Static Code Review of MainActivity.kt

Overview

• Activity involves performing a static code review on an Android app.
• Focuses on identifying sensitive information in the source code.
• Main source code file is named MainActivity.kt and is written in Kotlin.

Purpose of Static Code Review

• Identify hardcoded sensitive information such as:
  • Usernames
  • Passwords
  • IP addresses
  • API keys
• Such information should not be exposed within the app's source code to prevent unauthorized access.

Tools Required

• Notepad++: A text editor used to view the source code.
• Ensure Notepad++ is installed as per the setup guide.

Steps for Review

1. Open Notepad++:
   • Close any initial pop-ups (like change logs).
2. Open the Source Code:
   • Navigate to File > Open and select MainActivity.kt (can be located on desktop or specified directory).

Code Review Process

• Scroll Through Code:
  • Look for any sensitive information without needing to understand the complete code.
  • Focus on identifying strings or lines that may expose vulnerabilities.
• Key Line Identified:
  • Line 60: Contains a hardcoded API key.
    • Importance of API Key:
      • Used for authenticating the app to a server.
      • A vulnerability if exposed, as it may allow others to misuse it.
  • Recommendation:
    • API keys should be stored securely (e.g., encrypted) and decrypted during runtime.

Conclusion

• Successfully performed static code analysis on a real Android app.
• Important to recognize and mitigate vulnerabilities in app development.