SCanDroid is a platform for building static analyses on Dalvik bytecode,
with a particular focus on tracking dataflow.
Android’s application model is designed to
encourage applications to share their code and data with
other applications. While such sharing can be tightly controlled with permissions, in general users cannot determine
what applications will do with their data, and thereby cannot decide what permissions such applications should run
with. SCanDroid facilitates reasoning about the security of Android apps.
SCanDroid’s analysis is modular to allow incremental checking of applications as they are installed on
an Android device. It extracts security speciﬁcations from
manifests that accompany such applications, and checks
whether data ﬂows through those applications are consistent with those speciﬁcations.