-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
False Positives in ICC Links #53
Comments
Please give me the apk to check. |
Following are links of two apks https://drive.google.com/file/d/1Os3iEG8sc9paHaOxxqIZgoCzb-no6XeQ/view?usp=drive_web https://play.google.com/store/apps/details?id=com.ecajmer.combat&hl=en_IN In both of these, we are getting false positives. |
I see the problem, For NumberAvtivity, it accidentally assigned the PaymentGateway$2 as the onClickListener which invokes an ICC. I will debug and see why. |
Thanks for reply. |
Hi,
I am using Amandroid Jar i.e. argus*.jar for finding ICC Links of our own constructed apps.
For many cases, it gives false positives.
For. e.g. in attached apk, there are 2 ICC calls from NumberActivity. One is to OTP and other is to Knumber. But the result of Amandroid says that it has 4 targets (attached the result file). And similar for other activities also....The code of NumberAvtivity is attached which shows that it has only 2 Intent Calls.
Please confirm the reason of this. Does it calculates some indirect ICC calls.
I am running Amandroid as:-
java -jar /home/jyoti/argus.jar t -o . /home/jyoti/app-debug.apk
AppData-Electricity-Bill.txt
NumberActivity.txt
Please check how can we avoid these false links.
Thanks
The text was updated successfully, but these errors were encountered: