Can soot still be used now? Do I need to use sootup?

[judeomg]

I want to know what is the difference between soot and sootup. Is it okay to use the old version of soot?

[StevenArzt]

Soot is still maintained and is updated with bug fixes and occasionally new features. SootUp is a newer version of Soot with a redesigned architecture that shall eventually replace Soot.

However, SootUp is not feature-complete. There are things that Soot can do and SootUp can't. For example, SootUp cannot perform instrumentation and write out Java bytecode or Android Dex code. There are quite many features that haven't yet been in the focus of the SootUp team.

Another example: We cannot yet port FlowDroid to SootUp. SootUp would first need a proper Android frontend, i.e., one that is not based on dex2jar, plus a few more features here and there.

So for the time being, there are two projects in the community. I'm not happy about this, but since both projects are driven by research groups, there is only limited capacity for engineering tasks such as writing frontends, backends, etc. Such work won't give you any scientific merit, so people tend to focus on the features they need to complete for whatever other project they are currently doing.