PATDroid Collection of Tools And Data Structures For Analyzing Android Applications

PATDroid Collection of Tools And Data Structures For Analyzing Android Applications 

PATDroid is a collection of tools and data structures for analyzing Android applications and the system itself. We intend to build it as a common base for developing novel mobile software debugging, refactoring, reliability/security tools. 

We also collect various resources, links, related papers and tips for various innovative Android program analysis tasks.

Packages

Here is a one-sentence description for each package. Find the detailed usage tutorials on our wiki by clicking on the package name. PATDroid requires Java6. It goes well with Oracle/OpenJDK 1.6, 1.7, Dalvik (Yes, you can run it on a smartphone). We provide gradle, Intellij IDEA and Eclipse support for the project.

• patdroid.core: provide abstractions for method, class, field, and primitive Java type values
• patdroid.permission: specify what Android permissions are needed by every Android APIs
• patdroid.fs: an emulated Android file system
• patdroid.dalvik: Android Dalvik JVM instructions and representations
• patdroid.smali: using SMALI to extract classes, methods, fields and instructions from an APK

According to our blueprint, we plan to release the following components one by one in the near future:

• patdroid.dex2jar: using dex2jar to extract classes, methods, fields and instructions from an APK
• patdroid.manifest: the model for AndroidManifest.xml and Android components such as activity, service, broadcast receivers
• patdroid.sdk: modeling different Android API levels
• patdroid.taint: sources, sinks and taint propagation support for taint analysis
• patdroid.lifecycle: modelling the life cycles for important Android components
• patdroid.layout: understanding layout.xml
• patdroid.soot: my tribute to Sable's Soot. I learned a lot from attending Sable's seminars held at McGill McConnell 2rd floor

Using PATDroid

PATDroid uses Apache License 2.0. Additionally, if you intend to use it in academic work, please cite our paper:

@inproceedings{appaudit,
 author = {Mingyuan Xia and Lu Gong and Yuanhao Lyu and Zhengwei Qi and Xue Liu},
 title = {Effective Real-time Android Application Auditing},
 booktitle = {Proceedings of the 2015 IEEE Symposium on Security and Privacy},
 series = {SP '15},
 year = {2015},
 publisher = {IEEE Computer Society},
} 

History and Philosophy

PATDroid was part of AppAudit, which is a security tool that checks if an Android app leaks personal data. You can find out more details from our S&P'15 paper. We make part of AppAudit public to be useful to researchers and developers. Overall, we try to make the entire project

1. concise (with fewer abstractions as possible such that users wont feel like searching a needle in the ocean)
2. properly documented (javadoc, and wiki tutorial)
3. loosely coupled (packages trying to be self-contained)
4. efficient (graduate students need life with bf/gf not with computers)
5. look like good code

Download