[BlackHat tool] smalien: Information flow analysis tool for Android applications
smalien
Investigating how an application handles users’ privacy-sensitive information is essential for mobile security researchers to understand the behavior of the application and determine whether it is harmless or malicious. Our information flow analysis and information leakage detection tool, called SMALIEN, should be a good buddy when you start a journey of Android application analysis. Once you give an application to our tool, it understands the application thoroughly by executing static information flow analysis of Dalvik bytecode files extracted from the application. It performs not only static analysis but also dynamic analysis, implicit information flow detection, and privacy policy enforcement (PPE) at runtime by parasitizing the application. Smalien instruments additional bytecode to the application and the bytecode executes dynamic analysis when the application has launched on an Android device.
Smalien is an information flow analysis and information leakage detection tool for Android application analysts. Smalien performs static taint analysis of Android applications on a Linux machine as well as dynamic taint analysis, detection of information leakage due to implicit information flows, and privacy policy enforcement on an Android device at runtime.
Smalien has the following functions
- Analyzing an Android application statically and gathers information of classes, methods, variables, etc.
- Presenting the results of the analysis graphically such as a method call graph and an information flow diagram.
- Performing dynamic taint analysis on an Android device.
- Enforcing privacy policy specified by an analyst.
- Detecting information leakage due to implicit information flows.
- Logging actual information operated by any bytecode or API call, such as http request, at runtime to encourage an analyst in his/her inspection.
Install && Use
Copyright (C) 2019 h1nayoshi