Abstract
APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVAS framework. The OWASP MASVS (Mobile Application Security Verification Standard) is the industry standard for mobile app security. APKHunt is intended primarily for mobile app developers and security testers, but it can be used by anyone to identify and address potential security vulnerabilities in their code.
With APKHunt, mobile software architects or developers can conduct thorough code reviews to ensure the security and integrity of their mobile applications, while security testers can use the tool to confirm the completeness and consistency of their test results. Whether you’re a developer looking to build secure apps or an infosec tester charged with ensuring their security, APKHunt can be an invaluable resource for your work.
Key features of APKHunt:
- Scan coverage: Covers most of the SAST (Static Application Security Testing) related test cases of the OWASP MASVS framework.
- Optimised scanning: Specific rules are designed to check for particular security sinks, resulting in an almost accurate scanning process.
- Low false-positive rate: Designed to pinpoint and highlight the exact location of potential vulnerabilities in the source code.
- Output format: Results are provided in a TXT file format for easy readability for end-users.
Current Limitation:
- Supporting OS/Language: Capable of scanning the source code of an android APK file and is only supported on Linux environments.
Upcoming Features:
- Scanning of multiple APK files at the same time
- More output format such as HTML
- Integration with third-party tools