Scanning approach

Automated tools

Description

Secure code scanning

Fireline

Static Java source code scanning. It's a light-weight secure code scanning tools, but it may require the Java source and the reverse of APK.

Privacy and sensitive information scan

Androwarn

It's focused on privacy and sensitive information scanning of any given APK. Static analysis of the application's Dalvik bytecode, represented as Smali for PII and sensitive information leakage or exfiltration such as telephony identifiers, geolocation information leakage, audio/video flow interception, and so on.

Light-weight all in one APK security scanning

QARK

(Quick Android Review Kit)

It's a Python program that can do automatically security scanning of any given APK.

All in one security scanning

Mobile Security Framework (MobSF)

The MobSF is similar to QARK. In addition, MobSF supports Android, Windows, and iOS applications. It not only does the static security analysis, but also does dynamic runtime behavior analysis.