Security News > 2021 > September > Facebook open-sources tool to find Android app security flaws
Facebook today open-sourced a static analysis tool its software and security engineers use internally to find potentially dangerous security and privacy flaws in the company's Android and Java applications.
"A flow from sources to sinks indicate that for example user passwords may get logged into a file, which is not desirable and is called as an 'issue' under the context of Mariana Trench," Facebook Software Engineer Dominik Gabi said.
It's open source and designed to detect and prevent security bugs in #Android and #Java applications, more here: https://t.
Facebook Security September 29, 2021 Third code analysis tool open-sourced since 2019.
You can find the Mariana Trench code analysis tool on GitHub and its own dedicated website, a binary distribution on PyPI, and a short tutorial to help get started.
"While server-side code can be updated almost instantaneously for web apps, mitigating a security bug in an Android application relies on each user updating the application on the device they own in a timely way."
News URL
Related news
- CrowdSec: Open-source security solution offering crowdsourced protection (source)
- Paid open-source maintainers spend more time on security (source)
- Certainly: Open-source offensive security toolkit (source)
- Open source maintainers: Key to software health and security (source)
- Android 15 unveils new security features to protect sensitive data (source)