Facebook recently announced that Mariana Trench, a static analysis platform, is going open-source. Companies use the solution to detect and prevent bugs in Android and Java apps created for mobile OS at scale.
Facebook explained that the program “is designed to be able to scan large mobile codebases and flag potential issues on pull requests before they make it into production.” Mariana Trench allows developers to set rules for different data flows to scan codebases and catch potential issues.
The developers can structure programs in order to control data flows. Essentially, the program will allow them to quickly catch and fix vulnerabilities that could cause leakages of sensitive user information.
As Facebook points out, catching issues is more pressing for mobile apps because of how updates occur. With a web app, developers can push patches at any time. With mobile devices, on the other hand, people have to download the update themselves.
A user can put that off for weeks at a time. This means if a bug makes it to live-build, millions are at a greater risk. After all, Android powers 72.72% of the smartphone market.
By open-sourcing Mariana Trench, Facebook attempts to improve security in the mobile market at large. It claims that automated programs like Mariana Trench discovered at least 50% of vulnerabilities in its apps in the first half of 2021.
While data collection is often used for legal applications like people search sites and background check services, the companies involved can track the process. Citizens can also discover and remove the information available about them online.
Undetected leaks, on the other hand, can pose all sorts of risks, including compromised accounts and stolen money. When legitimate services collect data, there’s accountability in place. No one can know who is gathering user information or even what data they are gathering, with leaks.
This positive move by Facebook illustrates the growing movement in tech toward greater cybersecurity.
While Facebook loves collecting data itself, it wants to ensure that the entire process is secure and legal.