StubDroid – Library Summaries for Android

StubDroid is a tool for automatically generating summarized models of the Android framework and other Java-based libraries for the use in information flow analyses. Instead of analyzing the library anew with every new target program or having to model library behavior by hand, the StubDroid summaries only need to be created once and can be applied to an arbitrary number of analyses.

Summaries are concise and abstract away from the concrete implementation of the library. This allows client analyses to focus on the actual target of the analysis without having to analyze the same (usually huge) library code over and over again.

StubDroid is fully automated. This relieves the analysis designer from having to manually investigate library behavior in the code or documentation like with most existing approaches. No human intervention is required for computing the summaries.

For dynamic taint analyses, tools such as StubDroid are even required since the library code usually cannot be instrumented or replaced. Therefore, its behavior must be modeled precisely on the client side. StubDroid provides such summaries.

StubDroid and the summaries generated for the Oracle JDK and the Android framework are available on Github as an open source project based on Soot and FlowDroid: https://github.com/secure-software-engineering/soot-infoflow-summaries