[Soot-list] FlowDroid callback extraction in obfuscated library

Faridah Akinotcho faridath.akinotcho at yahoo.fr
Wed Jul 28 13:59:53 EDT 2021 

Dear Mr Arzt,
Thank you for your reply and the clarification. I will look into library detection as you suggested.
Best regards,Faridah Akinotcho

Sent from Yahoo Mail on Android 
 
  On Wed, Jul 28, 2021 at 1:31, Arzt, Steven<steven.arzt at sit.fraunhofer.de> wrote:   Dear Faridah,

FlowDroid matches the class name inside the "AndroidCallbacks.txt" against the 
parameter types of registration methods inside the app. This works fine for 
classes from the Android SDK, i.e., the classes installed on the phone. For 
Android support classes compiled into the app, on the other hand, it might not 
work, since these apps may be obfuscated and the classes may be renamed. In 
that case, the matching fails and the callback will not be found.

By default, FlowDroid does not have any mechanism to detect obfuscated 
callbacks. Maybe some of the work that has been done on library detection in 
obfuscated apps can be adapted to detect obfuscated callbacks. If you want to 
work on that, merge requests are always welcome.

Best regards,
  Steven


-----Original Message-----
From: Soot-list <soot-list-bounces at CS.McGill.CA> On Behalf Of Faridah 
Akinotcho
Sent: Mittwoch, 28. Juli 2021 03:52
To: Soot-list <soot-list at cs.mcgill.ca>
Subject: [Soot-list] FlowDroid callback extraction in obfuscated library

Hi,

My name is Faridah Akinotcho and I am currently using FlowDroid to build 
static app models. For this purpose, there are specific callbacks which I need 
to parse and analyze. In particular, I extended the AndroidCallbacks.txt file, 
with 'android.support.design.widget.NavigationView$OnNavigationItemSelected' 
in order to obtain the callback 'boolean onNavigationItemSelected(MenuItem 
menuItem)'

The APK that I am working with obfuscate some of the library methods by 
renaming, as shown in the picture:



My understanding was that, since FlowDroid parses bytecode, it would find and 
parse NavigationView$OnNavigationItemSelected, then extract its interface 
methods. However, logs show that FlowDroid extract NavigationView$a (the 
obfuscated version of the interface), which results in callbacks not being 
found.

I was hoping I could get some clarification on whether this is the expected 
behavior and if so, I would greatly appreciate any pointers on how to solve 
this issue. Please note that, building an exhaustive list of all the 
obfuscated APIs and adding them to AndroidCallbacks.txt wouldn't be feasible, 
as the analysis I am trying to perform, will involve multiple apps, with 
potentially different obfuscated methods.

Best regards,
Faridah Akinotcho

  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.CS.McGill.CA/pipermail/soot-list/attachments/20210728/349e391c/attachment.html>

More information about the Soot-list mailing list