<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:SimSun;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
        {font-family:SimSun;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:DengXian;
        panose-1:3 0 5 9 0 0 0 0 0 0;}
@font-face
        {font-family:"MS UI Gothic";
        panose-1:2 11 6 0 7 2 5 8 2 4;}
@font-face
        {font-family:"\@MS UI Gothic";
        panose-1:2 11 6 0 7 2 5 8 2 4;}
@font-face
        {font-family:"\@DengXian";
        panose-1:3 0 5 9 0 0 0 0 0 0;}
@font-face
        {font-family:"\@SimSun";
        panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        text-align:justify;
        font-size:10.5pt;
        font-family:DengXian;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:SimSun;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Sprechblasentext Zchn";
        margin:0cm;
        margin-bottom:.0001pt;
        text-align:justify;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";}
span.E-MailFormatvorlage18
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
span.SprechblasentextZchn
        {mso-style-name:"Sprechblasentext Zchn";
        mso-style-priority:99;
        mso-style-link:Sprechblasentext;
        font-family:"Tahoma","sans-serif";}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE link=blue vlink=purple style='text-justify-trim:punctuation'><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Hi Young,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>The second data flow that was missed is an implicit flow. There is no sequence of direct assignments between source and sink. Instead, the value that  arrives at the sink is control-dependent on the value obtained from the source. By default, FlowDroid does not track such dependencies. If you need to, you can enable implicit flow tracking using the --implicit command-line option. This will, however, increase the runtime and memory consumption of your analysis.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Additionally, for real-world apps, you will get a lot of additional flows as this definition of a data flow is very broad.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Best regards,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>  Steven<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal align=left style='text-align:left'><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Von:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> XiaoYang [mailto:yangx92@hotmail.com] <br><b>Gesendet:</b> Dienstag, 8. Dezember 2015 15:14<br><b>An:</b> Steven Arzt; 'soot-list@CS.McGill.CA'<br><b>Betreff:</b> </span><span style='font-size:10.0pt;font-family:"MS UI Gothic","sans-serif"'>答复</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>: [Soot-list] print the path from source(s) to sink(s) found by flowdroid<o:p></o:p></span></p></div></div><p class=MsoNormal align=left style='text-align:left'><o:p>&nbsp;</o:p></p><p class=MsoNormal><b><span lang=EN-US style='color:black;mso-fareast-language:ZH-CN'>Hi Steven,</span></b><b><span lang=EN-US style='font-size:11.0pt;color:black;mso-fareast-language:ZH-CN'><o:p></o:p></span></b></p><p class=MsoNormal><span lang=EN-US style='color:black;mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='color:black;mso-fareast-language:ZH-CN'>I appended </span></b><b><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>“—pathalgo contextsensitive” to command line. It showed more information than before. However, it lost some information. <o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>For example, below is the android application code snippets.<o:p></o:p></span></b></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&gt;&gt;&gt;<o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; protected void onRestart(){<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; super.onRestart();<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EditText usernameText =<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (EditText)findViewById(R.id.username);<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; EditText passwordText =<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; (EditText)findViewById(R.id.pwdString);<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String uname = usernameText.getText().toString();<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;String pwd = passwordText.getText().toString();<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if(!uname.isEmpty() &amp;&amp; !pwd.isEmpty())<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; this.user = new User(uname, pwd);<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; }<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp; //Callback method defined in xml file<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp; public void sendMessage(View view) throws UnsupportedEncodingException{<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; if(user == null) return;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Password pwd = user.getpwd();<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String pwdString = pwd.getPassword();<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String obfPwd = &quot;&quot;;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; //must track primitives<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; for(char c : pwdString.toCharArray())<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; obfPwd += c + &quot;_&quot;;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String message = &quot;User: &quot; +<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; user.getName() + &quot; | PWD: &quot; + obfPwd;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String message_base64 = Base64.encodeToString(message.getBytes(),Base64.DEFAULT);<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; SmsManager sms = SmsManager.getDefault();<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; sms.sendTextMessage(&quot;+86 12345678901&quot;,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; null, message_base64, null, null); //pwd_str+uname_str<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp; }<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'>&gt;&gt;&gt;<o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='mso-fareast-language:ZH-CN'>I run the flowdroid with options</span></b><b><span lang=ZH-CN style='mso-fareast-language:ZH-CN'>“</span></b><b><span lang=EN-US style='mso-fareast-language:ZH-CN'>--pathalgo contextsensitive --implicit true -aplength 15</span></b><b><span lang=ZH-CN style='mso-fareast-language:ZH-CN'>”</span></b><b><span lang=EN-US style='mso-fareast-language:ZH-CN'>.<o:p></o:p></span></b></p><p><b><span lang=EN-US style='mso-fareast-language:ZH-CN'>Following is the information given by flowdroid.<o:p></o:p></span></b></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>&gt;&gt;&gt;<o:p>&nbsp;</o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>The sink virtualinvoke $r9.&lt;android.telephony.SmsManager: void sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)&gt;(&quot;+86 12345678901&quot;, null, $r5, null, null) on line 49 in method &lt;com.example.leakpasswd.MainActivity: void sendMessage(android.view.View)&gt; was called with values from the following sources:</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>- - $r1 = virtualinvoke $r0.&lt;com.example.leakpasswd.MainActivity: android.view.View findViewById(int)&gt;(2131230724) on line 26 in method &lt;com.example.leakpasswd.MainActivity: void onRestart()&gt;</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>on Path:</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; &lt;com.example.leakpasswd.MainActivity: void onRestart()&gt;</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; $r1 = virtualinvoke $r0.&lt;com.example.leakpasswd.MainActivity: android.view.View findViewById(int)&gt;(2131230724)</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; &lt;com.example.leakpasswd.MainActivity: void onRestart()&gt;</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; $r3 = (android.widget.EditText) $r1</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; &lt;com.example.leakpasswd.MainActivity: void onRestart()&gt;</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; $r4 = virtualinvoke $r3.&lt;android.widget.EditText: android.text.Editable getText()&gt;()</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; &lt;com.example.leakpasswd.MainActivity: void onRestart()&gt;</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; $r6 = interfaceinvoke $r4.&lt;android.text.Editable: java.lang.String toString()&gt;()</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; &lt;com.example.leakpasswd.MainActivity: void onRestart()&gt;</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; $z0 = virtualinvoke $r6.&lt;java.lang.String: boolean isEmpty()&gt;()</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; &lt;com.example.leakpasswd.MainActivity: void onRestart()&gt;</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; if $z0 != 0 goto return</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; &lt;com.example.leakpasswd.MainActivity: void onRestart()&gt;</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; $r0.&lt;com.example.leakpasswd.MainActivity: com.example.leakpasswd.User user&gt; = $r7</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; &lt;com.example.leakpasswd.MainActivity: void onRestart()&gt;</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; return</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; &lt;dummyMainClass: void dummyMainMethod(java.lang.String[])&gt;</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; virtualinvoke $r1.&lt;com.example.leakpasswd.MainActivity: void sendMessage(android.view.View)&gt;($r3)</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; &lt;com.example.leakpasswd.MainActivity: void sendMessage(android.view.View)&gt;</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; $r2 = $r0.&lt;com.example.leakpasswd.MainActivity: com.example.leakpasswd.User user&gt;</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; &lt;com.example.leakpasswd.MainActivity: void sendMessage(android.view.View)&gt;</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; if $r2 != null goto $r2 = $r0.&lt;com.example.leakpasswd.MainActivity: com.example.leakpasswd.User user&gt;</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; &lt;com.example.leakpasswd.MainActivity: void sendMessage(android.view.View)&gt;</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>-&gt; virtualinvoke $r9.