Retrieving URLs from APK files
Scala Python Java Shell
Clone or download
Latest commit 6a2a060 Jun 24, 2017
Failed to load latest commit information.
dynamic-instrumentation added apks to analyze Sep 23, 2016
lib npe for node.getIr Feb 19, 2016
post-processing committed latest scripts Dec 11, 2015
.gitignore added some tests Oct 12, 2016


Statically extracts URL strings from Android applications.


The installation requires you to build WALA (the T.J. Watson Libraries for Analysis) and to compile Stringoid to work.

Build WALA

Prerequisites: make sure to have the Android SDK and its build-tools installed (a proven-to-be-compatible version is 23.0.1).

  1. Clone
  2. Copy build-tools/*/lib/dx.jar (typically located at /Users/<username>/Library/Android/sdk/ on a Mac) to Create the lib directory if need be.
  3. Run mvn clean install -DskipTests=true -q (Note: requires Maven >=3.0, or you get a completely uninformative BUILD FAILED error. You need svn to be installed. If this step succeeds, WALA will be available as a bunch of Maven packages locally.)

Compile Stringoid

  1. Clone this project using git clone
  2. Rename / copy src/main/resources/application.conf.example to src/main/resources/application.conf (remove the .example) and provide the paths for rt.jar (typically found at /Library/Java/JavaVirtualMachines/jdk*.*.*_**.jdk/Contents/Home/jre/lib/rt.jar on a Mac) and android.jar (typically found at /Applications/Android on a Mac) within the newly created file.

Run stringoid

Once Stringoid has been installed, you can either run its tests using:

test // from within sbt

...or you can point it to run on a specific Android application (.apk file) from the root directory of the project:

java -cp target/scala-2.10/stringoid-assembly-0.1.jar -a append --lib false --ir-source interproc -u false <path/to/.apk-file>

Some example .apk files are provided in this project under stringoid/dynamic-instrumentation/real-apks/.

How to run on Spark

  1. Get Spark. Pick the same version as in build.sbt, pre-compiled for Hadoop works.
  2. Run sbt assembly
  3. Run spark-submit --master local[1] --class target/.../stringoid-assembly....jar constants src/test/resources spark-out 0, or similar.

Create and run tests

  1. Create Java source tests and put them into the src/test/java/moretests directory. You can look at the file to see an example. To create a test, write a Java program that creates URLs in some interesting way. Then, if you want to check whether stringoid detects a URL "http://xxx" or "https://yyy", write somewhere (for example in the main method):
  • Assertions.shouldContainHttp("xxx");
  • Assertions.shouldContainHttp("yyy");

That is, don't include the "http://" or "https://" as part of the URL in the assertion. 2. To run the tests, you can use sbt test from your command line. If you're using an IDE, you can go to src/test/scala/com/ibm/stringoid/ConcatenationSpec.scala and run the tests directly from there (if you use IntelliJ, right-click the file and select "Run ConcatenationSpec"). Note the following:

  1. The tests will run an inter-procedural analysis.
  2. The analysis will not detect string concatenation with the "+" operator. To write "http://" + "", you can write anything like: - StringBuilder sb = new StringBuilder(); - sb.append("http://"); - sb.append(""); - String s = url.toString; - String s = new StringBuilder("http://").append("").toString;
  3. The analysis will create an acyclic control-flow graph. Here is one consequence: consider the program
StringBuilder sb = new StringBuilder("http://");
while (...) { sb.append(""); }

Stringoid will detect the URLs "http://", "", and "http://path", but not "". 4. Please make sure that the methods in which you construct URLs are reachable from the main method of the public class in the Java test file you're implementing.