See our FAQ below. If you have a question that isn't addressed there, please email


No. We are very close to allowing users to directly upload APKs for analysis. This is a primary goal of ours, to allow developers to integrate NimbleDroid into their build process.
Yes, this feature will be added together with the upload APK feature. When uploading your apk file, click the "My app requires login with username and password" and fill in the requested information. NimbleDroid will automatically crawl your app's UI and fill the login information you provided at the right places to login. In the unlikely case, NimbleDroid may be unable to auto-login your app. Please don’t hesitate to contact us and we’ll figure out a fix.
Yes, absolutely. We keep track of each app by its package name, which is unique across apps.
It depends. If your app is not well optimized to start with and NimbleDroid has detected many performance issues, you can get significant speedup, in some cases, more than 40%.
Our current product is designed to profile non-game apps.
Yes, NimbleDroid can still detect performance issues in your app. One caveat is that you may not be able to optimize away these issues if they are problems of the app builder you use.


We support Android KitKat for now which is installed on over 39% of the Android devices. We plan to add more versions later. However, you don’t really have to care about the specific versions of Android we use that much because the performance issues we detect generally affect a large percentage of your users and exist for other versions of Android.
We currently use a Nexus 5 for profiling, and plan to add more devices later. However, you don’t really have to care that much about the device we use because the performance issues we detect generally exist for other devices.
It is straightforward to support more versions of Android. It just hasn’t reached our top priority yet.
We support wifi for now. We plan to add more network conditions later.

We use a heuristic to tell when an app finishes startup by detecting when (1) the main Activity has been displayed and (2) things like animated progress bars in the main Activity have stopped. Based on our experiments, this heuristic works in most cases.

To identify the main Activity, we run the app at least twice, wait for up to 30 seconds, and check the last Activity displayed. If this is consistent across multiple startups, it is designated the main Activity. Once identified, the app is started and measured multiple times, and the average is reported.

To allow even more precise results, we plan to add a feature to let you use logging to specify exactly when startup is done.

There are three different kinds of app startups:

  • First start, which occurs when a user runs your app for the first time after a fresh installation of your app. During the first start, Android or your app does some extra work, such as initializing SQLite.
  • Cold start, which occurs when a user runs your app after she hasn’t used your app for a while. If an app is not used for a while, Android typically removes the app from the cache to save memory. Cold start is generally the most typical case, and affects UX the most.
  • Warm start, which occurs when a user switches away from app then switch back. Your app is still in Android’s cache, so warm start is typically fast.

A hung method is one that runs/blocks the UI thread for longer than 32ms. In Android, the UI thread is the main thread of execution for your app, and the only thread that can update UI. If a method call runs for too long in the UI thread, your app won't be responsive to any user action during the call. In addition, users will notice a "lag"/"gap"/"stutter"/"choppiness"/"jitter" — to maintain a 60 frames-per-second refresh rate supported by today's most devices, your app must finish drawing each frame withing ~16ms. We chose 32ms as the threshold for flagging a hung method because it corresponds to two dropped frames. On average, humans can detect lag as short as 22ms, and a fourth of the population can perceive lag between 2ms and 16ms Among the apps we analyzed, we found hung methods that run for over a second! A hung method may be caused by many reasons such as network I/O, expensive computation, and lock contention.

A hot method is one that consumes a large percentage of CPU time. It can steal CPU time from the UI thread or background thread that are doing work on behalf of the UI thread, therefore making your app less responsive.

Unlike other profilers, NimbleDroid does automatic, in-depth performance diagnosis for you, including comparisons to other apps, version monitoring, auto-detection of performance issues, and sometimes auto-optimizations. NimbleDroid is also very easy to use -- simply upload your APK!

Automatic Optimization (This feature is coming soon)

We’ll unpack your apk, patch the DEX code to fix the performance issues we know how to fix, and repack everything into a new apk file for you to download.
Yes, absolutely! You’ll need to sign the apk (as usual) before submitting to Google Play.

Workflow and Integrations

We offer an open-source Gradle plugin which allows you to upload builds automatically from your CI server. Check out our CI integration help page for instructions on setting it up.

We will also offer a REST API in future offerings, Contact us if you want to know more.


We understand the security of your company's (pre-release) apps is extremely important. This page describes select measures we employ to ensure your apps are safe. If you have any questions, please don't hesitate to contact us.

  • Our website is hosted in ISO 27001 and FISMA certified data centers managed by Amazon Web Services
  • Physical access to data centers is strictly controlled both at the perimeter and at building ingress points
  • Data centers employ onsite security staff, video surveillance, and intrusion detection systems
  • Authorized staff must pass two-factor authentication a minimum of two times to access data center floors
  • Data centers are housed in nondescript facilities
  • Physical security verified by third-party auditorsFor more information see
  • Security policies and procedures, regularly reviewed as part of the Amazon Web Services SSAE 16 Type II audit process
  • Systems access logged and tracked for auditing purposes
  • Regular system patching processes to provide ongoing protection from exploits
  • Firewall to prohibit unauthorized system access
  • Intrusion detection systems to provide an additional layer of protection against unauthorized system access

All access to the NimbleDroid website is restricted to HTTPS encrypted connections. All apps are uploaded through HTTPS encrypted connections so that no one can eavesdrop on the network sockets. Once uploaded, apps are temporarily stored within the Amazon Simple Storage Service, part of the Amazon Web Services and subject to the same high security standards. Apps are deleted as soon as performance analysis succeeds to provide extremely high assurance for your company’s (pre-release) apps.

User passwords are secured with BCrypt (more specifically, 10 rounds of salted and peppered BCrypt). They are never stored in the database in plaintext and are not readable by staff. Passwords do provide access to the NimbleDroid website, however, and it is the responsibility of the end user to protect his password with care. NimbleDroid also offers and recommends optional OAuth2 login integration with Google for users who would like additional authentication security and convenience.

NimbleDroid never collects or stores passwords for external applications like Google and Slack. Integration with third-party apps is done via either OAuth or API keys.

When you purchase a paid NimbleDroid subscription, your credit card data is not transmitted through nor stored on our systems. Instead, we depend on Stripe, a company dedicated to this task. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. Stripe's security information is available online.

Your input and feedback on our security as well as responsible disclosure is always appreciated. If you have a security concern, please email us at