[Soot-list] Soot and Android
DON
evolutiontheory at gmail.com
Tue Oct 2 11:58:43 EDT 2012
Thank you for the prompt reply.
I will try to go as per your suggestions and come back if I face any
problems there
On Oct 2, 2012 11:12 AM, "Bernhard Berger" <berber at tzi.de> wrote:
> Hi DON,
>
> > Basically we want to do some security analysis on android
> > applications. For this purpose we were trying to produce a call graph
> > of the various classes.
> It seems that everybody is doing security analysis for Android at the
> moment. :-)
>
>
> > Here are the problems we faced
> > 1) We had to write a main class which calls various android entry
> > points. Is there any alternative to this approach? We would like to
> > build an analysis program which takes in android apks as input. And
> > having to write a main class each time is a roadblock at least for
> > now. :-)
> I think there are two possibilities and which one suites better
> depends on the problem you want to analyze.
>
> a) Use custom entry points (for more details see
> http://www.bodden.de/2012/07/26/soot-custom-entry-points/)
>
> b) Do a first analysis step where you parse the AndroidManifest.xml,
> other configuration files and the source and generate the main-Method
> (creating Jimple is not that hard).
>
> I think that the first approach is easier to implement but is not able
> to take the component life-cycles into account. Beside of the
> entries there is even more framework knowledge you have to
> take into account to get a complete and correct call graph, such as
> component callbacks etc.
>
> Just my two bits.
>
> Bernhard
> _______________________________________________
> Soot-list mailing list
> Soot-list at sable.mcgill.ca
> http://mailman.cs.mcgill.ca/mailman/listinfo/soot-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.mcgill.ca/pipermail/soot-list/attachments/20121002/9acdd613/attachment.html
More information about the Soot-list
mailing list