On Tue, Jun 5, 2012 at 10:44 PM, Kristopher Micinski <krismicinski@gmail.com> wrote:
Of potential interest along this same line is Stowaway,
http://android-permissions.org/
It's analysis, while necessarily static, seems to work quite well, for
the perhaps uninteresting cases..
And of course, as Chris points out, you can imagine situations where
the user constructs intents using strings input by the user, but in
practice, you're almost never going to see a string for an intent
object that can't be reconstructed by using some global constant
propagation. The exception to this case is when you have some strange
RPC sharing pattern, but I've never seen that. In these cases any
analysis will simply fail, and usually error on the side of caution,
telling you you do in fact need the permission..
kris
On Wed, Jun 6, 2012 at 1:40 AM, Kristopher Micinski
<krismicinski@gmail.com> wrote:
> On Wed, Jun 6, 2012 at 1:17 AM, Chris Stratton <cs07024@gmail.com> wrote:
>> On Jun 5, 7:29 pm, Kristopher Micinski <krismicin...@gmail.com> wrote:
>>> >> Is there any way to retrieve the Intents used by intalled apps on the
>>> >> phone? For example, how do I know that one app could send an Intent to
>>> >> invoke Camera app or Email app or Text Message app?
>>
>>> But you could track this in the system, of course, which is what I
>>> assume the OP wanted to do..
>>
>> Well, you can't really detect the potential (how do I know that one
>> app "could") due to the potential crossovers between inputs, data, and
>> code represented by things like intent objects and reflection.
>>
>
> I spend a fair amount of time in research on static analysis of
> permissions in Android apps doing exactly this, ;-)...
>
> A number of other systems try to do the same..
> http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.148.2511
>
>> You can however detect the actual attempt as it occurs, to a degree by
>> watching the logs, and more substantially by modifying the platform to
>> in effect breakpoint Intent sending.
>>
>
> Right, I think that's what I said, isn't it? I don't think I
> mentioned potential, just dynamically, which is, as I said, what I
> interpreted the OP to mean...
>
> kris
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
Dianne Hackborn
Android framework engineer
hackbod@android.com
Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them.
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
No comments:
Post a Comment