[Soot-list] Static Analysis
Eric Bodden
eric.bodden at uni-paderborn.de
Tue Dec 4 11:48:22 EST 2018
To add to what the others wrote already, you may wish to use the extension FlowDroid to construct a decent callgraph for an app.
Cheers
Eric
--
Sent from my mobile
________________________________
Von: Gregor Beatson <gregor.beatson at gmail.com>
Gesendet: Samstag, 1. Dezember 2018 14:45
An: soot-list at cs.mcgill.ca
Betreff: [Soot-list] Static Analysis
Hi everyone,
I'm planning on making a static analysis tool which would focus on Android permissions and their potential misuse. Currently I am looking at using Soot to decompile the APKs into jimple, and performing the analysis on that.
The main example I can find to do with using Soot on Android apps comes from here: https://github.com/Sable/soot/wiki/Instrumenting-Android-Apps-with-Soot
However, I am unsure of how relevant this is for me. I need to be able to go through the code to detect uses of permissions. At first, the 'transformer' seems to provide this functionality, but on further inspection it seems that it is used to modify the source code rather than perform analysis on it. In this context, does 'transform' literally mean to transform (modify) the code, or is it general enough that it could be used for my purposes? Is there something else in Soot that would do this, if not transformers?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20181204/4ea6317f/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2302 bytes
Desc: not available
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20181204/4ea6317f/attachment.bin>
More information about the Soot-list
mailing list