A mobile application automation security testing platform is used for detecting security of Android applications, so as to verify whether the Android applications coincide with security standards. The platform is capable of performing component analysis on an application installed on an Android system, and by means of an exposed component, determining an attack surface, carrying out a penetration test, and mining out a vulnerability of the application in depth, wherein a coverage of the test comprises an authentication bypass test, an SQL impregnation test, insecurity of data storage and reading of a file system and the like. During a test process, acquisition of a root permission of a mobile phone terminal is not required, and it can be ensured that the mobile phone terminal interacts with other application and operating systems as a common Android application. Different from an automated scanning tool of a web field, the testing platform is an interactive security testing platform, and during a use process, the user only needs to input a command on a working state (PC terminal) of the user, and the command is transferred to a proxy program on an Android device via a connection of a port and executed, so as to complete the whole security test.