Flowdroid
- DroidBench: an open test-suite for evaluating the effectiveness and accuracy of taint-analysis tools for Android apps
- Source, sink model
- “Apps consist of different components with a distinct lifecycle”.
- To increase precision: context-, flow-, field- and object-sensitive
- To increase recall: create a complete model of Android app lifecycle
- “Flow-sensitivity”: the order of statements
- Abstract:
- Source, sink, and entry-point detection: parse manifest file, parse .dex files, parse layout XMLs.
- Generate main method, build call graph, perform taint analysis
- Limitations:
- Reflection analysis
- Unsoundness
- Multi-threading