Facebook’s open source tool for finding security holes in Android apps

Sameer Khan
2 min readOct 3, 2021

--

Hey, guys in this article, I will tell you Facebook’s open source tool for finding security holes in Android apps.

Facebook’s open source tool for finding security holes in Android apps

Facebook has launched a static analysis tool that it’s software and its security engineers use internally to find potentially dangerous security and privacy holes in the company’s Android and Java applications.

This security-focused tool, called Mariana Trench (MT), can scan large codebases of tens of millions of lines of code for vulnerabilities before they are introduced into the codebase.

Facebook revealed that its engineers found more than 50% of all security bugs in the company’s applications using automated tools similar to Mariana Trench.

How does it work

Mariana Trench works by analyzing the flow of information from “sources” (confidential user data such as passwords or locations) to “wells” (functions or methods that use source data).

Mariana Trench is specifically designed to automatically detect those issues that, in most cases, could lead to serious privacy and security issues.

“By default, Mariana Trench parses the Dalvik bytecode and can work with or without access to the source code,” explains Facebook on the tool’s documentation website.

“A flow from sources to sinks indicates that, for example, user passwords can be recorded in a file, which is undesirable and is referred to as a ‘problem’ in the context of the Mariana Trench,” said the Facebook software engineer Dominik. Gabi.

Developers and engineers can use the tool to target specific security and privacy issues by fine-tuning and training it by adding new rules and model generators to fit areas where sensitive data should not end up.

Read More

--

--

Sameer Khan
Sameer Khan

No responses yet