StaCoAn is a cross-platform tool that aids developers, bug bounty hunters, and ethical hackers performing static code analysis on mobile applications*.
This tool will look for interesting lines in the code which can contain:
Hardcoded credentials
API keys
URLs of APIs
Decryption keys
Major coding mistakes
This tool was created with a big focus on usability and graphical guidance in the user interface.
For the impatient ones, grab the download on the releases page.
*: note that currently, only apk files are supported, but ipa files will follow very shortly.
An example report can be found here.
Source code and additional information can be found here: https://github.com/vincentcox/StaCoAn