Epicc: Installation and usage

Please use IC3, our latest tool for ICC analysis. It is more accurate and it makes it easier to process analysis results. It is available at http://siis.cse.psu.edu/ic3/index.html.

Before you can use Epicc, you should make sure that you have a Java Runtime Environment installed. To install Epicc, download and extract the installation archive. It contains the Epicc Jar archive and another archive containing Android libraries.

Android applications need to be retargeted to Java bytecode before analysis. You can use Dare in order to do so.

Epicc can be launched using:

% java [JVM options] -jar <path to Epicc Jar> -apk <path to application .apk> \
-android-directory <path to retargeted application> \
-cp <path to Android Jar> [-icc-study <output directory>]

Epicc outputs the list of values it finds for Intents and Intent Filters. You may have to specify a larger heap size for medium to large applications. In order to do so, you need to replace [JVM options] with -Xmx4g (for a 4GB heap). The -icc-study option causes Epicc to output a file with a list of potential inter-component communication vulnerabilities as described in our paper (first studied using ComDroid by Chin et al.).