[Soot-list] Can FlowDroid recognize source and sink in a worker thread?
Bodden, Eric
eric.bodden at sit.fraunhofer.de
Tue Aug 26 05:02:23 EDT 2014
Hi Jin.
Hmm, this looks odd. Normally, appropriate call-graph edges should be present. Did you have a look to see if the call graph is complete, i.e., whether it contains a call to doPost?
Cheers,
Eric
On 26.08.2014, at 09:37, Jin Li <lijin1988 at gmail.com> wrote:
> Hi Eric,
>
> A worker thread, I mean, a thread which is created in the UI thread and do the time-consuming work.
>
> A code snippet:
>
> public void onCreate(Bundle paramBundle)
> {
> super.onCreate(paramBundle);
> setContentView(2130903040);
> this.dummyBtn = ((Button)findViewById(2131034120));
> this.dummyBtn.setOnClickListener(this);
>
> this.myid = getMyNumber(); //sources
> this.frdata = getContacts(); // sources
>
>
> this.dialog = new ProgressDialog(this);
> this.dialog.setMessage("しばらくお待ちください...");
> this.dialog.setProgressStyle(0);
> this.dialog.show();
> if ((this.myid != null) && (this.frdata != ""))
> {
> new Thread(new Progress(null)).start();
> return;
> }
> this.dialog.dismiss();
> IntentFilter localIntentFilter = new IntentFilter();
> localIntentFilter.addAction("android.intent.action.BATTERY_CHANGED");
> registerReceiver(this.mBroadcastReceiver, localIntentFilter);
> }
>
> private class Progress implements Runnable
> {
> private Progress() {}
> public void run()
> {
> AppActivity.this.doPost();
>
> }
> }
> void doPost(){
> //sinks malicious actions
> }
>
> The new Thread would call doPost() which contains the sinks that send sensitive data out of the device.
>
> The results produced by FlowDroid omit these sinks. However, it regards the registerReceiver as a sink and produces a path from the source to this sink.
>
> I am confused by that results.
>
> Thanks
>
> Best Regards,
> Jin
>
>
>
>
>
>
>
> 2014-08-26 14:51 GMT+08:00 Bodden, Eric <eric.bodden at sit.fraunhofer.de>:
> Hi Jin.
>
> What exactly do you mean by a worker thread?
>
> Eric
>
> --
> Sent from my mobile
>
> On Aug 25, 2014 2:46 PM, Jin Li <lijin1988 at gmail.com> wrote:
> Hi All,
>
> I use FlowDroid to analysis my apk files and then manually check the results it produced.
>
> It seemed when the source or sink appeared in a worker thread, FlowDroid would omit this source or sink. The paths reported by FlowDroid would be less than it supposed.
>
> I attached the apk.
>
> Can anybody shed light on the reason? or Did I use a wrong configuration?
>
> I really need your help, Thanks
>
> Best Regards,
> Jin
>
--
Prof. Eric Bodden, Ph.D., http://sse.ec-spride.de/ http://bodden.de/
Head of Secure Software Engineering at Fraunhofer SIT, TU Darmstadt and EC SPRIDE
Tel: +49 6151 16-75422 Fax: +49 6151 16-72051
Room 3.2.14, Mornewegstr. 30, 64293 Darmstadt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20140826/5af200d8/attachment-0001.bin
More information about the Soot-list
mailing list