Data Theorem Mobile Secure provides full-stack application security for iOS and Android apps, covering everything from source code to runtime behavior to backend APIs.
Ranked #1 in Cloud Native Applications by Gartner 2025 Critical Capabilities for Application Security Testing, the platform protects applications serving over 2.8 billion users worldwide, including 7 of the top 10 largest banks.
What is Data Theorem?
Data Theorem offers an automated application security platform that performs comprehensive analysis of mobile applications throughout their lifecycle.
The platform combines static analysis, dynamic testing, and runtime protection to identify vulnerabilities in both the application code and its backend infrastructure.
The Analyzer Engine examines every mobile app binary build to detect security weaknesses, privacy violations, and compliance gaps.
Unlike scanners that only look at code, Data Theorem evaluates how the application behaves at runtime, what data it collects, and how it communicates with backend services.
Data Theorem serves enterprises in heavily regulated industries where mobile security and privacy compliance are mandatory.
Financial services, healthcare, and retail organizations rely on the platform to maintain security standards across large mobile application portfolios.
Key Features
Analyzer Engine Runtime Analysis
The Analyzer Engine performs deep runtime analysis on mobile app binaries.
It executes applications in instrumented environments to observe actual behavior, including network communications, data storage patterns, and permission usage.
This runtime approach catches issues that static analysis alone would miss.
Third-Party SDK Security
Data Theorem identifies and analyzes all third-party SDKs embedded in mobile applications.
Many security incidents originate from vulnerable or malicious SDK code that developers unknowingly include.
The platform maintains a database of known SDK vulnerabilities and alerts when risky components are detected.
API Security Scanning
Mobile applications depend on backend APIs, and Data Theorem scans these API endpoints for vulnerabilities.
The platform discovers API endpoints by analyzing app traffic, then tests them for authentication issues, injection vulnerabilities, and data exposure risks.
Cross-Platform Coverage
The platform supports native iOS (Swift, Objective-C) and Android (Kotlin, Java) development, plus cross-platform frameworks including React Native, Flutter, and Xamarin.
Analysis techniques adapt to each framework’s architecture and common vulnerability patterns.
Continuous Monitoring
Data Theorem continuously monitors deployed applications rather than only scanning at build time.
This catches issues that emerge after deployment, such as newly disclosed SDK vulnerabilities or changes in backend API security posture.
Privacy Compliance Analysis
The platform evaluates applications against privacy regulations including GDPR, CCPA, and HIPAA.
It identifies unauthorized data collection, improper storage of sensitive information, and non-compliant third-party data sharing.
Integration
Data Theorem integrates into CI/CD pipelines to automate security testing on every build.
Jenkins Pipeline
pipeline {
agent any
environment {
DT_API_KEY = credentials('datatheorem-api-key')
}
stages {
stage('Build') {
steps {
sh './gradlew assembleRelease'
}
}
stage('Upload to Data Theorem') {
steps {
sh '''
curl -X POST \
-H "Authorization: APIKey ${DT_API_KEY}" \
-F "file=@app/build/outputs/apk/release/app-release.apk" \
https://api.securetheorem.com/uploadapi/v1/upload_init
'''
}
}
stage('Wait for Analysis') {
steps {
sh '''
# Poll for scan completion
python3 scripts/wait_for_datatheorem_scan.py
'''
}
}
}
}
GitHub Actions
name: Data Theorem Mobile Scan
on:
push:
branches: [main, release/*]
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Build APK
run: ./gradlew assembleRelease
- name: Upload to Data Theorem
env:
DT_API_KEY: ${{ secrets.DATATHEOREM_API_KEY }}
run: |
UPLOAD_URL=$(curl -s -X POST \
-H "Authorization: APIKey ${DT_API_KEY}" \
-H "Content-Type: application/json" \
-d '{"filename": "app-release.apk"}' \
https://api.securetheorem.com/uploadapi/v1/upload_init | jq -r '.upload_url')
curl -X PUT \
-H "Content-Type: application/octet-stream" \
--data-binary @app/build/outputs/apk/release/app-release.apk \
"$UPLOAD_URL"
- name: Check Security Results
env:
DT_API_KEY: ${{ secrets.DATATHEOREM_API_KEY }}
run: |
# Wait for and retrieve scan results
python3 scripts/check_dt_results.py --fail-on-high
Fastlane Integration (iOS)
# Fastfile
lane :security_scan do
build_app(
scheme: "MyApp",
export_method: "development"
)
# Upload to Data Theorem
sh("curl -X POST " \
"-H 'Authorization: APIKey #{ENV['DT_API_KEY']}' " \
"-F 'file=@../build/MyApp.ipa' " \
"https://api.securetheorem.com/uploadapi/v1/upload_init")
end
API Access
Data Theorem provides a comprehensive REST API for automation:
# Initialize upload
curl -X POST \
-H "Authorization: APIKey YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"filename": "myapp.apk"}' \
https://api.securetheorem.com/uploadapi/v1/upload_init
# Get scan results
curl -X GET \
-H "Authorization: APIKey YOUR_API_KEY" \
https://api.securetheorem.com/rest/v1/mobile_apps/{app_id}/issues
When to Use Data Theorem
Data Theorem is a strong choice for organizations that need comprehensive mobile and API security in a single platform.
Consider Data Theorem when:
- You need to analyze third-party SDKs and supply chain risks
- Runtime behavior analysis is important for your security program
- You manage both mobile apps and the APIs they connect to
- Privacy compliance (GDPR, CCPA, HIPAA) is a regulatory requirement
- You want continuous monitoring rather than point-in-time scans
The platform excels in regulated industries where demonstrating comprehensive security coverage to auditors and regulators is necessary.
Organizations with large mobile application portfolios benefit from the unified dashboard and consistent analysis across all apps.