performing-android-app-static-analysis-with-mobsf
Installation
SKILL.md
Performing Android App Static Analysis with MobSF
When to Use
Use this skill when:
- Conducting security assessment of Android APK or AAB files before production release
- Integrating automated mobile security scanning into CI/CD pipelines
- Performing initial triage of Android applications during penetration testing engagements
- Reviewing third-party Android applications for supply chain security risks
Do not use this skill as a replacement for manual code review or dynamic analysis -- MobSF static analysis catches pattern-based vulnerabilities but misses runtime logic flaws.
Prerequisites
- MobSF v4.x installed via Docker (
docker pull opensecurity/mobile-security-framework-mobsf) or local setup - Target Android APK, AAB, or source code ZIP
- Python 3.10+ for MobSF REST API integration
- JADX decompiler (bundled with MobSF) for Java/Kotlin source recovery
- Network access to MobSF web interface (default: http://localhost:8000)