apk-hunt
apk-hunt is a comprehensive static code analysis tool designed for analyzing Android APK files within Canva's automated security workflows. Leveraging the OWASP MASVS framework, it provides valuable insights into application security, helping teams identify vulnerabilities early in the development lifecycle.
Ideal Use Cases & Fit
This tool is particularly effective in scenarios where static analysis of Android applications is required. Ideal use cases include:
- Pre-release security assessments of mobile applications
- Continuous integration pipelines that require automated security checks
- Compliance verification with industry standards, such as the OWASP MASVS
apk-hunt excels in environments where multiple APKs need assessment simultaneously, making it a primary choice for teams focusing on mobile security. However, it may not be suitable for real-time dynamic analysis or environments with strict execution time limits if excessive scan durations are expected.
Value in Workflows
Integrating apk-hunt into security workflows enhances the capability of teams to catch potential vulnerabilities early in application development. It fits well in the early reconnaissance phase of a security workflow, where static analysis can guide subsequent testing and refinement. By automating APK analysis, it streamlines the security review process, allowing for faster releases without compromising application security.
Input Data
The tool requires input in the form of comma-separated paths to APK files. Each input must adhere to the following specifications:
- Format: Comma-separated APK file paths
- Function: target
- Required: true
- Example:
/path/to/app1.apk,/path/to/app2.apk,/path/to/app3.apk
Configuration
Key configurable parameters include:
- raw:
Specifies whether to output the unprocessed APKHunt report without JSON parsing. Defaults to false.
This parameter allows workflow builders to control the output format based on their needs, enhancing integration with other tools in the pipeline.