SCanDroid is a platform for building static analyses on Dalvik bytecode, with a particular focus on tracking dataflow. Android’s application model is designed to encourage applications to share their code and data with other applications. While such sharing can be tightly controlled with permissions, in general users cannot determine what applications will do with their data, and thereby cannot decide what permissions such applications should run with. SCanDroid facilitates reasoning about the security of Android apps. SCanDroid’s analysis is modular to allow incremental checking of applications as they are installed on an Android device. It extracts security specifications from manifests that accompany such applications, and checks whether data flows through those applications are consistent with those specifications.


Current Former
Jeff Foster (University of Maryland)
Iulian Neamtiu (University of California, Riverside)
Steve Suh (University of California, Riverside)
Avik Chaudhuri (University of Maryland)
Adam Fuchs (University of Maryland)
Aaron Tomb (Galois, Inc)
Rogan Creswick (Galois, Inc)
Adam Foltzer (Galois, Inc)