13 Mobile Static Analysis Tools

A open source Static Application Security Testing tool (SAST) written in GoLang for Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C# and Javascript (Node.js).

Commercial Static Code Analysis.

A mobile app vulnerability scanner, designed for security researchers and bug bounty hackers. It also allows integrations into the DevOps process for businesses.

Combines lint errors of multiple projects into one output, check lint results of multiple sub-projects at once.

Run static analysis on Android projects.

Static taint analysis tool for Android applications.

iblessing is an iOS security exploiting toolkit. It can be used for reverse engineering, binary analysis and vulnerability mining.

A toolkit to detect some code smells in analyzed Android applications.

Tool to look for several security related Android application vulnerabilities.

Redex provides a framework for reading, writing, and analyzing .dex files, and a set of optimization passes that use this framework to improve the bytecode. An APK optimized by Redex should be smaller and faster.

WhiteHat Scout (for Developers) combined with WhiteHat Sentinel Source (for Operations) supporting WhiteHat Top 40 and OWASP Top 10.

A commercial static analysis platform that allows for scanning of multiple languages (C/C++, Android, C#, Java, JS, PHP, Python, Node.JS, Ruby, Fortran, and Swift).

Commercial Static Code Analysis which doesn't require pre-compilation.