Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Droid Andy positions itself as “No Nonsense Mobile App Sec,” focusing on mobile application security consulting and research. The main text states that it has spent years conducting research, publishing white papers, and speaking at security conferences, while emphasizing that “the only thing we do is mobile applications” rather than general-purpose security services. Its background also includes involvement in the OWASP Mobile Top Ten project, leadership of the OWASP Newcastle Chapter, and discussion on BBC Click world service about mobile app permission abuse and the state of mobile security.
Based on the available information, Droid Andy looks more like a specialist mobile app security consulting/testing team than a standardized security product vendor. Its protection focus centers on mobile application security testing, mobile malware research, analysis of excessive permission risks, and vulnerability identification and avoidance guidance based on the OWASP Mobile Top Ten. The text mentions that it has presented the 2015 OWASP Mobile Security Project Top 10 and used real anonymized vulnerability cases to explain how to avoid introducing similar risks into one’s own applications, suggesting that its services lean toward penetration testing, architecture/code-level security advice, and security training.
The website text does not disclose specific deployment models, such as whether it offers a SaaS platform, remote testing, on-site testing, CI/CD integration, or API capabilities. It also does not provide information about a management console, alerts, reporting workflows, or similar features. Therefore, it should not be treated as a vendor with an automated security operations platform. It is better suited for project-based procurement of mobile app security assessments or consulting deliverables.
The public text does not include pricing, packages, billing models, payment methods, or service-level agreement information. It also does not mention compliance or professional certifications such as ISO, SOC, or CREST. Before procurement, buyers should clarify the testing scope, report format, whether retesting is included, vulnerability severity standards, response timelines, and confidentiality agreements.
Its strengths are its strong focus on mobile security, research and community contribution background, and methodology closely tied to OWASP mobile security practices. The weaknesses are the lack of public information: there are no visible customer cases, pricing, certifications, toolchain integrations, or service support details. It is best suited for teams that need pre-launch Android/iOS app security testing, mobile permission and privacy risk analysis, or mobile security training. If an enterprise needs a continuous scanning platform, centralized alerts, and compliance reports, its capabilities should be further verified.
The crawled text does not provide information on access from mainland China, payment options, or local delivery, so china_access can only be marked as unknown. If cross-border communication, payment, data export, or Chinese-language reporting are important requirements, buyers can also evaluate domestic security vendors that provide app penetration testing, privacy compliance testing, and MLPS-related services as alternatives.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on droidandy.com official site.
droidandy.com is an United Kingdom pentest provider. TG4G tracks its product information, an overall rating of 6.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach droidandy.com directly.