Android apps are essential to contemporary existence, driving mission-critical industries such as government, finance, and healthcare. Yet, their prevalence exposes them to security risks, and their exposure to vulnerabilities represents serious threats to confidential data and mission-critical services. Identification and elimination of these vulnerabilities at the development stage are important since remediation after deployment is expensive and more difficult. Static analysis provides a proactive solution by analyzing code for vulnerabilities without running it, allowing developers to detect and correct security flaws early. This project suggests an end-to-end framework for static analysis of Android apps to identify and prevent vulnerabilities. The framework combines manual and automated code reviews, configuration analysis, and third-party dependency checks. Major aspects include source code review for insecure code practices, tool-based automated vulnerability detection (e.g., MobSF, SonarQube, Android Lint), and comprehensive analysis of configuration files (e.g., AndroidManifest.xml, build.gradle) and dependencies. Detected vulnerabilities are documented, ranked, and resolved through direct remediation recommendations to have a secure app. The solution strengthens application security by enabling early vulnerability discovery, promoting secure coding, and increasing developer awareness of frequent security pitfalls. The framework provides a common and scalable way to protect Android apps to ensure they satisfy a critical infrastructure sectors’ security requirements.