TaintThings is a static analysis tool that can detect potential tainted dataflows in SmartThings apps. The approach uses a related TXL paradigm called cascaded markup. The algorithm starts with marking sink statements, analyzing them recursively, finding and marking statements which directly influence them and then those that influence those statements, and so on until a fixed point is reached. This fixed point occurs when a potential tainted source is identified or when no more propagation can be done. The process is done directly on the source code which increases the speed required for the process.

We can also improve the precision of the tool to avoid false positives by providing sensitive analyses. We propose using SSA form to make the analysis flow sensitive. This approach avoids false positives that happen due to conflation of variables in the case of reassigning their values. We provide a framework for path generation to make the analysis path sensitive and for it to consider the branching in code execution and explored ways of optimizing the process to make it more applicable. We also explored function cloning as way to make the analysis context sensitive and to avoid the conflation of method calls.