[Soot-list] Can FlowDroid recognize source and sink in a worker thread?

Tue Aug 26 05:02:23 EDT 2014

Hi Jin.

Hmm, this looks odd.  Normally, appropriate call-graph edges should be present. Did you have a look to see if the call graph is complete, i.e., whether it contains a call to doPost?

Cheers,
Eric

On 26.08.2014, at 09:37, Jin Li <lijin1988 at gmail.com> wrote:

> Hi Eric,
> 
> A worker thread, I mean, a thread which is created in the UI thread and do the time-consuming work.
> 
> A code snippet:
> 
> public void onCreate(Bundle paramBundle)
>   {
>     super.onCreate(paramBundle);
>     setContentView(2130903040);
>     this.dummyBtn = ((Button)findViewById(2131034120));
>     this.dummyBtn.setOnClickListener(this);
> 
>     this.myid = getMyNumber(); //sources
>     this.frdata = getContacts();  // sources
> 
> 
>     this.dialog = new ProgressDialog(this);
>     this.dialog.setMessage("しばらくお待ちください...");
>     this.dialog.setProgressStyle(0);
>     this.dialog.show();
>     if ((this.myid != null) && (this.frdata != ""))
>     {
>       new Thread(new Progress(null)).start();
>       return;
>     }
>     this.dialog.dismiss();
>     IntentFilter localIntentFilter = new IntentFilter();
>     localIntentFilter.addAction("android.intent.action.BATTERY_CHANGED");
>     registerReceiver(this.mBroadcastReceiver, localIntentFilter);
>   }
> 
> private class Progress implements Runnable
>   {
>     private Progress() {}
>     public void run()
>     {
>       AppActivity.this.doPost();
>       
>     }
>   }
> void doPost(){
> //sinks malicious actions
> }
> 
> The new Thread would call doPost() which contains the sinks that send sensitive data out of the device.
> 
> The results produced by FlowDroid omit these sinks. However, it regards the registerReceiver as a sink and produces a path from the source to this sink.
> 
> I am confused by that results.
> 
> Thanks
> 
> Best Regards,
> Jin
> 
> 
> 
> 
> 
> 
> 
> 2014-08-26 14:51 GMT+08:00 Bodden, Eric <eric.bodden at sit.fraunhofer.de>:
> Hi Jin.
> 
> What exactly do you mean by a worker thread?
> 
> Eric
> 
> --
> Sent from my mobile
> 
> On Aug 25, 2014 2:46 PM, Jin Li <lijin1988 at gmail.com> wrote:
> Hi All,
> 
> I use FlowDroid to analysis my apk files and then manually check the results it produced.
> 
> It seemed when the source or sink appeared in a worker thread, FlowDroid would omit this source or sink. The paths reported by FlowDroid would be less than it supposed.
> 
> I attached the apk. 
> 
> Can anybody shed light on the reason? or  Did I use a wrong configuration?
> 
> I really need your help, Thanks
> 
> Best Regards,
> Jin
> 

--
Prof. Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
Head of Secure Software Engineering  at Fraunhofer SIT, TU Darmstadt and EC SPRIDE
Tel: +49 6151 16-75422    Fax: +49 6151 16-72051
Room 3.2.14, Mornewegstr. 30, 64293 Darmstadt

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140826/5af200d8/attachment-0001.bin 