Static Program Analysis for Reliable Trusted Apps

SPARTA is a research project funded by the DARPA Automated Program Analysis for Cybersecurity (APAC) program. SPARTA aims to detect certain types of malware in Android applications, or to verify that the app contains no such malware. SPARTA’s verification approach is type-checking: the developer states a security property, annotates the source code with type qualifiers that express that security property, then runs a pluggable type-checker to verify that the type qualifiers are right (and thus that the program satisfies the security property).

In addition to type-checking, SPARTA also provides tools to aide in manual identification of malware in source code. These tools include a tool to show what permissions are needed for each API call used and a tool to report the use of suspicious APIs.

Mailing lists

We welcome questions, suggestions, pull requests, reports about case studies, and other contributions.

Bug reports

To submit a bug report, use the mailing list or, preferably, the issue tracker:

Last updated: April 15, 2016