HTDroid is a protype system for detecting privacy leaks in Android hybrid apps based on dynamic taint tracking. More details about HTDroid can be found in the technical report.
##HTDroid System Architecture
HTDroid System is implemented based on TaintDroid
and realizes the dynamic taint tracking function in WebKit Engine
and JavaScript Engine
.
Code Project Name | Comments |
---|---|
libnativehelper | Modified the JNI header file |
dalvik VM | Add GetStringTaint Function |
WebKit Engine | Tracking String Taint Tag |
JavaScript Engine | Store String Taint Tag and Tracking taint propagation |
##How To Build!
- Build TaintDroid 4.3_r1 following the instruction here.
##HTDroid Limitations
- Currently HTDroid System only supports tracking the String data following from Dalvik VM to WebKit Engine and JavaScript Engine.