Is Android Security Analyzer free?

Yes, Android Security Analyzer is free to use.

How do I install Android Security Analyzer?

Android Security Analyzer supports both local and remote installation. For local use, install it via the provided package manager and add the configuration to your AI app. For remote access, add the server URL to your MCP configuration.

What AI apps work with Android Security Analyzer?

Android Security Analyzer uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Android Security Analyzer

by User

SecurityModerate5.2LocalRemoteNew

Free

MCP server for static security analysis of Android application source code.

About

Analyzes Android project source files — without building the project — and returns a structured security report. The analysis covers: * Manifest analysis — exported components, dangerous permissions, cleartext traffic, debug flags, backup settings, SDK versions * Gradle/build config — release build misconfigurations, outdated SDKs, suspicious dependencies, hardcoded secrets * Source code (Java/Kotlin) — insecure WebView, SSL/TLS bypass, weak crypto, SQL injection patterns, process execution, insecure file storage, PendingIntent issues * XML configuration — network security config weaknesses, overly broad file provider paths * Secret scanning — API keys, tokens, passwords, private keys, cloud credentials, high-entropy strings

All analysis is regex/pattern-based and runs natively in the Workers runtime with no external tools, Java, or Android SDK required.

Getting Started

Once installed, try these example prompts and explore these capabilities:

1The server is hosted; no install or API keys are required.
21. Add the server to your MCP client
3Use this URL in your MCP configuration (Cursor, Cline, or any Streamable HTTP client):
4https://android-security-analyzer.ako-labs.workers.dev/mcp
52. Example config (JSON)
6{
7"mcpServers": {
8"android-security-analyzer": {
9"url": "https://android-security-analyzer.ako-labs.workers.dev/mcp"
10}
11}
12}
133. Use the tools
14After the client connects, you can:
15* analyze_android_project — run a full security scan by passing project files (manifest, Gradle, Java/Kotlin, XML). No build or Android SDK needed.
16* list_android_security_checks — list all security rules.
17* explain_finding — get a detailed explanation for a rule ID.
18Ask your AI assistant to analyze an Android project or explain a finding; it will call these tools as needed.

How to Install & Connect

Available as Local & Remote

This plugin can run on your machine or connect to a hosted endpoint. during install.

Security Report

5.2

Moderate5.2Moderate Risk

This is a well-architected Android security analyzer MCP server with proper input validation, clean code structure, and appropriate permissions for its purpose. A few minor code quality issues were identified but do not pose security risks. Supply chain analysis found 3 known vulnerabilities in dependencies (1 critical, 1 high severity).

Scanned 6 files · 5 findings

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

Reviews

No reviews yet

Be the first to review this server!