors and associated risks. An Org Admin, for example, may want to activate an inactive Threat Indicator based on its discovery in the app analysis.
Risks are ranked from 0 to 10, and are color-coded.
For more discussion about Threat Indicator Risk levels see Risk Scoring in the Help.
The Details: Active Threats and Inactive Threats sections provides more information about the behaviors that were detected, ranked in order of risk.
Evidence data provides a more detailed look into the app code to show how the analysis process discovered the behavior of a Threat Indicator.
Evidence data may not be needed for every use case, and it can be a large amount of data, so by default it is not available for reports. If you would like access to evidence data, please contact your CSM.
The Access sections show what hostnames, IP addresses, and URLs that the app includes in its code. Many times these are related to advertisements. In addition there may be email addresses in the code.
The CONNECTIONS section shows what the app actually contacts as it is running on the device. It shows the IP addresses of the source of the connection and its destination, and how many bytes of data were sent and received. It shows whether an SSL connection was used during the connection.
Web connections show the URL that was accessed. Appthority compares this to an industry standard list of websites that are ranked according to a reputation score. The higher scores, on a scale of 1-100, mean that a site is considered to be more trusted. If known, the category of the site tells you its main purpose, such as Web Advertisements.