Static analysis for quality mobile applications
Improving software quality is a continual goal for developers. Static analysis is an easy technique to employ throughout the lifecycle. Mobile developers must be aware of the way different devices can exploit missing or malformed resources. The MOTODEV team has created a free Eclipse-based static analysis tool that can be updated quickly each time a new Android platform is released and can be customized by third parties to create their own validation sequences.
The objective was to have a tool that could be easily customized to detect and address issues that Android developers face, such as detecting unnecessary permissions in the application manifest or missing images in resource folders. We required a tool with both GUI support and command line access that could be integrated into scriptable environments. Further, it needed to be capable of analyzing both projects and applications.
Eclipse was clearly the ideal platform to achieve our technical objectives due to its’ extension capabilities. The analysis tool itself provides a framework and an initial set of static tests along with extension points so that new validation sequences can be created as Eclipse plugins. Source code and binary packages of the application being tested are read into a data model and are made available to all validators. This architecture can be leveraged to support mobile platforms other than Android.
During the session we will discuss technical decisions that we had to make so other community members can learn from our experience. We will demonstrate the tool and show how to write a quick extension to add custom functionality in Eclipse.