Advancements in Developer-Focused IDE-Integrated Mobile App Security Scanning and Testing Tools

Abstract

The increasing number of mobile applications in modern society has significantly increased the possibility of security vulnerabilities, particularly as users increasingly rely on these applications for sensitive tasks such as banking, communication, and e-commerce. Any flaw within a mobile application may result in significant privacy violations, financial loss, or data exposure. The development of secure mobile applications presents a persistent challenge, especially for novice developers who often lack the expertise or tools to detect vulnerabilities during the early stages of coding. As mobile platforms become increasingly complex and threats become more sophisticated, integrating effective security practices into the software development lifecycle (SDLC) has become imperative. While a variety of security tools exist to support vulnerability detection, many fail to offer real-time, developer-friendly support embedded directly within Integrated Development Environments (IDEs), leaving a critical security gap, especially for novice developers. This paper conducts a systematic literature review on developer-focused tools available for real-time mobile app security scanning and IDE integration. The review emphasises tools that assist developers directly within Integrated Development Environments (IDEs), focusing on practical support during coding rather than post-deployment analysis. The objective was to thoroughly identify both the strengths and weaknesses of the existing tools that provide real-time mobile app security scanning. The PRISMA 2020 statement, which provides a comprehensive framework for conducting systematic literature reviews, served as the foundational guideline for this study. A thorough search was conducted to retrieve relevant journal articles and conference papers published between 2020 and 2025. This selection criterion ensured that the study incorporated the most recent and relevant findings in the field. Each identified publication was meticulously evaluated for its relevance, quality, and contribution to the existing body of knowledge, thereby enriching the systematic review process. The findings suggest that while existing tools contribute significantly to automation, benchmarking, privacy scanning, malware detection, and dependency management, they remain fragmented and largely external to developer workflows. Most require execution outside the IDE, lack lightweight integration, and fail to deliver real-time vulnerability feedback during coding. Even industry tools such as MobSF, NowSecure, and Checkmarx provide powerful analysis but operate as standalone platforms rather than IDE-embedded solutions. This gap is particularly critical in agile and novice development contexts, where immediate, contextualised security feedback is necessary to prevent vulnerabilities at their source.