This page attempts to systematize Frequently Asked Questions (FAQ) and suggestions on how to approach the challenges.

What should I do if I have issues? Send me an email (yanick [at] and we'll sort it out. The email subject should be "[MOBISEC] <topic>". If your problem is related to an APK submission, please include your username and APK submission ID.

Got a weird error? Google for it! If you get some unexpected error from the analysis system, google for it. In the 99% of the cases, you are screwing something up. Google for it to get hints on what the problem may be. You are very likely not the first person on this planet to have this problem.

What if the server is down? It may happen that I'm doing some maintenance and the website may down momentarily. If it's not back up in 30 minutes (and if I didn't send an email to the ML about this), please email me. Same goes for any "weird behavior" of the analysis system. If you get inconsistent output, or something that was working before doesn't work anymore, again, please email me. This is a very experimental setup and stuff may go wrong.

Local test setup. The ability to test and debug things locally will make the differece. Make sure to have a good local setup (with the same version of Android on the emulator) and test your app locally before submitting it. It is very likely that you made several mistakes: it is MUCH faster to iterate over the "try → fail → fix" loop locally wrt remotely. Note that sometimes preparing a decent debuggable setup is not super trivial: this is NOT time lost! You will save so much more time in the long run.

Debug your assumptions! When things don't work, there is a reason. Always. Try to simplify your program as much as you can until "something" works. Then add back the other pieces, few at the times. Try to understand WHY it does not work. Remember: it's much easier to debug and find mistakes in things you understand. (It is however also true that to understand things you need to sometimes have a good debugging setup... tough life :-)).

Log ALL exceptions. You cannot imagine how many exceptions can be thrown by a seemingly innocous line of Java. Java is evil. Even trivial code can throw exceptions at you whenever you don't expect it. Most time is usually lost trying to understand "why didn't the app reach point X", and the answer is usually "because the app crashed before point X". And even if the raw logcat would show signs of this exception, you usually don't see them because they are not logged with the MOBISEC tag (but you can see these exceptions locally! Local setup & debug FTW!). Now, thankfully, there is a trick to log all exceptions: wrap all your code within a huge try catch. I suggest you to use the Log.getStackTraceString(exc) API to get a nicely formatted traceback. Note that you need to log this with the MOBISEC tag to see it in the output of the analysis system.

Submitting things to the analysis system and waiting is painful. Tough life :-) How do you think the real world works? Exaclty this way. You may need to have something "working remotely" without having easy access and debug capabilities in this remote setup. One key skill to learn in this class is to test everything locally before submitting something remotely. Take the suggestions above into account, and you will eventually make it. Again, debugging in hostile environments is a key skill to acquire!

Flag Format. Flags have always the MOBISEC{...} format, and they should be submitted without double quotes.

I expect you to ask me questions, ping me when you are stuck. Some aspects can be a bit painful and I'm happy to help. But I don't want to spoil the fun for everybody. So, to get help, you will need to ask for it. Don't be shy, asking things is 100% expected and normal.

What if you find unintended bugs in the system? Please, if you find bugs in the system, let me know without destroying everything and ruining the fun for other people. Your eliteness will be publicly acknowledged :-)