DidFail (Droid Intent Data Flow Analysis for Information Leakage) uses static analysis to detect potential leaks of sensitive information within a set of Android apps. DidFail combines and augments FlowDroid (which identifies intra-component information flows) and Epicc (which identifies properties of intents such as its action string) to track both inter-component and intra-component data flow in a set of Android applications. DidFail's two-phase analysis allows for fast user-response time by using precomputed phase-1 analysis results.

The two phases of DidFail are

  1. Given a set of applications, we first determine the data flows enabled individually by each application, and the conditions under which these are possible.
  2. We then build on these results to enumerate the potentially dangerous data flows enabled by the set of applications as a whole.

The most recent enhancements made to DidFail are described in the technical report, Making DidFail Succeed: Enhancing the CERT Static Taint Analyzer for Android App Sets. Our most recent blog post about DidFail, An Enhanced Tool for Securing Android Apps, explains how an enterprise system could incorporate DidFail into its IT systems, and describes the DidFail improvements we are currently working on. Our initial paper, Android Taint Flow Analysis for App Sets (from the SOAP 2014 workshop), describes our analysis method, implementation, and experimental results. The initial analyzer is described in extended detail in Amar Bhosale's Master's thesis, Precise Static Analysis of Taint Flow for Android Application Sets

DidFail is freely available. Read the instructions for downloading and building all versions from the source code. The instructions also include a pointer to an older, binary version of DidFail.