We found a lot of early stage companies making the same mistake of putting secret strings in their mobile apps, which are supposed to be used in backend. We decided to make this small tool for Android apps to detect the same. We check your codebase and configuration files for leakage of authentication credentials for various services, API secrets for third party services being used, internal API URLs and more.