#import "../lib.typ": todo, AOSP == Perspectives for Future Work #todo[ Intro In this section, we will discuss avenues of work raised by this thesis ? The work presented in this thesis revealed avenues to improve ??. The following section will present those new avenues. ] The main issue that appeared in all our work is an engineering one. The error we analysed in @sec:rasta showed that even something that should be basic, reading the content of an application, can be challenging. @sec:cl also showed that reproducing the exact behaviour of Android is more difficult than it seems. As long as those issues are not solved, we cannot build robust analysis tools. One avenue we believe should be investigated would be to reuse the code actually used by Android. This is possible thanks to #AOSP being open-source, and is already partially done by some Android build tools. However, this is not an easy solution. Dynamic analysis relying on patched versions of the #AOSP showed that it is difficult to maintain over time software relying on the Android source. Doing this would require limiting the modifications to the actual source code of Android to lower the changes needed at each update of Android. Another obstacle to overcome is to decouple the compilation of the tool from the rest of #AOSP: it is a massive dependence that needs a lot of resources to build. Having such a dependency would be a barrier to entry, preventing others from modifying or improving the tool. #todo[ Ideas: - Standard Lib to interact with dalvik (dev by google?), with *STABLE* API and *ROBUST*: Today there is Apktool, Soot and Androguard Apktool don't have a documented API, and by default do a lot of things that might work or not Soot defaults are baaaadddd, maybe the new version? Androguard is not bad, but not write capabilities (yet, it's a wip, maybe one day?) Robust default, close to Android: the java zip parser is often targeted, there is something to be done here ] #todo[web-base? flutter? wasm?] // Futur work: mon unique pov pour le futur: what need to be done #todo[ jfl: des pistes pour custom class loader jm: oui mais deja données dans ch 4 et c'est quand meme assez spécifique est pas trop le point general de la these ]