Project group: Bare Android Native ANAlysis (BANANA)

Lecturer: Prof. Dr. Heike Wehrheim
Supervisor: Felix Pauck


  • 08.04.2019:
    Kickoff meeting at 09:00 am in O3.267
  • 29.01.2019:
    Slides of the introductory meeting have been uploaded: here
  • 04.01.2019:
    Do not miss the introductory meeting:
    Monday, 28th January 2019 - 04:15 pm (room t.b.a.)


The most widely used mobile operating system, Android, operates on Smartphones, tablets, on-board computers in cars and various other smart devices. Any of these devices deal with or generate sensitive information such as contact data or locations of individuals. Thus, it has become more and more important to ensure that no sensitive data is leaked.

An instrument to do that is software analysis. For instance, taint analyses try to find such data leaks to assist app developers in avoiding attack surfaces for data thefts. Developing such an analysis can be challenging. Many research projects in progress focus on overcoming different challenges to increase the precision or scalability of analyses. One neglected challenge considers native library calls through the Java Native Interface (JNI).

The goal of this project group is to increase the precision of existing taint analysis tools targeting Android applications that use native libraries through the JNI. To do so, first, you will familiarize yourselves with existing state-of-the-art approaches targeting this or similar challenges. Second, you will design a concept to tackle the problem. Third, you will compose, develop and evaluate a prototype of your concept.


  • (required) Ability to read and understand Java/Android programs
  • (required) Knowledge about software design and efficient programming
  • (nice-to-have) Interest in reverse engineering and software analysis
  • (nice-to-have) Experience with software analysis frameworks and tools such as Soot and FlowDroid
  • (nice-to-have) Knowledge about the JNI

Course information

Recent Information

Kickoff meeting at 09:00 am in O3.267