How to run program

  1. Run main class in VulnerabilityDetector.java
    • usage: VulnerabilityDetector
  2. Collect output from /output.json

Project Structure

/AndroidApplications
- vulnerable android APK, decompressed APK, src
/lib
- vulnerability detector dependencies
/preprocess
- some useful tools for preprocessing APK before doing analysis
/src
- source files for vulnerability detector
/tools
- WALA method signature tool (provided by Professor Lie)
/vulnerabilities
- simple vulnerabilities apk containing only the vulnerabilities
build.gradle
- gradle script (use build.sh to build project)
build.sh
- calls gradle and build project
run.sh
- runs project, first argument is the decompressed apk location
cleanProject.sh
- cleans out all build and output files from project

Intellij Configuration

  1. Mark src folder as src
  2. Mark lib/wala folder as lib
  3. Create Run/debug Configuration
  4. Add Application
    -Name: VulnerabilityDetector
    -Main class: VulnerabilityDetector
    -Use classpath of module: AndroidSecurity

Gradle Configuration

  1. run build.sh
  2. run run.sh