Androi Apps Results

[GoogleCodeExporter]

What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?


Please use labels and text to provide additional information.

Original issue reported on code.google.com by [email protected] on 13 Sep 2013 at 4:09

Attachments:

• AndroiAppsResults

[GoogleCodeExporter]

Fixed:
Callbacks_LocationLeak1
Callbacks_LocationLeak2
Callbacks_LocationLeak3
FieldAndObjectSensitivity_FieldSensitivity3
Lifecycle_ActivityLifecycle3
Lifecycle_ServiceLifecycle1

False positive:
Callbacks_MultiHandlers1: Due to object sensitivity (I think)
ArraysAndLists_ArrayAccess1: type imprecision 
ArraysAndLists_ArrayAccess2: type imprecision
ArraysAndLists_ListAccess1: type imprecision
FieldAndObjectSensitivity_FieldSensitivity4: Due to flow sensitivity
FieldAndObjectSensitivity_ObjectSensitivity2: flow sensitivity
GeneralJava_UnreachableCode: We are not whole-program analysis...

True negative: We don't handle implicit flow
GeneralJava_Exceptions4
ImplicitFlows_ImplicitFlow1
ImplicitFlows_ImplicitFlow2
ImplicitFlows_ImplicitFlow3
ImplicitFlows_ImplicitFlow4

Original comment by [email protected] on 16 Sep 2013 at 7:56

[GoogleCodeExporter]

AndroidSpecific_PrivateDataLeak1: I don't think there is a leak, because 
"sendMessage" isn't called in the life circle of Activity. 

Original comment by [email protected] on 16 Sep 2013 at 8:05

[GoogleCodeExporter]

New Test Results:

False Positive:

AndroidSpecific_InactiveActivity
SUB-102: InactiveActivity.java:27(213):VAR_imei{@Secret}  <:  
(InactiveActivity.java:29(221):EXP_Log.i("INFO", imei){@Secret} =m=> 
zLIB:android.util.Log:0(226):VAR_arg1{@Tainted})

ArraysAndLists_ArrayAccess1
SUB-153: 
(ArrayAccess1.java:39(308):EXP_arrayData[ArrayAccess1.java:39(309):#INTERNAL#]{@
Secret} =f=> ArrayAccess1.java:39(309):#INTERNAL#{@Poly})  <:  
ArrayAccess1.java:39(307):EXP_arrayData[2]{@Tainted}

ArraysAndLists_ListAccess1
SUB-187: (ListAccess1.java:27(242):THIS_onCreate(android.os.Bundle){@Secret} 
=f=> 
ListAccess1.java:25(239):VAR_listData:[ListAccess1.java:25(240):#INTERNAL#]{@Pol
y})  <:  
ListAccess1.java:38(342):EXP_listData:[ListAccess1.java:38(343):#INTERNAL#]{@Tai
nted}

FieldAndObjectSensitivity_FieldSensitivity4
SUB-122: (FieldSensitivity4.java:30(258):VAR_data1{@Secret} =f=> 
FieldSensitivity4.java:39(286):VAR_value{@Poly})  <:  
FieldSensitivity4.java:33(285):EXP_data1.value{@Tainted}

FieldAndObjectSensitivity_ObjectSensitivity2
1: 
SUB-157: (OverwiteValue.java:28(261):VAR_ds{@Secret} =f=> 
DataStore.java:4(229):VAR_field{@Poly})  <:  
OverwiteValue.java:41(332):EXP_ds.field{@Tainted}
2: 
SUB-152: OverwiteValue.java:27(260):VAR_var{@Secret}  <:  
(OverwiteValue.java:39(298):VAR_sms{@Secret} =m=> 
zLIB:android.telephony.SmsManager:0(310):VAR_arg2{@Tainted}



Negative Positive:
AndroidSpecific_PrivateDataLeak1
Callbacks_AnonymousClass1 (There are two leaks, only catch one)
Callbacks_Button2 (There are two potential leaks, only catch one)
Callbacks_LocationLeak3 (There are two leaks, only catch one)
GeneralJava_Exceptions4
ImplicitFlows_ImplicitFlow2
ImplicitFlows_ImplicitFlow3
ImplicitFlows_ImplicitFlow4


PS: When run the program, there are warnings like:
Lifecycle_ActivityLifecycle4/src/de/ecspride/MainActivity.java:25: warning: 
onCreate(android.os.Bundle) in de.ecspride.MainActivity cannot override 
onCreate(android.os.Bundle) in android.app.Activity; attempting to use an 
incompatible receiver type
    protected void onCreate(Bundle savedInstanceState) {
                   ^
  found   : @Mutable @Secret MainActivity
  required: @Mutable @Poly Activity

Original comment by [email protected] on 17 Sep 2013 at 3:34