interesting! security is normally dynamically analyzed and tested for during the processing of the distribution packages for both android and ios.

therefore with ado, it depends on the target platform tooling:

• build the package
• push it and poll until there are results
• poll the package store for the expected package version
• then control a device to install and update
• then run the security testing on the device
• rinse and repeat for non-development versions

exemplary tools — apart from the common ones by the app stores — to perform such actions (and which should be possible to integrate in your environment) should be available as free software in the f-droid¹ project and its tool-chain, therefore we'd suggest to start your journey to knowledge there.

free software is especially of benefit, as it puts very little restrictions in the use of software and field of endeavor, which may lead to better results and a higher, overall quality while striving to preserve it for all of its users.

¹ F-Droid - Free and Open Source Android App Repository; https://f-droid.org

For dynamic security analysis testing of mobile applications on Android and iOS platforms, you can integrate Azure DevOps with tools like Microsoft Defender for Endpoint, Veracode, Checkmarx, Micro Focus Fortify, or OWASP ZAP. These tools offer automated scanning and detection of vulnerabilities in mobile apps, enhancing security measures. Integrating them with Azure DevOps enables seamless testing within your development pipelines, ensuring robust security practices from the start.

Try NeuraLegion or Veracode for the security analysis.