This workflow automatically analyzes any newly uploaded APK file and produces a clean, professional PDF security report. When an APK appears in Google Drive, the workflow downloads it, sends it to MobSF for security scanning, summarizes the results, generates an HTML report using AI, converts it into a PDF via PDF.co, and finally saves the PDF back to Google Drive.
- Set up a Google Drive folder for uploading APKs.
- Install MobSF using Docker and copy your API key.
- Add credentials for Google Drive, MobSF, OpenAI, and PDF.co in n8n.
- Import the workflow JSON.
- Update node credentials.
- Upload an APK to the watched folder and let the automation run.
This workflow provides a complete automated pipeline for analyzing Android APK files. It removes the manual process of scanning apps, extracting security insights, formatting reports, and distributing results. Each step is designed to streamline application security checks for development teams, QA engineers, and product managers.
Once the workflow detects a new APK in Google Drive, it passes the file to MobSF for a detailed static analysis. The workflow extracts the results, transforms them into a clear and well-structured HTML report using AI, and then converts the report into a PDF. This ensures the end-user receives a polished audit-ready security document with zero manual involvement.
This workflow is ideal for:
- Mobile development teams performing security checks on apps
- QA and testing teams validating APK builds before release
- DevSecOps engineers needing automated, repeatable security audits
- Software companies generating compliance and audit documentation
- Agencies reviewing client apps for vulnerabilities
- An n8n instance (self-hosted or cloud)
- A Google Drive account with a folder for APK uploads
- Docker installed to run MobSF locally
- MobSF API key
- OpenAI API key
- PDF.co API key
- Basic understanding of n8n nodes and credentials setup
Create a folder specifically for APK uploads. Configure the Watch APK Uploads (Google Drive) node to monitor this folder for new files.
Install Docker and run:
docker run -it --rm -p 8000:8000 \
-v $(pwd)/mobsf:/home/mobsf/.MobSF \
opensecurity/mobile-security-framework-mobsfOpen MobSF at http://localhost:8000 and copy your API key.
Add credentials for:
- Google Drive
- MobSF (API key in headers)
- OpenAI
- PDF.co
- Upload APK to Analyzer (MobSF Upload API) sends the file.
- Start Security Scan (MobSF Scan API) triggers the vulnerability scan.
- Summarize MobSF Report (JS Code) extracts key vulnerabilities.
- Generate HTML Report (GPT Model) formats them in a structured report.
- Clean HTML Output (JS Code) removes escaped characters.
Use Generate PDF (PDF.co API) to convert the HTML to PDF.
Download using Download Generated PDF, then upload via Upload PDF to Google Drive.
- Google Drive Trigger: Change the folder ID to watch a different upload directory.
- MobSF API Nodes: Update URLs if MobSF runs on another port or server.
- AI Report Generator: Modify prompt instructions to change the writing style or report template.
- PDF Generation: Edit margins, page size, or output filename in the PDF.co node.
- Save Location: Change Google Drive folder where the final PDF is stored.
You can extend this workflow with:
- Slack or Email Notifications when a report is ready
- Automatic naming conventions (e.g., report-{{date}}-{{app_name}}.pdf)
- Saving reports into Airtable or Notion
- Multi-file batch scanning
- VirusTotal scan integration before generating the PDF
- Automated security scanning for every new build generated by CI/CD
- Pre-release vulnerability checks for client-delivered APKs
- Compliance documentation generation for internal security audits
- Bulk scanning of legacy APKs for modernization projects
- Creating professional PDF security reports for customers
(Many more use cases can be built using the same workflow foundation.)
| Issue | Possible Cause | Solution |
|---|---|---|
| MobSF API call fails | Wrong API key or URL | Check MobSF is running and API key is correct. |
| PDF not generated | Invalid HTML or PDF.co key | Validate HTML output and verify PDF.co credentials. |
| Workflow not triggering | Wrong Google Drive folder | Reconfigure Drive Trigger node with the correct folder ID. |
| APK upload fails | File not in binary mode | Ensure HTTP Upload node is using “Binary Data” correctly. |
| Scan returns empty data | MobSF not fully started | Wait for full MobSF startup logs before scanning. |
If you need assistance setting up this workflow, customizing it, or adding advanced features such as Slack alerts, CI/CD integration, or bulk scanning, the team at WeblineIndia can help. We specialize in building secure, scalable, automation-driven workflows on n8n for businesses of all sizes.
Contact us anytime for support or to build custom workflow automation solutions.