# PTKD

> PTKD is a mobile app security scanner for Android and iOS. Developers upload an APK, AAB, or IPA and receive an OWASP-aligned vulnerability report in minutes — covering permissions, SDK risk, API exposure, TLS configuration, insecure storage, and code-quality issues. PTKD works with builds from any framework, including native, React Native, Flutter, Cordova, and no-code/AI-generated apps (FlutterFlow, Bubble, Rork, Adalo, Glide).

PTKD is built for developers who ship fast — especially those using AI-assisted or no-code platforms where standard security tooling doesn't fit. Scans run in isolated, ephemeral containers; uploaded binaries are deleted within 24 hours; the scanner never sees source code, only the compiled build.

## Product

- [How PTKD works](https://ptkd.com/how-it-works): The three-stage pipeline — upload, static + dynamic + AI-assisted scan, guided remediation checklist.
- [Features](https://ptkd.com/features): What PTKD scans for, including OWASP Mobile Top 10 coverage, SDK risk scoring, API exposure detection, TLS analysis, permissions audit, and data-storage checks.
- [Why PTKD](https://ptkd.com/why-ptkd): Positioning vs. enterprise scanners and open-source tools — speed, no-setup, vibe-coder friendly.
- [Pricing](https://ptkd.com/pricing): Free tier with 5 scans/month, Pro for individuals, Team for organisations.
- [Getting started](https://ptkd.com/getting-started): Run your first scan in under five minutes.
- [API](https://ptkd.com/api) and [API reference](https://ptkd.com/api-reference): Programmatic scanning, webhooks, SDKs.
- [CI/CD setup](https://ptkd.com/ci-cd-setup): Integration guides for GitHub Actions, GitLab CI, Bitrise, CircleCI.
- [Integrations](https://ptkd.com/integrations): GitHub, GitLab, Bitrise, CircleCI, Slack, Jira.
- [Examples](https://ptkd.com/examples): Sample scan reports for Android and iOS builds.

## Guides

- [App Store review timing](https://ptkd.com/app-store/how-long-does-apple-app-store-review-take): How long Apple's App Store review typically takes and what slows it down.
- [App stuck in review](https://ptkd.com/app-store/app-stuck-in-review-too-long): Practical steps when an App Store submission is taking too long.
- [TestFlight review time](https://ptkd.com/mobile-security/mobile-app-security/how-long-does-testflight-review-take-for-a-beta-app-build): TestFlight beta build review timeline.
- [Pending Developer Release](https://ptkd.com/app-store/what-is-pending-developer-release): What the status means and when to use it.
- [Expedited review](https://ptkd.com/app-store/how-to-request-expedited-review-from-apple): How to request an expedited review and valid reasons.
- [Android dangerous permissions](https://ptkd.com/mobile-security/android-app-security/android-dangerous-permissions-list): The runtime permissions Android marks as dangerous and what they expose.
- [Android root detection](https://ptkd.com/mobile-security/mobile-app-security/android-app-root-detection-techniques): Root detection techniques that survive Magisk and similar bypasses.
- [Android SSL pinning](https://ptkd.com/mobile-security/android-app-security/android-app-ssl-pinning-example): A working SSL pinning example for Android.
- [iOS keychain security](https://ptkd.com/mobile-security/ios-app-security/ios-app-keychain-security): Using the iOS Keychain correctly, including access control and biometric protection.
- [OWASP Mobile Testing Guide](https://ptkd.com/mobile-security/mobile-app-testing/owasp-mobile-security-testing-guide): How to apply the OWASP MASTG to a real APK or IPA.

## Company

- [About PTKD](https://ptkd.com/about): Who built it and why.
- [Privacy policy](https://ptkd.com/privacy): How PTKD handles uploaded builds and personal data.
- [Terms of service](https://ptkd.com/terms): Terms governing PTKD usage.

## Discovery

- [Sitemap index](https://ptkd.com/sitemap.xml): Every indexable URL on the site.
- [Blog](https://ptkd.com/blog): Mobile-security writing.