Does secucheck support taint-analysis for Android Apk?

secure-software-engineering / secucheck

Soot-based taint analysis with internal Java fluent interface for security specifications in fluentTQL implemented with MagpieBridge to support multiple IDEs.

MIT License

16 stars 7 forks source link

Does secucheck support taint-analysis for Android Apk? #4

Open Xiangxingqian opened 2 years ago

Xiangxingqian commented 2 years ago

Hi, does secucheck support taint-analysis for Android Apk without source code?

piskachev commented 2 years ago

Hello! No, that is currently not supported. It should be relativelly easy to use the infrastructure from FlowDroid to process the APK and build the call graph and then use the SecuCheck analysis. This should work well since both tools are based on the Soot framework. But this needs some integration effort which we have not done yet.