StevenArzt
commented
5 months ago StubDroid does not support summarizing classes in APK files at the moment. Most libraries that are compiled into APK files are also available as JAR files on Maven, so we analyze those.
A few years ago, we looked into generating summaries while analyzing an APK file, but for a very specific use case. We never released this code, because we found out that it makes the analysis unbearably slow. The summary analysis must consider all possible taints in a method (because we don't know how the method will be used when the summary is applied in a totally different APK later), so it is very expensive. The normal APK analysis, on the other hand, only tracks taints that are really necessary, which is much faster. In total, we found that summaries should be pre-computed and not generated "on the fly".
What is your reason for summarizing classes in APK files?
I would like to ask if I can generate summaries for the classes in the APK file?I noticed that there is no option in soot-infoflow-summaries to generate summaries for those classes in an apk file. Also, may I ask if it is possible to generate a summary during the analysis of APK using FlowDroid?