Droid Intent Data Flow Analysis for Information Leakage (DidFail)

Droid Intent Data Flow Analysis for Information Leakage (DidFail) is an analysis method that is designed to identify and expose potential data leaks within Android applications. This methodology eventually helps developers learn about secure coding practices, eventually helping them to produce robust mobile applications that are tougher to crack. More and more leading organizations worldwide are introducing DidFail into their environments to enhance mobile application security.

DidFail utilizes the functions of two separate processes:

  • FlowDroid: detects intra-component data flows.
  • Epicc: detects action strings and other properties of intents.

The combination of these two processes allows developers to track both intra-component and inter-component information flow within the specified Android applications.

The DidFail analysis process

The DidFail analysis process can be broken down into two stages.

  • Data flows from each individual application are identified and the conditions which enable these data flows are determined.
  • The results are then enumerated in order to pinpoint malicious code, coding errors and vulnerabilities within the applications.

DidFail is available for download in either source code or binary. For more information about the analysis process, please see the SOAP 2014 workshop, Android Taint Flow Analysis for App Sets, and the Precise Static Analysis of Taint Flow for Android Application Sets.

The following two tabs change content below.

tal

Latest posts by tal (see all)

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.