TDklm
commented
3 weeks ago If you have a better or more concise choice for this question, please let me know and I would greatly appreciate it.
Open TDklm opened 3 weeks ago
TDklm
commented
3 weeks ago If you have a better or more concise choice for this question, please let me know and I would greatly appreciate it.
StevenArzt
commented
3 weeks ago You can do this with Soot alone by just loading the APK, iterating over the classes in the scene, iterating over all methods in the scene, and checking whether a certain method invokes the target API:
for (SootClass sc : Scene.v().getApplicationClasses()) {
for (SootMethod sm : sc.getMethods()) {
if (sm.isConcrete()) {
for (Unit u : sm.retrieveActiveBody().getUnits()) {
Stmt s = (Stmt) u;
if (s.containsInvokeExpr()) {
InvokeExpr iexpr = s.getInvokeExpr();
if (iexpr.getTarget().getSignature().equals("<android.location.Location: double getLongitude()>))) {
// You found a call to your API
}
}
}
}
}
}I just wrote this code down and haven't compiled it, so there might be typos.
TDklm
commented
2 weeks ago Thank you, I will try it.
I want to detect whether some sensitive methods are used in Apk. I can modify these methods into the form like <android.location.Location: double getLongitude()> -> SOURCE in SourcesAndSinks.txt. I do not need to trace the data flow of the method.. I know Flowdroid can realize my requirements, but I don't know where to modify the code and implement it. If you know, please tell me, thanks a lot.