secure-software-engineering / FlowDroid

FlowDroid Static Data Flow Tracker
GNU Lesser General Public License v2.1
1.06k stars 299 forks source link

Analysing apps where FlowDroid is included #165

Open gianiaco opened 5 years ago

gianiaco commented 5 years ago

Hi to all, I was wondering if is possible to use FlowDroid API to analyse the app where it is included.

InfoflowAndroidConfiguration config = new InfoflowAndroidConfiguration();
config.getAnalysisFileConfig().setAndroidPlatformDir(androidJarPath);
config.getAnalysisFileConfig().setTargetAPKFile(apkPath);
config.setMergeDexFiles(true);

SetupApplication analyzer = new SetupApplication(config);
InfoflowResults results = analyzer.runInfoflow();

If i can "predict" androidJarPath and apkPath i could be able to get the set of source-to-sink connections, right? If yes, how? Thanks for your work!

StevenArzt commented 5 years ago

I don't really understand your question, sorry. The "Android JAR Path" is the path to the "platforms" directory inside the Android SDK installation on your computer. There is no need to predict anything, it depends on your installation. The "Target APK file" is the file you want to analyze. You need to tell the software what you want to analyze.

gianiaco commented 5 years ago

Sorry, i try to explain better what i mean

I don't really understand your question, sorry. The "Android JAR Path" is the path to the "platforms" directory inside the Android SDK installation on your computer. There is no need to predict anything, it depends on your installation.

Yes, you're right

The "Target APK file" is the file you want to analyze. You need to tell the software what you want to analyze.

This is the point. i would to use FlowDroid at "run-time" while it's included in an app. Do you think is it possible?

MarcMil commented 5 years ago

So you want to run a static dataflow tracker on your smartphone? Honestly, this doesn't sound like a good idea for two reasons (if we are talking about smartphones):

Maybe you want to take a dynamic data flow approach into your consideration?

ClaudioRizzo commented 5 years ago

As @MarcMil suggested, it doesn't sound like a job for a static analyser, but rather a dynamic one. Flowdroid reasons on the code of an app and running it included in the app at "run-time" doesn't make any sense. Do you want to have the taint tracker to interrupt when a flow is seen at run time? if yes then you definitely need a dynamic approach :)

gianiaco commented 5 years ago

Do you want to have the taint tracker to interrupt when a flow is seen at run time? if yes then you definitely need a dynamic approach :)

Yes, that was the answer i was looking for i guess... any advise about which tracker?