Yet another static code analyzer for malicious Android applications
GNU Lesser General Public License v3.0
477
stars
159
forks
source link
Though Androwarn is meant for Static Analysis (whose purpose is to analyze the features of an application before executing it) , why does it display "Code Execution" in the generated analysis report? #14
Androwarn, among all malicious behaviours, also looks for arbitrary code execution: through Java Native Interface, or plain UNIX command (Java class and method runtime.exec).
Androwarn does not perform any dynamic execution of anything.
Androwarn, among all malicious behaviours, also looks for arbitrary code execution: through Java Native Interface, or plain UNIX command (Java class and method
runtime.exec
).Androwarn does not perform any dynamic execution of anything.