How useful are existing monitoring languages for securing Android apps?

Eric | January 28, 2013

Android

… if you think that’s an interesting question then you might be interested in reading our latest publication. We have studied four existing languages for code instrumentation. The main selection criterion was that there was at least a somewhat stable implementation available. Also we ruled out tools such as TaintDroid which do not provide a language frontend.

Specifically, we investigated JavaMOP, Tracematches, DFlow Pointcuts and PQL. As we found out, all have their little problems, and no such language is ideally suited for the task.