Tim Lange

> Would this result in 1 or 2 leaks? Would foo's argument be unconditionally tainted at the top of the function call, or would there just be a summary edge...

> I don't have any SINK definitions as I am not sure where the information is used. FlowDroid does one pass over all reachable methods and checks whether there is...

I've seen the same error log within a Kotlin app using the `contentDeepToString()` method. The example in the [docs](https://kotlinlang.org/api/latest/jvm/stdlib/kotlin.collections/content-deep-to-string.html) is sufficient to trigger the error, so this might be useful...

A Kotlin app contains the code of the standard library and at least for the reproducer, it uses internally the Java Standard Library. Thus, you shouldn't need extra summaries for...

I believe your source sink file doesn't match what you want to do. In your example, `$r8` is derived from the zero fact at `SecretKeySpec: void (...)`. There is no...

Of course, that should be possible.

> How would I go around doing that? I did not find any examples while looking at the SourcesAndSinks files included in the repo. That cannot be expressed via configuration...

If you lose taints over library calls, it might be due to the called class containing the method being phantom (aka Soot found references to the class but couldn't find...

FlowDroid only looks for sources in the reachable methods. Either the method isn't reachable or Soot incorrectly thinks the method is unreachable. As a first try, you could use CHA...

> Hello, I encountered the same problem. Did you manage to solve it later? I have fixed a problem with button callbacks some time ago that only occurred when the...