&lt;android.telephony.SmsManager: void sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)&gt;(&quot;+86 12345678901&quot;, null, $r5, null, null)</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>&gt;&gt;&gt;<o:p>&nbsp;</o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><p><b><span lang=EN-US style='mso-fareast-language:ZH-CN'>The flowdroid did not track code below. <o:p></o:p></span></b></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>&gt;&gt;&gt;<o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; for(char c : pwdString.toCharArray())<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; obfPwd += c + &quot;_&quot;;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String message = &quot;User: &quot; +<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; user.getName() + &quot; | PWD: &quot; + obfPwd;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:black;mso-fareast-language:ZH-CN'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; String message_base64 = Base64.encodeToString(message.getBytes(),Base64.DEFAULT);<o:p></o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'>&gt;&gt;&gt;<o:p>&nbsp;</o:p></span></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><p><b><span lang=EN-US style='mso-fareast-language:ZH-CN'>Is there solution to handle this?<o:p></o:p></span></b></p><p><span lang=EN-US style='mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><p><b><span lang=EN-US style='mso-fareast-language:ZH-CN'>Grate thanks!!<o:p></o:p></span></b></p><p><b><span lang=EN-US style='mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></b></p><p><b><span lang=EN-US style='mso-fareast-language:ZH-CN'>Young<o:p></o:p></span></b></p><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US style='mso-fareast-language:ZH-CN'><br></span><b><span lang=ZH-CN style='mso-fareast-language:ZH-CN'>发件人</span></b><b><span lang=EN-US style='mso-fareast-language:ZH-CN'>: </span></b><span lang=EN-US style='mso-fareast-language:ZH-CN'>Steven Arzt<br></span><b><span lang=ZH-CN style='mso-fareast-language:ZH-CN'>发送时间</span></b><b><span lang=EN-US style='mso-fareast-language:ZH-CN'>: </span></b><span lang=EN-US style='mso-fareast-language:ZH-CN'>2015</span><span lang=ZH-CN style='mso-fareast-language:ZH-CN'>年</span><span lang=EN-US style='mso-fareast-language:ZH-CN'>12</span><span lang=ZH-CN style='mso-fareast-language:ZH-CN'>月</span><span lang=EN-US style='mso-fareast-language:ZH-CN'>7</span><span lang=ZH-CN style='mso-fareast-language:ZH-CN'>日</span><span lang=EN-US style='mso-fareast-language:ZH-CN'> 16:33<br></span><b><span lang=ZH-CN style='mso-fareast-language:ZH-CN'>收件人</span></b><b><span lang=EN-US style='mso-fareast-language:ZH-CN'>: </span></b><span lang=EN-US style='mso-fareast-language:ZH-CN'>'XiaoYang';'soot-list@CS.McGill.CA'<br></span><b><span lang=ZH-CN style='mso-fareast-language:ZH-CN'>主题</span></b><b><span lang=EN-US style='mso-fareast-language:ZH-CN'>: </span></b><span lang=EN-US style='mso-fareast-language:ZH-CN'>AW: [Soot-list] print the path from source(s) to sink(s) found by flowdroid</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p></div><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;font-family:SimSun;mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:ZH-CN'>Hi Xiao,</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:ZH-CN'>That’s possible. You need to enable a path reconstruction algorithm that supports path reconstruction. If you are using the FlowDroid command-line application, just append “--pathalgo contextsensitive” to your command line. It will increase the runtime, though.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:ZH-CN'>Best regards,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:ZH-CN'>&nbsp; Steven<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri","sans-serif";color:#1F497D;mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal align=left style='text-align:left'><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:ZH-CN'>Von:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:ZH-CN'> <a href="mailto:soot-list-bounces@CS.McGill.CA">soot-list-bounces@CS.Mc<span lang=DE>Gill.CA</span></a></span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:ZH-CN'> [<a href="mailto:soot-list-bounces@CS.McGill.CA">mailto:soot-list-bounces@CS.McGill.CA</a>] <b>Im Auftrag von </b>XiaoYang<br><b>Gesendet:</b> Sonntag, 6. Dezember 2015 04:55<br><b>An:</b> <a href="mailto:soot-list@CS.McGill.CA">soot-list@CS.McGill.CA</a><br><b>Betreff:</b> [Soot-list] print the path from source(s) to sink(s) found by flowdroid<o:p></o:p></span></p></div></div><p class=MsoNormal align=left style='text-align:left'><span style='font-size:11.0pt;mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'>Hi all,</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'>Suppose that I found there is information leak in android application by flowdroid. Could I print the path from source(s) to sink(s)?</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'>Take an example. Below is the partial information given by flowdroid.</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'>&gt;&gt;[main] INFO soot.jimple.infoflow.Infoflow - The sink virtualinvoke $r10.&lt;android.telephony.SmsManager: void sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)&gt;(&quot;+86 123456789&quot;, null, $r6, null, null) in method &lt;com.example.leakpasswd.MainActivity: void onCreate(android.os.Bundle)&gt; was called with values from the following sources:</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'>&gt;&gt;[main] INFO soot.jimple.infoflow.Infoflow - - $r2 = virtualinvoke $r0.&lt;com.example.leakpasswd.MainActivity: android.view.View findViewById(int)&gt;(2131230722) in method &lt;com.example.leakpasswd.MainActivity: void onCreate(android.os.Bundle)&gt;</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'>I want to get the path from findViewById to sendTextMessage. Is there a method to handle that? </span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'>Great thanks!!</span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'>Young </span><span style='mso-fareast-language:ZH-CN'><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:ZH-CN'><o:p>&nbsp;</o:p></span></p></div></body></html>