Steven Arzt

Thank you for the positive feedback on FlowDroid. Obtaining all paths between a source and a sink is a non-trivial problem. Let's take the following code: ``` void main() {...

Since there has not been any further activity on this issue, I assume that the question has been answered to the satisfaction of the original author.

You can do this with Soot alone by just loading the APK, iterating over the classes in the scene, iterating over all methods in the scene, and checking whether a...

Since there has not been any further activity on this issue, I assume that the question has been answered.

This is an annoying problem. The person who maintained this component at UPB has left and Maven Central keeps asking that he confirms granting access to whoever wants to continue...

In the output, we report the sink statement together with the method that contains the sink statement. That's the semantics of ``in``. The given method will not appear in the...

That was a misunderstanding. There is a call site in your code where youu invoke ``getDeviceId``. There is no outgoing edge from this call site to the ``getDeviceId`` method since...

Correct. However, you can't directly call the constructor for the ``TelephonyManager`` class in Android, it's only accessible via the factory method.

You're confusing data flow with control flow. FlowDroid reports data flows, so you have a sink statement inside a method, where the statement is the sink. That's the word "in"....

The call graph is independent from the data flow analysis. Whether there is an incoming edge to a callee in the callgraph has nothing to do with whether this method...