NimbleApp can accept user credentials for your app when you do your initial upload, and will use those to auto-login to your app. Default fields are username/email and password. We also support adding custom login key/value pairs.
You can add or update credentials at any time by clicking the Settings icon, then the App Data section.
We use a heuristic to tell when an app finishes startup by detecting when (1) the main Activity has been displayed and (2) things like animated progress bars in the main Activity have stopped. Based on our experiments, this heuristic works in most cases.
To identify the main Activity, we run the app at least twice, wait for up to 30 seconds, and check the last Activity displayed. If this is consistent across multiple startups, it is designated the main Activity. Once identified, the app is started and measured multiple times, and the average is reported.
We also support customizing where startup measurement ends, for more details see our API Documentation
There are three different kinds of app startups:
A hung method is one that runs/blocks the UI thread for longer than 32ms. In Android, the UI thread is the main thread of execution for your app, and the only thread that can update UI. If a method call runs for too long in the UI thread, your app won't be responsive to any user action during the call. In addition, users will notice a "lag"/"gap"/"stutter"/"choppiness"/"jitter" — to maintain a 60 frames-per-second refresh rate supported by today's most devices, your app must finish drawing each frame withing ~16ms. We chose 32ms as the threshold for flagging a hung method because it corresponds to two dropped frames. On average, humans can detect lag as short as 22ms, and a fourth of the population can perceive lag between 2ms and 16ms Among the apps we analyzed we’ve found hung methods that run for over a second! A hung method may be caused by many reasons such as network I/O, expensive computation, and lock contention.
A hot method is one that consumes a large percentage of CPU time across all its invocations. It can steal CPU time from the UI thread or background thread that are doing work on behalf of the UI thread, therefore making your app less responsive.
Unlike other profilers, NimbleApp can integrate with your Continuous Integration process. NimbleApp analyzes your APK and reports back on issues like crashes, performance bottlenecks, and more. Even when you're working on something else, our automated Alerts will tell you when something has gone wrong with a build. And our platform allows multiple team members to collaborate on the same application.
We offer an open-source Gradle plugin which allows you to upload builds automatically from your CI server. Check out our CI integration help page for instructions on setting it up.
We will also offer a REST API in future offerings, Contact us if you want to know more.
We understand the security of your company's pre-release apps is extremely important. This page describes some of the measures we employ to ensure your apps are safe. If you have any questions, please don't hesitate to contact us.
All access to the NimbleApp website is restricted to HTTPS encrypted connections. All apps are uploaded through HTTPS encrypted connections so that no one can eavesdrop on the network sockets. Once uploaded, apps are temporarily stored within the Amazon Simple Storage Service, part of the Amazon Web Services and subject to the same high security standards. Apps are deleted as soon as performance analysis succeeds.
User passwords are secured with BCrypt (more specifically, 10 rounds of salted and peppered BCrypt). They are never stored in the database in plaintext and are not readable by staff. Passwords do provide access to the NimbleApp website, however, and it is the responsibility of the end user to protect his password with care. NimbleApp also offers and recommends optional OAuth2 login integration with Google for users who would like additional authentication security and convenience.
NimbleApp never collects or stores passwords for external applications like Google and Slack. Integration with third-party apps is done via either OAuth or API keys.
Your input and feedback on our security as well as responsible disclosure is always appreciated. If you have a security concern, please email us at firstname.lastname@example.org.