Facebook launches an Android-focused static analysis tool
Oct 02, 2021 | Shaoni Ghosh
The Launch
Mariana Trench, an Android-focused static analysis tool that Facebook uses to identify and eliminate security and privacy issues in apps built for the mobile OS at scale, has been open-sourced since Wednesday.
The Menlo Park-based social tech giant stated that the Mariana Trench is meant to be able to analyze huge mobile codebases and detect possible vulnerabilities on pull requests as they get it into operation.
(Must Check: Security Analytics)
Developers may use the tool to create rules for various data flows in order to trace the codebase for vulnerabilities. This might include intent redirection issues, which could allow attackers to inject arbitrary code, or injection vulnerabilities, allowing them to leak sensitive information.
(Also Check: A Sneak Peek into the Vulnerabilities in IoT devices)
Data flows in violation of the rules are reported to a security professional or the software developer who filed the pull request with the alterations.
According to TheHackerNews, over half of the vulnerabilities reported across Facebook, Instagram, and WhatsApp were discovered using automated methods. It is the third time Facebook has open-sourced a security tool after Zoncolan and Pysa, each target Hack and Python programming languages.
(Recommended Blog: 7 Best Data Security Practices)
In 2019, Microsoft-owned GitHub bought Semmle and established a Security Lab with the goal of securing open-source software, as well as making semantic code analysis tools like CodeQL openly available to detect vulnerabilities in publicly available code.
The firm stated that they require distinct techniques as there are variations in patching and assuring the uptake of code changes across mobile and online applications.
While server-side code for web applications may be updated almost instantly, resolving a security issue in an Android app requires each user to update the application on their own device as quickly as possible.
(Related Reading: Challenges In Software Development: Data Privacy Issues, Vulnerabilities and others)
This highlights the importance of any app developer putting systems in place to prevent vulnerabilities from making it into mobile versions.Mariana Trench is available on GitHub, and Facebook has also provided a Python package on PyPi.
