FlowDroid is our taint analysis tool to automatically scan Android applications for privacy-sensitive data leaks. While we have already shown FlowDroid to be highly precise and effective for explicit data flows through assignments and method calls, the tool now also supports the detection of leaks through control-flow dependencies. This protects against malware trying to disguise data flows through conditionals. If an app for instance does not directly send out the number 123, but sends 123-times the word “hello”, the attacker gains the same information as if the app had directly sent the value directly. The new version of FlowDroid derives that the “hello” message depends on the secret numeric value and therefore treats it as a leak as well though the data being sent does not directly contain any sensitive characters. To use this support for implicit flow, check out the develop branch on GitHub.
The feature can be activated using the “–implicit” option in the command-line tool or by programatically calling “Infoflow.setEnableImplicitFlows(true)”.