Android

Context

Android applications often process sensitive data such as location, contacts, and authentication tokens. Ensuring that this information is not leaked or misused is a central challenge in mobile app security.

Taint analysis is a static or dynamic program analysis technique that tracks the flow of sensitive data (“tainted sources”) through a program to determine whether it reaches untrusted components (“sinks”). Several tools exist to perform taint analysis on Android applications, including FlowDroid, Mariana Trench, and Joern. Each has different capabilities, rule definitions, and performance characteristics.