reddit hackernews mail facebook facebook linkedin


Static analysis framework built in house to do security vetting for Android applications.

It has the capability to perform comprehensive, efficient and highly precise Inter-component data flow analysis.

It provides the ability to:
- Parsing Jawa codes.
- Load information from jar file and class file.
- Build AST for jawa records (classes) and procedures (methods).
- Resolving class hierarchy and class elements overwritten relationship.
- Resolving virtual method invocation.

It can conduct/build:
- Call Graph
- Reaching Definition Analysis
- Points-to Analysis
- Monotonic Data Flow Analysis,
- Reaching Facts Analysis
- Intra-/Inter- procedural Control Flow Graph
- Intra-/Inter- procedural Data Flow Graph
- Data Dependence Analysis
- Taint Analysis
- Side Effect Analysis