search

secure-software-engineering / FlowDroid

FlowDroid Static Data Flow Tracker
GNU Lesser General Public License v2.1
1.03k stars 293 forks source link

Why a BODIES resolving level is required for AppCompatActivity in inter-component tracking? #512

Open RichardHoOoOo opened 1 year ago

RichardHoOoOo commented 1 year ago

I have two activities A and B and suppose A has some extra data that flows into B with startActivity(intent). I enable IccTA and observe the data flow with a taint propagation handler.

When A extends android.app.Activity and B extends android.app.Activity, I can observe the data flow from A to B.

When A extends android.app.Activity and B extends androidx.appcompat.app.AppCompatActivity, I cannot observe the data flow from A to B unless I specifically invokes Scene.v().addBasicClass("androidx.appcompat.app.AppCompatActivity", SootClass.BODIES);

May I ask the reasons behind?

And does it mean that we need to manually set higher resolving levels for components (e.g., activity, fragment, service, etc.) in supporting libraries (e.g., v4, androidx, etc.)?

RichardHoOoOo commented 1 year ago

Hi @StevenArzt Could you take a look at this issue?