The Soot-Based Toolchain for Analyzing Android Apps

Due to the quality and security requirements that come with an always-on mobile device processing large amounts of highly sensitive information, Android apps are an important target for automated program analysis. Yet, research on new approaches in this field often requires a significant amount of work to be spent on engineering tasks that are not central to the concrete research question at hand. These programming and debugging tasks can significantly delay the progress of the field. We therefore argue that research in the field greatly benefits from having a universal platform of readily usable components and well-tested fundamental algorithms on top of which researchers can build their own prototypes. Besides decreasing the required engineering effort for each new piece of research, such a platform also provides a base for comparing different approaches within one uniform framework, thereby fostering comparability and reproducibility. In this paper, we present the Soot framework for program analysis and various highly integrated open-source tools and components built on top of it that were designed with re-usability in mind. These artifacts are already at the core of many research and commercial projects worldwide. Due to the shared platform, results from one tool can not only be used as inputs for the others, but individual data objects can be passed around to form one large API with which one can build new research prototypes with ease.