React Native is a widely-used open-source framework that facilitates the development of cross-platform mobile apps. The framework enables JavaScript code to interact with native-side code, such as Objective-C/Swift for iOS and Java/Kotlin for Android, via a communication mechanism provided by React Native. However, previous research and tools have overlooked this mechanism, resulting in incomplete analysis of React Native app code. To address this limitation, we have developed REUNIFY, a prototype tool that integrates the JavaScript and native-side code of React Native apps into an intermediate language that can be processed by the Soot static analysis framework. By doing so, REUNIFY enables the generation of a comprehensive model of the app's behavior. Our evaluation indicates that, by leveraging REUNIFY, the Soot-based framework can improve its coverage of static analysis for the 1,007 most popular React Native Android apps, augmenting the number of lines of Jimple code by 70%. Additionally, we observed an average increase of 84% in new nodes reached in the callgraph for these apps, after integrating REUNIFY. When REUNIFY is used for taint flow analysis, an average of two additional privacy leaks were identified. Overall, our results demonstrate that REUNIFY significantly enhances the Soot-based framework's capability to analyze React Native Android apps.

翻译：React Native是一个广泛使用的开源框架，便于开发跨平台移动应用。该框架通过React Native提供的通信机制，使JavaScript代码能够与原生侧代码（如iOS的Objective-C/Swift和Android的Java/Kotlin）进行交互。然而，先前的研究和工具忽略了这一机制，导致对React Native应用代码的分析不完整。为解决此局限，我们开发了原型工具REUNIFY，它将React Native应用的JavaScript与原生侧代码整合为一种可由Soot静态分析框架处理的中间语言。通过这种方式，REUNIFY能够生成应用行为的全面模型。评估表明，借助REUNIFY，基于Soot的框架在对1007个最流行的React Native安卓应用进行静态分析时，覆盖率得到提升，Jimple代码行数增加了70%。此外，在整合REUNIFY后，我们观察到这些应用的调用图中新节点平均增加了84%。当REUNIFY用于污点流分析时，平均额外识别出两个隐私泄露。总体而言，我们的结果表明，REUNIFY显著增强了基于Soot的框架分析React Native安卓应用的能力。