Secure Coding Checker for Android Apps

Mobile application security has become increasingly important for both mobile users and mobile app developers. Specifically for developers, securing your app will increase the chance of your app being accepted into the market as well as passed the Google Play Protect.

For this reason, Monaca has started a cooperation with Sony Digital Network Applications, Inc to provide a vulnerability assessment tool for Android applications called Secure Coding Checker. This tool will check for security vulnerabilities and provide remediation guidance for issues that have been found.

Why using Secure Coding Checker?

(Image source)

Secure Coding Checker complies 100% with the Android Application Secure Design/Secure Coding Guidebook issued by the Japan Smartphone Security Association (JSSEC). The guidebook is the de facto standard for the security of Android applications. The guidebook has been regularly updated since its initial release in June, 2012. Accordingly we regularly update Secure Coding Checker to keep it current with the latest developments in Android security.

The latest version of the book (at the time of writing this story) is the February 1, 2017 Edition covering 471 pages of Android security content. It would be such a time-consuming task reading everything and making the right decisions. Moreover, it’s difficult to perform appropriate security checks on third-party Cordova plugins (if they are used within the application).

With Secure Coding Checker, all of these efforts can be reduced significantly and proper assessment can be done far more easily.

Checking your app’s security right after the build is completed

If you are developing your app with Monaca, you will be able to perform this secure coding checker functionality right after your build is completed.

Monaca is a Cross-platform hybrid mobile app development platform which has various cloud services and tools such as Cloud IDE (browser-based IDE), Localkit and CLI. Monaca also comes with Monaca Debugger app which is used to test your app on the fly in real-time without building it every time.

1. Assuming that the Android build is successfully completed, click on Use Secure Coding Checker.

Build window after a successful build for Android

2. Read the notice from Secure Coding Checker and click Start.

3. The checking duration is depending on the size of your app. Once the inspection is completed, the result page will appear. The result page looks like this:

Check Result

Currently, Monaca only provides a trial-level inspection with Secure Code Checker. When testing your apk file with the trial version, the following inspection items can be confirmed:

Inspection results for trial version of the Secure Code Checker

Conclusion

Even though only trial version of the Secure Coding Checker is available from Monaca at the moment, the inspection items provided in this version are already useful and important enough to help increase your Android app’s security level significantly.

The fully paid version will be added in the future if more Monaca users use this feature.

Thanks for your time reading this story and hope you find it useful!