Security Dashboard
Overview
The Security Dashboard gives your team an operational view of protected-app activity: detection volume, active devices, enabled controls, platform distribution, geography, and trends. Use it after QA builds and production releases to understand whether controls are behaving as expected.
The dashboard is not just a chart collection. It helps answer three release questions:
| Question | Dashboard signal |
|---|---|
| Are protected apps reporting normally? | Active devices, recent events, platform distribution. |
| Are detections expected or surprising? | Event type breakdown, timelines, geography, and filters. |
| Should response actions change? | Event frequency, affected platform, and false-positive review. |
Dashboard Components
Detection Summary Card
Shows the total number of recent security detections. Use this as a first signal, then drill into event types and device logs before changing enforcement.
Active Devices Card
Shows the count of unique protected-app installations that have communicated with AppTego. Compare active devices to release expectations so you can spot rollout gaps or unusual telemetry patterns.
Control Posture Rings
Four circular progress indicators showing what percentage of available controls are currently enabled:
| Ring | Measures | Type |
|---|---|---|
| Prevention Controls | Screenshot, debug, clipboard, etc. | Binary on/off |
| Detection Controls | Root, emulator, hooking, etc. | Response-action configured |
| Connection Controls | TLS, cleartext, certificate pinning, certificate transparency | Binary on/off and response-action configured |
| Additional Features | Telemetry storage, live configuration, app lifecycle settings | Binary on/off and response-action configured |
These give a quick visual read on configuration posture. A full ring means all available controls in that category are active for the selected context, not that the app is automatically risk-free.
OS Version Distribution
Shows which Android and iOS versions are represented in your device population. Use it when planning minimum OS support, reproducing device-specific events, or deciding where QA coverage should focus.
Event Types Breakdown
Shows which detection types are most common. High-volume events should be reviewed before you move from Log to a stricter response.
Geographic Views
Two world map layers:
- Device Locations — where your devices are geographically distributed (based on reported country)
- Event Locations — where security events originate
Compare device distribution and event distribution to spot regions with disproportionate activity relative to normal usage.
Interpreting the Dashboard
Expected Patterns
- Root or jailbreak detections from developer devices during testing.
- Emulator or simulator detections from QA automation.
- A gradual rise in active devices after a staged rollout.
- Initial event volume after enabling a new detection in Log mode.
Signals To Investigate
- A sudden spike in high-risk runtime detections.
- Detections from regions, platforms, or app versions that do not match your release plan.
- A high ratio of detections to active devices.
- Production detections that were not seen during QA or pilot rollout.
Actionable Responses
| Observation | Recommended action |
|---|---|
| High root or jailbreak rate | Review affected app versions and devices, then consider a stricter response after false-positive review. |
| Runtime-analysis detections appearing | Review related controls, device logs, and release timing before changing enforcement. |
| Emulator detections in production | Confirm whether QA traffic is mixed with production, then tune the production response. |
| Events from unexpected regions | Cross-reference Device Logs and release geography before escalating. |
Filters
- Time range — view data for specific date ranges
- Platform — filter by Android or iOS
- Event type — filter by specific detection control
Data Availability
| Plan | Dashboard Access |
|---|---|
| Free | Basic event counts only |
| Team | Event counts + control posture rings |
| Enterprise | Full dashboard — maps, charts, OS distribution, all analytics |
Full dashboard data requires the relevant telemetry settings to be enabled in your tenant configuration.
Data Retention
Device telemetry data is retained for approximately 60 days. Retrieve data before it ages out if you need long-term records for compliance, incident review, or release reporting.
Real-Time Updates
The dashboard refreshes automatically. New events and build-status changes can appear without a full page reload.