The following table lists the Android security scanning and tools:
Scanning approach |
Automated tools |
Description |
Secure code scanning |
Fireline |
Static Java source code scanning. It's a light-weight secure code scanning tools, but it may require the Java source and the reverse of APK. |
Privacy and sensitive information scan |
Androwarn |
It's focused on privacy and sensitive information scanning of any given APK. Static analysis of the application's Dalvik bytecode, represented as Smali for PII and sensitive information leakage or exfiltration such as telephony identifiers, geolocation information leakage, audio/video flow interception, and so on. |
Light-weight all in one APK security scanning |
QARK (Quick Android Review Kit) |
It's a Python program that can do automatically security scanning of any given APK. |
All in one security scanning |
Mobile Security Framework (MobSF) |
The MobSF is similar to QARK. In addition, MobSF supports Android, Windows, and iOS applications. It not only does the static security analysis, but also does dynamic runtime behavior analysis. |