See the master compilation guidelines for instructions for other platforms.
Other cross-platform development frameworks are not supported.
Supported Android JREs and Compilers
|Java and Kotlin||Android||API Levels 8–29 (Android 2.2–10.x)|
Note: Initial support for API Level 29 (Android 10)
The Veracode Platform can analyze Android application code with or without debug symbols. Providing debug builds of Android application code allows the Veracode Platform to provide source file and line number information about the location of flaws found.
Supported Android Frameworks
|AWS Mobile SDK for Android||2.2.4|
|Parse Android SDK||1.9.4|
Compilation Guidance for Debug Builds
- If you use Android Studio to develop your project:
- Select a debug build variant from the Build Variants menu. Verify all submodules are also set to Debug.
- Use the APK created with the naming standard of <app_name>-<productFlavor>-debug.apk.
- To build with Android Studio on the command-line interface, call gradlew with the assembleDebug flag.
- With the standard javac compiler on the commandline, add the -g option to get debug symbols,
javac -g foo.java
- If you are using ant to build the project, the debug property in the javac task(s) needs to
be turned on, for
<javac debug="on"> ... set of classes </javac>
- If you are developing the project with Eclipse, go to
and select the "Java Compiler" properties. Under "Classfile Generation",
select the following:
- Add variable attributes to generated class files
- Add line number attributes to generated class files
- Add source file name to generated class files
- For a successful scan, the Android application cannot be obfuscated.