Pricing for Mobile App Security

One ten-minute pen test for $99, or go continuous. Pro runs the full agentic pen test on every build; Enterprise unlocks unlimited scale, the public Scan API, GitHub Action, and SSO.

MOST POPULAR

Express

One release check, no subscription

$99 one-time
  • One app, one ~10-min playbook pen test on a real device
  • Installs and runs your actual build on rooted and jailbroken hardware
  • Catches insecure storage, hardcoded secrets, weak TLS, and exposed components
  • Full report: findings, evidence, and copy-paste fixes for Cursor or Claude
  • Plus 2 rescans to confirm your fixes
  • APK, AAB, and IPA support

Pro

Indie devs and studios shipping regularly

$200/mo
  • 20 AI pen tests per month ($25 each beyond), up to 3 apps
  • Full playbook suite with live dynamic analysis on a real device
  • Autonomous AI pen-test agent that chains findings into real attack pathsBETA
  • All 7 frameworks selectable (PCI-DSS, MASVS, HIPAA, GDPR, LGPD, SOC 2, NIST)
  • Enhanced SAST, CVE, and SBOM checks
  • AI remediation assistant
  • PDF, HTML, and SARIF reports
  • 90-day audit history

Enterprise

Security, compliance, and procurement-led orgs

Custom

Custom terms available through invoice or AWS Marketplace.

  • Everything in Pro, plus:
  • Unlimited AI pen tests and apps on real devices
  • Full agentic pen test: authenticated testing and app-shielding bypass attempts
  • AI build artifact detectionBETA
  • Mirror, malware, and store submission checks
  • Full API, CI/CD, and webhook workflows
  • SSO, priority queue, custom retention
  • Dedicated CSM and procurement terms
Enterprise also unlocks

Programmatic scanning for your CI/CD

Most mobile security tools stop at "upload an APK to our dashboard." Enterprise customers wire appaudix into their existing release process, so every PR gets a security review automatically.

REST API

POST a binary, poll status, fetch the report. Same surface as the dashboard, programmable.

GitHub Action

Drop appaudix/scan-action@v2 into your workflow. PR comment, severity gate, done.

Signed webhooks

HMAC-SHA256 callbacks when scans complete. No polling, plus metadata roundtrip for your CI context.

Build gating

Fail the build on configurable severity thresholds. Block releases before they ship.

AWS Marketplace

Enterprise procurement is also available through your existing AWS bill.

Frequently Asked Questions

Which plan should I pick?
Express is a one-time $99 audit: one app, one ~10-minute AI pen test on a real device, ideal for a single release check with no subscription. Pro ($200/mo) is for indie devs and studios shipping regularly, with the full agentic pen test and live dynamic testing (DAST) on every scan. Enterprise is for organisations that need unlimited pen tests, full API/CI-CD, SSO, and procurement terms.
Is AI Penetration Testing included in Pro?
Yes. Pro includes the autonomous AI pen-test agent and live dynamic testing (DAST) on real devices. Enterprise extends this to unlimited pen tests with authenticated testing and app-shielding bypass attempts. The one-time Express audit also runs a real-device AI pen test on a single app.
Can I switch plans without losing scan history?
Yes. Scan history and reports stay tied to your account. Upgrading or downgrading just changes your monthly limits and feature access from the next billing cycle.
Which file formats do you support?
Android APK and AAB, plus iOS IPA. No source code access is required - just upload your compiled app package.
Which compliance frameworks can I select?
All seven (PCI-DSS, OWASP MASVS, HIPAA, GDPR, LGPD, SOC 2, NIST) are available. Pro and Enterprise let you select the frameworks you need per scan, mapped in a single report.
Which compliance frameworks do you support?
AppAudix supports PCI-DSS 4.0.1, OWASP MASVS, HIPAA, GDPR, LGPD (Brazil), SOC 2, and NIST 800-163.
How is my app data protected?
App packages are encrypted during transit and at rest, processed in isolated environments, and retained according to your plan.
How long does a scan take?
Most scans complete within 5-10 minutes, depending on app size and complexity. Enterprise customers get priority queue access.

Have more questions? Email us at support@appaudix.com

Payments are processed by Airwallex. Enterprise teams can use invoice or AWS Marketplace procurement.

Cookie preferences

We use necessary storage for security and login. With your permission, we also use analytics to understand page journeys and marketing pixels to measure ad campaigns.