{"id":53386,"date":"2014-09-21T11:59:04","date_gmt":"2014-09-21T11:59:04","guid":{"rendered":"https:\/\/www.checkmarx.com\/?post_type=glossary&#038;p=9234"},"modified":"2024-05-28T09:55:08","modified_gmt":"2024-05-28T09:55:08","slug":"droid-intent-data-flow-analysis-for-information-leakage-didfail","status":"publish","type":"glossary","link":"https:\/\/checkmarx.com\/glossary\/droid-intent-data-flow-analysis-for-information-leakage-didfail\/","title":{"rendered":"Droid Intent Data Flow Analysis for Information Leakage (DidFail)"},"content":{"rendered":"<p>Droid Intent Data Flow Analysis for Information Leakage (DidFail) is an analysis method that is designed to identify and expose potential data leaks within Android applications. This methodology eventually helps developers learn about secure coding practices, eventually helping them to produce robust mobile applications that are tougher to crack. More and more leading organizations worldwide are introducing DidFail into their environments to enhance mobile application security.<br>\n<!--more--><br>\nDidFail utilizes the functions of two separate processes:<\/p>\n<ul>\n<li><b>FlowDroid<\/b>: detects intra-component data flows.<\/li>\n<li><b>Epicc<\/b>: detects action strings and other properties of intents.<\/li>\n<\/ul>\n<p>The combination of these two processes allows developers to track both intra-component and inter-component information flow within the specified Android applications.<\/p>\n<p><b>The DidFail analysis process<\/b><\/p>\n<p>The DidFail analysis process can be broken down into two stages.<\/p>\n<ul>\n<li>Data flows from each individual application are identified and the conditions which enable these data flows are determined.<\/li>\n<li>The results are then enumerated in order to pinpoint malicious code, coding errors and vulnerabilities within the applications.<\/li>\n<\/ul>\n<p>DidFail is available for download in either <a href=\"https:\/\/www.cs.cmu.edu\/~wklieber\/didfail\/\">source code or binary<\/a>. For more information about the analysis process, please see the <a href=\"https:\/\/www.sable.mcgill.ca\/soap\/\">SOAP 2014 workshop<\/a>, <a href=\"https:\/\/www.cs.cmu.edu\/~wklieber\/papers\/soap2014-didfail.pdf\">Android Taint Flow Analysis for App Sets<\/a>, and the <a href=\"https:\/\/resources.sei.cmu.edu\/library\/asset-view.cfm?assetID=91106\">Precise Static Analysis of Taint Flow for Android Application Sets<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Droid Intent Data Flow Analysis for Information Leakage (DidFail) is an analysis method that is designed to identify and expose potential data leaks within Android applications. This methodology eventually helps developers learn about secure coding practices, eventually helping them to produce robust mobile applications that are tougher to crack. More and more leading organizations worldwide [&hellip;]<\/p>\n","protected":false},"author":11,"featured_media":0,"template":"","glossary-tags":[],"class_list":["post-53386","glossary","type-glossary","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Droid Intent Data Flow Analysis for Information Leakage (DidFail) - Checkmarx<\/title>\n<meta name=\"description\" content=\"Droid Intent Data Flow Analysis for Information Leakage (DidFail) - The DidFail analysis process\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/glossary\/droid-intent-data-flow-analysis-for-information-leakage-didfail\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Droid Intent Data Flow Analysis for Information Leakage (DidFail) - Checkmarx\" \/>\n<meta property=\"og:description\" content=\"Droid Intent Data Flow Analysis for Information Leakage (DidFail) - The DidFail analysis process\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/glossary\/droid-intent-data-flow-analysis-for-information-leakage-didfail\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-28T09:55:08+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/glossary\/droid-intent-data-flow-analysis-for-information-leakage-didfail\/\",\"url\":\"https:\/\/checkmarx.com\/glossary\/droid-intent-data-flow-analysis-for-information-leakage-didfail\/\",\"name\":\"Droid Intent Data Flow Analysis for Information Leakage (DidFail) - Checkmarx\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"datePublished\":\"2014-09-21T11:59:04+00:00\",\"dateModified\":\"2024-05-28T09:55:08+00:00\",\"description\":\"Droid Intent Data Flow Analysis for Information Leakage (DidFail) - The DidFail analysis process\",\"breadcrumb\":{\"@id\":\"https:\/\/checkmarx.com\/glossary\/droid-intent-data-flow-analysis-for-information-leakage-didfail\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/glossary\/droid-intent-data-flow-analysis-for-information-leakage-didfail\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/checkmarx.com\/glossary\/droid-intent-data-flow-analysis-for-information-leakage-didfail\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Glossary\",\"item\":\"https:\/\/checkmarx.com\/glossary\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Droid Intent Data Flow Analysis for Information Leakage (DidFail)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Droid Intent Data Flow Analysis for Information Leakage (DidFail) - Checkmarx","description":"Droid Intent Data Flow Analysis for Information Leakage (DidFail) - The DidFail analysis process","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/glossary\/droid-intent-data-flow-analysis-for-information-leakage-didfail\/","og_locale":"en_US","og_type":"article","og_title":"Droid Intent Data Flow Analysis for Information Leakage (DidFail) - Checkmarx","og_description":"Droid Intent Data Flow Analysis for Information Leakage (DidFail) - The DidFail analysis process","og_url":"https:\/\/checkmarx.com\/glossary\/droid-intent-data-flow-analysis-for-information-leakage-didfail\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_modified_time":"2024-05-28T09:55:08+00:00","twitter_card":"summary_large_image","twitter_site":"@checkmarx","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/glossary\/droid-intent-data-flow-analysis-for-information-leakage-didfail\/","url":"https:\/\/checkmarx.com\/glossary\/droid-intent-data-flow-analysis-for-information-leakage-didfail\/","name":"Droid Intent Data Flow Analysis for Information Leakage (DidFail) - Checkmarx","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"datePublished":"2014-09-21T11:59:04+00:00","dateModified":"2024-05-28T09:55:08+00:00","description":"Droid Intent Data Flow Analysis for Information Leakage (DidFail) - The DidFail analysis process","breadcrumb":{"@id":"https:\/\/checkmarx.com\/glossary\/droid-intent-data-flow-analysis-for-information-leakage-didfail\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/glossary\/droid-intent-data-flow-analysis-for-information-leakage-didfail\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/checkmarx.com\/glossary\/droid-intent-data-flow-analysis-for-information-leakage-didfail\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Glossary","item":"https:\/\/checkmarx.com\/glossary\/"},{"@type":"ListItem","position":2,"name":"Droid Intent Data Flow Analysis for Information Leakage (DidFail)"}]},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary\/53386","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/glossary"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/11"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary\/53386\/revisions"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=53386"}],"wp:term":[{"taxonomy":"glossary-tags","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary-tags?post=53386"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}