You can download the tool from GitHub and the code also from GitHub.


AndroidArrow is a standalone spinoff, you can checkout AndroidArrow from the GitHub repository.



KREfinder finds incorrect or inconsistent handling of KR data. The analysis works on off-the-shelf Android apps (APKs) without requiring access to the app’s source code. It combines data- and control-flow analyses to automatically find potential KR errors in Android apps. Following are the steps to use the tool of KREfinder:

  1. Download the zip file of the tool from here. Extract the zip file and then get a directory named flowdroid
  2. Enter the directory of flowdroid Type command
    ./KREfinder apk-dir sdk-dir log.
    apk-dir is the directory containing all of your api files. sdk-dir is the directory of Android platform SDK. log is the log file name.
  3. Open the log file. Search “Bug Report” then you can see the bug report for each apk file. In the report, there are four types of errors for each apk: KR1,KR2,KR3 and KR4, which correspond to the error types in the paper. For each type of errors, the report lists related fields that may lose value after restart.
  4. Develop the UI-Callback mapping


In this tutorial we will show you how to achieve directed transitioning towards a particular point of interest inside the app. The approach works in the following way..

  • Identifying the target method to invoke
  • Creating method transition list
  • Identifying GUI related callbacks
  • Develop the UI-Callback mapping

In the following figure we are showing the overview of our approach

Overview KREReproducer

How to run KreReproducer?

  1. Checkout AndroidArrow (Standalone spinoff) here
  2. The used version of Redexer can be found here
  3. The version of Gator used in this project can be found on,
  4. Checkout Redexer from here . Skip if you are using the original version.
  5. Downlaod Gator from here . Skip if you are using the original version.
  6. Set your environmental variables [GATOR_PATH, REDEXER_PATH, adk_path] to reflect Gator, Redexer, and Android SDK home directory paths.
  7. Execute as follwoing
    ./ apkname.apk targetClassName targetMethodName
  8. The output will be saved in the same directory with the name apkname_arrow.xml

A sample output is shown below for the App Audalyzer. This shows the sequence of events in XML format to trigger a particular target method boolean onOptionsItemSelected(android.view.MenuItem) from org.hermit.audalyzer.Audalyzer class:

Sample Output

Here the Activity node shows the activity which is responsible for triggering the target.The View node represents the id and resource name of the GUI control along with the type. The EventAndHandler node under its parent view bears the information of the particular event that was actually triggered by invoking associated handler to maintain the input sequence.