Rimaz is a tool that helps analyze the byte code of Android applications written in Java.
This is an experimentation version of the Rimaz Tool. Rimaz is an Arabic word that means "code" like in "source code", written in Arabic: رِماز or الرِّماز
Rimaz is a tool that helps detect out of the apk file :
- The main components, such as Custom UIElements (Views), Activities, Fragments, Dialogs, Application classes etc. ;
- The Input events, including :
- Listener based input events;
- Life cycle and non life cycle Event handlers;
- Model entities that might be used in an Android application;
- Principally, the dominant presentation layer architectural style that is used in an Android application including (MVC, MVP, MVVM);
Rimaz uses SOOT framework on parse Android applications bytecode, for this reason, Rimaz needs some components related to SOOT to perform its analyses, such as Android platforms.
Rimaz was buit as part of my master's degree at Université du Québec À Montréal, you can read more about it in the thesis.
You can also read more about the study, Rimaz and the conducted experiments in this published research paper.
The "Expermentation" package uses the Rimaz tool, it is the "Expermentation" application that you should use to apply analyses on an Android application.
You can get the Expermentation jar directly from this link
Expermentation jar must be run with the following parameters :
- -p followed by a path to the directory containing Android platform files that SOOT uses to perform the analyses.
- -t followed by an positive integer for setting a timeout (in minutes)
- -d followed by a path to the directory containing the applications to be analyzed.
- -o followed by a path to a csv file that represents the analyses output file.
We highly recommend increasing the jvm heap size to successfully analyze big applications.
Android platform files should be downloaded locally to use Rimaz.
For example, to run the Expermentation jar for a 60 minutes timeout for each application that is contained in a specific directory you can use the following command :
java -jar path_to_Expermentation.jar -p path_to_AndroidPlatforms -t 60
-d path_to_appsDirectory -o path_to_output.csv
Rimaz filters out the used libraries in an application by using an extensive blacklist of widely used libraries, this list contains :
- More than 1300 library package names that where constructed by Li et al. in their study An Investigation into the Use of Common Libraries in Android Apps
- Another number of more than 1000 library package names that we collected manually from community web sites such as Android Arsenal and Ultimate Android Reference
This blacklist is integrated (temporarily) within the Rimaz tool.
As some applications may be too complex, their analysis may take a considerable long time.
The current version of Rimaz is developed with parallelism in mind, for the sake of making experimentation in multi-processor computers, using Rimaz in computers with a low number of processors would probably slow down the execution time.
To asses our tool, we tested it on a set of opensource applications and we validated the results manually. You can find the list of the application in this list.
Our analyses were conducted on a set of Android applications downloaded from Google Play Store.
This list contains more than 5000 applications that we downloaded randomly from Google Play Store along with the metadata used for the analyses.
This framework :
- Is NOT unit-tested !
- Is no longer maintained since 2018 !
- Does not take in consideration newer implementations, architectures or changes and updates that were brought to the Android plateform since 2018 !
- Does not guarantee a correct functioning with all Android application, as many are written in different languages and using different platforms (Kotlin, Web, Xamarin ...) !