Security News > 2021 > September > Facebook open-sources tool to find Android app security flaws
Facebook today open-sourced a static analysis tool its software and security engineers use internally to find potentially dangerous security and privacy flaws in the company's Android and Java applications.
"A flow from sources to sinks indicate that for example user passwords may get logged into a file, which is not desirable and is called as an 'issue' under the context of Mariana Trench," Facebook Software Engineer Dominik Gabi said.
It's open source and designed to detect and prevent security bugs in #Android and #Java applications, more here: https://t.
Facebook Security September 29, 2021 Third code analysis tool open-sourced since 2019.
You can find the Mariana Trench code analysis tool on GitHub and its own dedicated website, a binary distribution on PyPI, and a short tutorial to help get started.
"While server-side code can be updated almost instantaneously for web apps, mitigating a security bug in an Android application relies on each user updating the application on the device they own in a timely way."
News URL
Related news
- Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (source)
- Google patches odd Android kernel security bug amid signs of targeted exploitation (source)
- Orbit: Open-source Nuclei security scanning and automation platform (source)
- Misconfig Mapper: Open-source tool to uncover security misconfigurations (source)
- Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV) (source)
- OSPS Baseline: Practical security best practices for open source software projects (source)
- Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (source)
- Hetty: Open-source HTTP toolkit for security research (source)
- NetBird: Open-source network security (source)
- IntelMQ: Open-source tool for collecting and processing security feeds (source)