View on GitHub


Native Over-Approximation Handler

Download this project as a .zip file Download this project as a tar.gz file

java 17



The Native Over-Approximation Handler (NOAH) is a very simple Android app taint analysis tool that considers native method calls. It is simple, because (I) it does not analyze any flows, (II) it only assumes connections once a native call is encountered. Thus any taint-source is connected to any taint-sink in native code and vice versa.


The goal of the following query, for example, is to find any flows that start or end in the native library part of app A.

	Flows IN App(’A.apk’ | 'UNCOVER') ?,
	Flows IN App(’A.apk’ | 'UNCOVER') FEATURING 'NATIVE' ?

The preprocessor keyword ‘UNCOVER’ tells the associated AQL-System to execute NOAH as preprocessor for app A. The first question for flows in answered by an arbitrary analysis tool configured in the associated AQL-System. The second one by NOAH, assuming that it has the highest priority for flow-questions which have the 'NATIVE' feature assigned. A complete and fully described example can be found in the referenced paper (see Publications).

Launch Parameters

The first launch parameter must always the be app to analyze/preprocess. Furthermore two additional launch parameters can be specified:

Parameter Meaning
-sas %FILE%, -sourcesandsinks %FILE% Provide a different source and sink file (%FILE%).
-debug "X", -d "X" The output generated during the execution of this tool can be set to different levels. X may be set to: error, warning, normal, debug, detailed (ascending precision from left to right). Additionally it can be set to short, the output will then be equal to normal but shorter at some points. By default it is set to normal.



NOAH is licensed under the GNU General Public License v3 (see LICENSE).


Felix Pauck (FoelliX)
Paderborn University