-
Notifications
You must be signed in to change notification settings - Fork 48
Running the Droidsafe Analyzer on an Android Source
There is a simple Android App with source in the Droidsafe repository:
$DROIDSAFE_SRC_HOME/android-apps/examples/PickContacts
We will use this app as an example to walk through the steps of the running the Droidsafe analyzer on an app with source.
- Preparing the Android app with source
-
Directory Structure - The root directory of the app should contain at least the following:
- AndroidManifest.xml
- res directory - contains the resources for the app
- src directory - contains the source code for the app
-
Create a makefile by
-
Copying a makefile template from the Droidsafe repository to the root directory of the app
cd $DROIDSAFE_SRC_HOME/android-apps/examples/PickContacts cp $DROIDSAFE_SRC_HOME/android-apps/Makefile_source Makefile
-
Changing the first line of the makefile from
NAME := APPNAME
to
NAME := PickContacts
so that
NAME
is set to the name of the Android app.
-
-
Running the Droidsafe static analyzer on the Android app with source using make command
make specdump
The run takes about 10 minutes to finish. (For large application, the running time may be two hours or more.)
-
Droidsafe output files
The Droidsafe analyzer places the analysis results in an output directory named
droidsafe-gen
directly under the app's root directory. These analysis results will be presented by the Droidsafe Eclipse plugin to the analyst. In the section Running the Droidsafe Eclipse Plugin we will show how to use the Droidsafe Eclipse Plugin to view the Droidsafe analysis result.The analyst can also choose to inspect the following output files in a text editor:
-
<app_name>_<configuration>_pta-report.txt: various statistics for the points-to analysis and information flow analysis
-
template-spec.ssl: Organized by event handler blocks, for each block, all the reachable sensitive sinks and their information flows.
-
info-flow-results.txt: Information flow results in terms of source-to-sink flows.
-
Previous section: Installing the Droidsafe Eclipse Plugin
Next section: Running the Droidsafe Analyzer on an Android APK