Stay organized with collections
Save and categorize content based on your preferences.
The Checks API can analyze Android and iOS apps before release so that you have
visibility into your app's data collection and sharing behaviors and potential
compliance issues before launching your app publicly.
This quickstart shows you how to upload an app using the gcloud CLI and the cURL
command.
Prerequisites
Before you begin, make sure you are able to send authorized requests using our
Authorization guide.
In Xcode, select a provisioning profile for the target app.
From the drop-down menu that appears, click Product > Archive. Select
the most recent archive, then click Distribute App.
In the window that appears, click Development > Next.
(Optional) To get a faster build, deselect the Rebuild from Bitcode
option, then click Next.
Checks doesn't require thinning or rebuilding your app to run a test so
you can safely disable this option.
Click Export, then specify a directory where you want to download your
app's IPA file.
Upload your app bundle
Upload your app bundle using the media.upload method.
There are two ways to upload your app:
Binary with metadata
You may include metadata such as the codeReferenceId which
links the analysis with a specific commit in your code repository.
Send a multipart POST request with the header
X-Goog-Upload-Protocol: multipart where the first body part contains the
metadata as JSON and the second body part contains the binary upload:
By default, this returns only the report resource name and a URL to view the
report in the Checks Console.
To see more data, include a field mask in the request. For
example, add the URL query parameter fields=name,resultsUri,checks to include
the checks field:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-11-13 UTC."],[[["\u003cp\u003eThe Checks API analyzes Android and iOS apps for data collection, sharing practices, and potential compliance issues before public launch.\u003c/p\u003e\n"],["\u003cp\u003eThis guide provides steps to upload your app for analysis using the gcloud CLI and cURL, covering prerequisites, app preparation, and upload methods.\u003c/p\u003e\n"],["\u003cp\u003eYou can monitor the analysis progress and view the generated report containing insights into your app's behavior.\u003c/p\u003e\n"],["\u003cp\u003eTo view detailed results, retrieve the report using the provided API endpoint with specific field masks, or visit the Checks Console.\u003c/p\u003e\n"]]],[],null,["# Upload your app for analysis\n\nThe Checks API can analyze Android and iOS apps before release so that you have\nvisibility into your app's data collection and sharing behaviors and potential\ncompliance issues **before launching your app publicly**.\n\nThis quickstart shows you how to upload an app using the gcloud CLI and the cURL\ncommand.\n\nPrerequisites\n-------------\n\nBefore you begin, make sure you are able to send authorized requests using our\n[Authorization](/checks/guide/api/auth) guide.\n\nPrepare your app bundle\n-----------------------\n\n### Android\n\n1. Generate an APK or AAB file for your app.\n\n See [Build and run your app](https://developer.android.com/studio/run) in\n the Android documentation for instructions.\n\n### iOS\n\n1. In Xcode, select a provisioning profile for the target app.\n\n | **Note:** Checks re-signs your app with its own provisioning profile and certificate.\n2. From the drop-down menu that appears, click **Product \\\u003e Archive** . Select\n the most recent archive, then click **Distribute App**.\n\n3. In the window that appears, click **Development \\\u003e Next**.\n\n4. (Optional) To get a faster build, deselect the **Rebuild from Bitcode**\n option, then click **Next**.\n\n Checks doesn't require thinning or rebuilding your app to run a test so\n you can safely disable this option.\n5. Click **Export**, then specify a directory where you want to download your\n app's IPA file.\n\nUpload your app bundle\n----------------------\n\nUpload your app bundle using the [`media.upload`](/checks/reference/rest/v1alpha/media/upload) method.\n\nThere are two ways to upload your app: \n\n### Binary with metadata\n\nYou may include metadata such as the [`codeReferenceId`](/checks/reference/rest/v1alpha/AnalyzeUploadRequest#FIELDS.code_reference_id) which\nlinks the analysis with a specific commit in your code repository.\n\nSend a multipart POST request with the header\n`X-Goog-Upload-Protocol: multipart` where the first body part contains the\nmetadata as JSON and the second body part contains the binary upload: \n\n curl -X POST \\\n -H \"X-Goog-User-Project: \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e\" \\\n -H \"Authorization: Bearer $(gcloud auth application-default print-access-token --scopes=https://www.googleapis.com/auth/checks)\" \\\n -H \"X-Goog-Upload-Protocol: multipart\" \\\n -F \"metadata={\\\"codeReferenceId\\\":\\\"\u003cvar translate=\"no\"\u003eCOMMIT_SHA\u003c/var\u003e\\\"}\" \\\n -F \"binary=@\u003cvar translate=\"no\"\u003eBINARY_PATH\u003c/var\u003e\" \\\n \"https://checks.googleapis.com/upload/v1alpha/accounts/\u003cvar translate=\"no\"\u003eACCOUNT_ID\u003c/var\u003e/apps/\u003cvar