AppAudit is an efficient program analysis tool that detects data leaks in mobile applications. It can accurately find all leaks within seconds and ~200 MB memory. We have an Android port that shows AppAudit is efficient enoguh to run as an Android app on off-the-shelf smartphones.

• If you are interested in the tool itself and is looking for the building blocks of AppAudit, please visit PATDroid. We have open-sourced common Android program analysis code there.
• If you want to use AppAudit to scan apps, visit http://appaudit.io
• If you are looking for the paper or the bibtex. Please click here

@inproceedings{appaudit,
 author = {Mingyuan Xia and Lu Gong and Yuanhao Lyu and Zhengwei Qi and Xue Liu},
 title = {Effective Real-time Android Application Auditing},
 booktitle = {Proceedings of the 2015 IEEE Symposium on Security and Privacy},
 series = {SP '15},
 year = {2015},
 publisher = {IEEE Computer Society},
}

• If you are looking for SDK, check out this python snippet

import requests, pprint, time, sys

if len(sys.argv) < 2:
	print 'Usage: python appauditio.py APK_FILE'
	sys.exit(1)

api_server='http://api.appaudit.io:5902/api/'
# stage 1: upload the file to the server
files={'file':open(sys.argv[1], 'rb')}
r = requests.post(api_server + 'upload/', files=files)
if r.status_code != 200:
	print('upload failed, try again')
	sys.exit(1)
# 'upload' endpoint returns the partial sha1 of the file
# stage 2: check the scan results
psha1 = r.content
while True:
	report=requests.get(api_server + 'report/find/'+psha1).json()
	if 'scanned' in report['status_msg']: break
	time.sleep(1)

You can find this script in the repo as well. Note that currently we set no rate limit for upload requests. However our server has a limited bandwidth, please email me if you want to scan large datasets.

• If you are interested in the current and future development, send me an Email :=)