### Problem to Solve With our initial release of our [MobSF analyzer](https://gitlab.com/gitlab-org/security-products/analyzers/mobsf), we do not currently support mobile app binary support for .ipa and .apk files, we should add that to our detection rules. The following description has been extracted from the description of this [MR](https://gitlab.com/gitlab-org/security-products/analyzers/mobsf/-/merge_requests/18): > Android apps (e.g. https://gitlab.com/fdroid/fdroidclient/) may utilize [merging](https://developer.android.com/studio/build/manifest-merge) `AndroidManifests.xml`. The current procedure naively copies `AndroidManifests.xml` which is not complete at all. And it's hard and redundant to merge the manifest ourselves (plus we don't have java in the container). Allowing users to directly provide the compiled apk could be a solution, like what mobsf does in the github actions: https://github.com/inm-certi/mobsf-action