FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications. Unlike many other static-analysis approaches for Android, FlowDroid aims for an analysis with very high recall and precision. To achieve this goal, two main challenges were addressed: increasing precision by building an analysis that is context-, flow-, field- and object-sensitive, and increasing recall by creating a complete model of Android’s app lifecycle. The analysis is based on Soot and Heros, utilizing a precise callgraph for flow- and context-sensitivity, and IFDS-based flow functions for field- and object-sensitivity. An accurate and efficient alias search is crucial for context-sensitivity in conjunction with field-sensitivity.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A technology lookup and lead generation tool that identifies the technology stack of any website and provides features for market research, competitor analysis, and data enrichment.
A web application security testing platform that helps you test your knowledge on web application security through realistic scenarios with known vulnerabilities.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
SearchCode is an extensive code search engine that indexes 75 billion lines of code from millions of projects to help developers find coding examples and libraries.
APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.
QIRA is a competitor to strace and gdb with MIT license, supporting Ubuntu and Docker for wider compatibility.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
A tool for detecting capabilities in executable files, providing insights into a program's behavior and potential malicious activities.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.