We leverage CogniCrypt to analyze for cryptographic API misuse in third party libraries. All found missuses are stored in our database, and for API usages of such library (versions) inside your Android code will be examined against such misuses.
1. Up2Dep checks your dependencies and warns you against using outdated dep
2. You can navigate to the usage of the insecure API that misuses cryptographic API. In this example the method: GifResourceDecoder.decode(InputStream source, int width, int height) uses SHA1 algorithm for MessageDiget which is considered insecure.
3. You can hover the mouse over the insecure API (in red) to get more information regarding the crypto misuse of such API.
Version 2.0.2 is now available with bug fixes due to API changes in Android Studio 3.3, you can download it here or go to Usage to see how it works, more info about new features here.
Version 2.0.1 is now available that is compatible with Android Studio 3.3, you can download it here or go to Usage to see how it works, more info about new features here.
Version 2.0.0 is now available with Insecure API usages inspection, you can download it here or go to Usage to see how it works, more info about new features here.
Version 1.0.1 is now available with support for Android 3.2.
Version 1.0.0 is now available with performance improved; Kotlin language support; more libraries (now 1,521 libraries in total).
Version 0.1.0 is now available on Android Studio plugin's repository. Up2Dep now includes vulnerable (insecure) library versions check. Furthermore, this version includes additionally 349 Android libraries (2877 versions) into the existing database.
Version 0.0.2 is now available on Android Studio plugin's repository.
We have fixed a performance bug which duplicates the local sqlite file hence incurs unneccessary local space. We have updated Up2Dep with version 0.0.2 to JetBrains plugin's repository. Please wait for 1 or 2 days until it is available before trying out. Thanks to Martin for the bug report.