I'm trying to detect the leakage of private information by inspecting the smali code of Android applications. My strategy so far is.. searching the code that substitutes a personal information (e.g. IMEI, phone number) into a variable, then trace that variable until the point where it's sent to the internet or where it's not used anymore.
Are there any nice tools for doing this?
I've tried
- apkinspector (http://code.google.com/p/apkinspector/)
- androguard (http://code.google.com/p/androguard/)
- androwarn (https://github.com/maaaaz/androwarn)
, but none of these are likely to be able to do what I want.