The Native Over-Approximation Handler (NOAH) is a very simple Android app taint analysis tool that considers native method calls. It is simple, because (I) it does not analyze any flows, (II) it only assumes connections once a native call is encountered. Thus any taint-source is connected to any taint-sink in native code and vice versa.
The goal of the following query, for example, is to find any flows that start or end in the native library part of app
CONNECT [ Flows IN App(’A.apk’ | 'UNCOVER') ?, Flows IN App(’A.apk’ | 'UNCOVER') FEATURING 'NATIVE' ? ]
The preprocessor keyword 'UNCOVER' tells the associated AQL-System to execute NOAH as preprocessor for app
The first question for flows in answered by an arbitrary analysis tool configured in the associated AQL-System.
The second one by NOAH, assuming that it has the highest priority for flow-questions which have the
'NATIVE' feature assigned.
A complete and fully described example can be found in the referenced paper (see Publications).
The first launch parameter must always the be app to analyze/preprocess. Furthermore two additional launch parameters can be specified:
||Provide a different source and sink file (
||The output generated during the execution of this tool can be set to different levels.
- Together Strong: Cooperative Android App Analysis (Felix Pauck, Heike Wehrheim)
NOAH is licensed under the GNU General Public License v3 (see LICENSE).
- NOAH is employed in CoDiDroid: https://github.com/FoelliX/CoDiDroid