Using DidFail to Analyze Flow of Sensitive Information in Sets of Android Apps

June 2015 • Presentation

William Klieber, Lori Flynn, Amar S. Bhosale (Carnegie Mellon Heinz School), Limin Jia (Carnegie Mellon University, Department of Electrical and Computer Engineering), Lujo Bauer (Carnegie Mellon University, Department of Electrical and Computer Engineering)

In this presentation, the authors describe how to use DidFail, a tool that detects potential leaks of sensitive information in Android apps.

Publisher:

CERT

Subjects

Secure DevelopmentSecure Development
Secure CodingSecure Coding

Abstract

In this presentation, the authors give an updated overview of the DidFail analyzer, plus describe how to install and run it, and provide detail about information in key output files. DidFail is a tool that detects potential leaks of sensitive information in sets of Android apps.