translate=\"no\"\u003eAPP_ID\u003c/var\u003e/reports:analyzeUpload\"\n\n### Binary only\n\nSend a regular POST request with the header `X-Goog-Upload-Protocol: raw` to\nupload your app without any metadata: \n\n curl -X POST \\\n -H \"X-Goog-User-Project: \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e\" \\\n -H \"Authorization: Bearer $(gcloud auth application-default print-access-token --scopes=https://www.googleapis.com/auth/checks)\" \\\n -H \"X-Goog-Upload-Protocol: raw\" \\\n -H \"Content-Type: application/octet-stream\" \\\n --data-binary @\u003cvar translate=\"no\"\u003eBINARY_PATH\u003c/var\u003e \\\n \"https://checks.googleapis.com/upload/v1alpha/accounts/\u003cvar translate=\"no\"\u003eACCOUNT_ID\u003c/var\u003e/apps/\u003cvar translate=\"no\"\u003eAPP_ID\u003c/var\u003e/reports:analyzeUpload\"\n\nOnce your app has finished uploading, a pending\n[`google.longrunning.Operation`](/checks/reference/rest/v1alpha/accounts.apps.operations#resource:-operation) is returned: \n\n {\n \"name\": \"accounts/\u003cvar translate=\"no\"\u003eACCOUNT_ID\u003c/var\u003e/apps/\u003cvar translate=\"no\"\u003eAPP_ID\u003c/var\u003e/operations/\u003cvar translate=\"no\"\u003eOPERATION_ID\u003c/var\u003e\"\n }\n\nCheck the state of your analysis\n--------------------------------\n\nYou can check the state of your analysis by calling the\n[`accounts.apps.operations.get`](/checks/reference/rest/v1alpha/accounts.apps.operations/get) method: \n\n curl -X GET \\\n -H \"X-Goog-User-Project: \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e\" \\\n -H \"Authorization: Bearer $(gcloud auth application-default print-access-token --scopes=https://www.googleapis.com/auth/checks)\" \\\n \"https://checks.googleapis.com/v1alpha/accounts/\u003cvar translate=\"no\"\u003eACCOUNT_ID\u003c/var\u003e/apps/\u003cvar translate=\"no\"\u003eAPP_ID\u003c/var\u003e/operations/\u003cvar translate=\"no\"\u003eOPERATION_ID\u003c/var\u003e\"\n\nThe following response is returned depending on the state: \n\n### Pending\n\n {\n \"name\": \"accounts/\u003cvar translate=\"no\"\u003eACCOUNT_ID\u003c/var\u003e/apps/\u003cvar translate=\"no\"\u003eAPP_ID\u003c/var\u003e/operations/\u003cvar translate=\"no\"\u003eOPERATION_ID\u003c/var\u003e\"\n }\n\n### Complete\n\n {\n \"name\": \"accounts/\u003cvar translate=\"no\"\u003eACCOUNT_ID\u003c/var\u003e/apps/\u003cvar translate=\"no\"\u003eAPP_ID\u003c/var\u003e/operations/\u003cvar translate=\"no\"\u003eOPERATION_ID\u003c/var\u003e\",\n \"done\": true,\n \"response\": {\n \"@type\": \"type.googleapis.com/google.checks.report.v1alpha.Report\",\n \"name\": \"accounts/\u003cvar translate=\"no\"\u003eACCOUNT_ID\u003c/var\u003e/apps/\u003cvar translate=\"no\"\u003eAPP_ID\u003c/var\u003e/reports/\u003cvar translate=\"no\"\u003eREPORT_ID\u003c/var\u003e\",\n \"resultsUri\": \"https://checks.google.com/console/dashboard/\u003cvar translate=\"no\"\u003eREPORT_ID\u003c/var\u003e?a=\u003cvar translate=\"no\"\u003eAPP_ID\u003c/var\u003e\"\n }\n }\n\n### Error\n\n {\n \"name\": \"accounts/\u003cvar translate=\"no\"\u003eACCOUNT_ID\u003c/var\u003e/apps/\u003cvar translate=\"no\"\u003eAPP_ID\u003c/var\u003e/operations/\u003cvar translate=\"no\"\u003eOPERATION_ID\u003c/var\u003e\",\n \"done\": true,\n \"error\": {\n \"code\": 500,\n \"message\": \"Deadline exceeded.\",\n \"status\": \"INTERNAL\",\n \"details\": [\n ...\n ]\n }\n }\n\nView your analysis\n------------------\n\nView your analysis by calling the\n[`accounts.apps.reports.get`](/checks/reference/rest/v1alpha/accounts.apps.reports/get) method: \n\n curl -X GET \\\n -H \"X-Goog-User-Project: \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e\" \\\n -H \"Authorization: Bearer $(gcloud auth application-default print-access-token --scopes=https://www.googleapis.com/auth/checks)\" \\\n \"https://checks.googleapis.com/v1alpha/accounts/\u003cvar translate=\"no\"\u003eACCOUNT_ID\u003c/var\u003e/apps/\u003cvar translate=\"no\"\u003eAPP_ID\u003c/var\u003e/reports/\u003cvar translate=\"no\"\u003eREPORT_ID\u003c/var\u003e\"\n\nBy default, this returns only the report resource name and a URL to view the\nreport in the Checks Console.\n\nTo see more data, include a [field mask](/checks/guide/api/field-masks) in the request. For\nexample, add the URL query parameter `fields=name,resultsUri,checks` to include\nthe [`checks`](/checks/reference/rest/v1alpha/accounts.apps.reports#Report.FIELDS.checks) field: \n\n {\n \"name\": \"accounts/\u003cvar translate=\"no\"\u003eACCOUNT_ID\u003c/var\u003e/apps/\u003cvar translate=\"no\"\u003eAPP_ID\u003c/var\u003e/reports/\u003cvar translate=\"no\"\u003eREPORT_ID\u003c/var\u003e\",\n \"resultsUri\": \"https://checks.area120.google.com/console/dashboard/\u003cvar translate=\"no\"\u003eREPORT_ID\u003c/var\u003e?a=\u003cvar translate=\"no\"\u003eAPP_ID\u003c/var\u003e\",\n \"checks\": [\n {\n \"type\": \"DATA_MONITORING_NEW_ENDPOINT\",\n \"severity\": \"POTENTIAL\",\n \"state\": \"FAILED\",\n ...\n },\n ...\n ]\n }\n\nWhat's next?\n------------\n\nSee [Query reports](/checks/guide/app-compliance/integrate/api/reports) to learn how to fetch the results of your\nanalysis."]]