DIDFAIL (Droid Intent Data Flow Analysis for Information Leakage)

Note:

Current versions of DidFail:

These versions of DidFail uses newer versions of Soot and FlowDroid. It has a much higher success rate (than the SOAP 2014 version of DidFail) on the DEX conversion for real-world apps.

The most recent branches are the the Static Fields branch and the Services and BroadcastReceivers branch, which are both based off the Improved DEX Conversion branch (Nov 2014). In the future, these two branches will be merged, with an option to turn static field analysis (which is computationally intensive) on and off.

If the Java VM dies with an "insufficient memory" error, try raising max_mem or lowering the heap size ("-Xmx" option) in ~/didfail/cert/paths.local.

Questions about DidFail should be addressed to Will Klieber and Lori Flynn (see paper for email addresses).

Links: