How APKDeepLens Scans Android Apps for OWASP Top 10 Vulnerabilities

Tool Introduction

APKDeepLens is a Python‑based utility designed to scan Android application packages (APK files) for security vulnerabilities. It focuses on the OWASP Top 10 mobile risks, offering developers, penetration testers, and security researchers a simple and effective way to assess an app’s security posture.

Features

APK analysis: scans APK files for security vulnerabilities.

OWASP coverage: includes all OWASP Top 10 mobile vulnerabilities.

Advanced detection: leverages custom Python code for deep analysis.

Sensitive information extraction: identifies insecure authentication keys, unsafe request protocols, and other risky data.

In‑depth analysis: detects unsafe data storage practices and highlights insecure request usage.

Intent‑filter vulnerability detection via AndroidManifest.xml analysis.

Local file vulnerability detection through error‑handling checks.

Report generation: produces detailed, easy‑to‑understand reports for each scan.

CI/CD integration: ready to embed in automated pipelines.

User‑friendly interface: color‑coded terminal output for clear result differentiation.

Installation

Ensure Python 3.8 or higher is installed, then run the following commands:

cd /APKDeepLens
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python APKDeepLens.py --help

Usage

To scan an APK file, execute: python3 APKDeepLens.py -apk file.apk For faster scanning with extracted source code, add the -source option:

python3 APKDeepLens.py -apk file.apk -source <source-code-path>

To generate detailed PDF and HTML reports after scanning, include the -report flag:

python3 APKDeepLens.py -apk file.apk -report