Mobile

The Best Mobile Static Analysis Tools (Linters/Formatters)

We rank 15 Mobile linters, code analyzers, formatters, and more. Find and compare tools like SAST Online, Checkmarx CxSAST, Offensive 360, and more. Please rate and review tools that you've used. This helps others find the best tools for their projects.

7 Mobile Tools

qark

Tool to look for several security related Android application vulnerabilities.

  • DeprecatedDeprecated
  • DeprecatedMulti-Language
  • Deprecatedcli
  • Deprecatedlinter
  • 100% upvoted

Android Lint

Run static analysis on Android projects.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 0% upvoted

android-lint-summary

Combines lint errors of multiple projects into one output, check lint results of multiple sub-projects at once.

  • DeprecatedDeprecated
  • DeprecatedMulti-Language
  • Deprecatedcli
  • Deprecatedlinter
  • 0% upvoted

FlowDroid

Static taint analysis tool for Android applications.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 0% upvoted

Mariana Trench

Our security focused static analysis tool for Android and Java applications. Mariana Trench analyzes Dalvik bytecode and is built to run fast on large codebases (10s of millions of lines of code). It can find vulnerabilities as code changes, before it ever lands in your repository.

  • MaintainedMaintained
  • MaintainedJava
  • Maintainedcli
  • Maintainedlinter
  • 0% upvoted

paprika

A toolkit to detect some code smells in analyzed Android applications.

  • DeprecatedDeprecated
  • DeprecatedMulti-Language
  • Deprecatedcli
  • Deprecatedlinter
  • 0% upvoted

redex

Redex provides a framework for reading, writing, and analyzing .dex files, and a set of optimization passes that use this framework to improve the bytecode. An APK optimized by Redex should be smaller and faster.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 50% upvoted

8 Multi-Language Tools

SAST Online

Check the Android Source code thoroughly to uncover and address potential security concerns and vulnerabilities. Static application security testing (Static Code Analysis) tool Online

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedservice
  • Maintainedlinter
  • 93% upvoted

Checkmarx CxSAST

Commercial Static Code Analysis which doesn't require pre-compilation.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 56% upvoted

Offensive 360

Sponsor

Commercial Static Code Analysis system doesn't require building the source code or pre-compilation.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedservice
  • Maintainedlinter
  • 86% upvoted

Oversecured

Enterprise vulnerability scanner for Android and iOS apps. It allows app owners and developers to secure each new version of a mobile app by integrating Oversecured into the development process.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 100% upvoted

Synopsys

A commercial static analysis platform that allows for scanning of multiple languages (C/C++, Android, C#, Java, JS, PHP, Python, Node.JS, Ruby, Fortran, and Swift).

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 75% upvoted

WhiteHat Application Security Platform

WhiteHat Scout (for Developers) combined with WhiteHat Sentinel Source (for Operations) supporting WhiteHat Top 40 and OWASP Top 10.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 100% upvoted

iblessing

iblessing is an iOS security exploiting toolkit. It can be used for reverse engineering, binary analysis and vulnerability mining.

  • DeprecatedDeprecated
  • DeprecatedMulti-Language
  • Deprecatedcli
  • Deprecatedlinter
  • 0% upvoted

HCL AppScan Source

Commercial Static Code Analysis.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedservice
  • Maintainedlinter
  • 44% upvoted

Frequently Asked Questions

What are Mobile tools?

A mobile app or mobile application is a computer program or software application designed to run on a mobile device such as a phone, tablet, or watch. Mobile applications often stand in contrast to desktop applications which run on desktop computers, and with web applications which run in mobile web browsers rather than directly on the mobile device.

What are the best Mobile static analysis tools and linters?

The most popular Mobile tools ranked by user votes are: SAST Online, Checkmarx CxSAST, Offensive 360, Oversecured, Synopsys.

Which Mobile tools are free to use?

Tools with a free plan include SAST Online. On top of that, there are also a number of open source like SAST Online, qark, Android Lint, android-lint-summary, FlowDroid, iblessing, Mariana Trench, paprika, redex.

Our Sponsors

This website is completely open source. To fund our work, we fully rely on sponsors. Thanks to them, we can keep the site free for everybody. Please check out their offers below.

  • Bearer
  • BugProve
  • Pixee
  • CodeScene
  • semgrep
  • Offensive 360