[Soot-list] Instrumenting and flow analysis
claudio
claudio.rizzo.2015 at live.rhul.ac.uk
Mon Sep 19 08:54:48 EDT 2016
Hi all,
I am Claudio, PhD student working on Android security.
At the moment I am using Soot to instrument applications and then
perform a flow analysis (using FlowDroid), comparing the result from the
flow analysis performed on the original application and the instrumented
one.
However, I have a very nasty problem: my instrumentation should not
remove flows present in the original app, but should eventually add new
ones. Unfortunately this is not the case and the analysis of my
instrumented app results with some flows missing.
I spent a lot of time thinking that the problem could have been the way
I instrument. However, this is not the case; indeed, if I only generate
code but i DO NOT insert this code into the application, differences in
flows are still found.
Basically what I do is: use soot to generate code, this code never gets
added to the app. I take the original app and the generated (but
unmodified) one, I perform the analysis and the nasty results show.
I thought it may be the fact that soot performs some optimizations that
can mess with FlowDroid, could be it the case? Also, can it be the case
that the application is obfuscated and then create some trouble?
I tried to replicate the problem on my own application but I couldn't.
Please if someone can help with this, it would be appreciated!
Bests,
Claudio
More information about the Soot-list
mailing list