Steven Arzt

If you don't enable the option to merge the dex files, only the first DEX file ``classes.dex`` is analyzed. All other code, e.g., ``classes2.dex`` is ignored. If there is less...

Please provide the APK file.

I can confirm that the callgraph analysis does not termine in a reasonable timeframe, even if you give it a lot of memory. I tried with 128 GB. The problem...

``getIntent`` is a special case, because we handle inter-component communication explicitly through call graph edges between methods such as ``startActivity`` and the lifecycle of the receiver activity. The ``getIntent`` method...

Have you tried the ``SummaryTaintWrapper`` rather than the ``EasyTaintWrapper``? With the summaries from the ``summariesManual`` folder, the example should work.

The ``FastCallbackAnalyzer`` is indeed a hack. Our default callback handler iteratively creates a model for reachable callbacks. It starts with the lifecycle methods of the Android components, looks for registered...

That should be fairly easy. You need to declare the ``logger.error`` method (and all the other logger methods, same thing for ``info`` etc.) as sinks, and all untrusted inputs as...

FlowDroid uses slf4j as an abstraction layer. You can have any logging backend. By default, we do not bundle log4j.

This is a semantic change and will break our build chain which relies on the old behavior. It's fine to check both paths (with and without the appended subdirectory), but...

Can you elaborate what the problem is? The OutFlowActivity class sends an intent with the action "edu.mit.icc_action_string_operations.ACTION". There is a filter for exactly this string in the manifest for the...