It's common practice to perform security checks before every Android application release. However, it can be a challenge for frequent and an increasing number of releases. The automated security testing process for an Android mobile application requires the submission of APK (Android Application Package) binaries, reversing the APK for secure source code inspection, manifesting a configuration check, and generating a testing result. We will also introduce mobile security-related practices, such as OWASP (Open Web Application Security Project) mobile security testing, and Android secure coding practices.

The following topics will be covered in this chapter:

• Android security review best practices
• Secure source code review patterns for Android
• Privacy and sensitive information review
• General process of APK security analysis
• Static secure code scanning with QARK
• Automated security scanning with MobSF