Choosing the Weapon: A Comparative Study of Security Analyzers for Android Applications

This study compares security focused static code analyzers for Android applications. Android operated hand-held devices (e.g., smart phones, tablets) are used in the modern computing world for nearly every need. Banking, email, health care, and other sensitive dealings are completed through the Android applications. Hence, Android application security must be held to the same level of scrutiny as traditional application security. This study compares two open-source security analyzers, MobSF and MARA, against two benchmark datasets and 20 live Android applications. We highlight the strengths and weaknesses of each analyzer and reveal security vulnerabilities found in the Android applications.