Very Easy Job — A program to simplify the process of taint analysis using FlowDroid for android apps
- Place the apk file(s) into the "apk" folder
- Run the run.py (Windows) or run-mac.py (Mac) for taint analysis
- Result, if any, will be placed in "sootOutput" folder
- Create a new directory under android-platforms with the appropriate name
- You must use the android-<api-number> syntax to ensure that VEJ can find your android-platform
- Place android.jar into the new directory
- Ensure that it is a fully-implemented Android JAR file and not one that ships with Google's Android SDK
- Platform JAR files that ships with Google's Android SDK contains method stubs and are not suitable for SuSi
- Fully-implemented Android JAR files can be extracted from an emulator or a real phone
- Run the susi.sh to generate the new source sink lists
- For now we only support automation with a bash shell script
- Windows users may try running it with a bash shell or performing the steps manually
- Create a new directory under android-platforms with the appropriate name
- You must use the android-<api-number> syntax to ensure that VEJ can find your android-platform
- Place android.jar into the new directory
- Ensure that it is a fully-implemented Android JAR file and not one that ships with Google's Android SDK
- Platform JAR files that ships with Google's Android SDK contains method stubs and are not suitable for SuSi
- Fully-implemented Android JAR files can be extracted from an emulator or a real phone.
- Then, open up cmd and go to the folder containing SuSi
- The command to run SuSi manually is
java -Xmx4g -cp susi\weka.jar;flowdroid\soot-trunk.jar;flowdroid\soot-infoflow.jar;flowdroid\soot-infoflow-android.jar;susi\susi.jar de.ecspride.sourcesinkfinder.SourceSinkFinder <filepath> permissionMethodWithLabel.pscout out.pscout - Upon completion, SuSi will produce multiple files. What we'll need is the
out_CatSources.pscoutandout_CatSinks.pscoutfiles - Move the two files into the directory that you have created earlier in step 1