With the rapid development of the HarmonyOS ecosystem, security issues related to HarmonyOS applications have gradually become a key research focus. In the Android domain, various mature static analysis frameworks have been widely applied to security detection tasks. However, static analysis frameworks for HarmonyOS applications are still in the early stages of development. The OpenHarmony community is currently working on static analysis based on the source code of HarmonyOS applications using ArkTS. However, in practical security detection tasks, obtaining application source code is often difficult, which limits the applicability of this approach. To address this challenge, this study proposes a static analysis framework for HarmonyOS applications based on the Ark intermediate representation (Panda IR). This framework provides basic information interfaces for Panda IR, designs a field-sensitive pointer analysis algorithm tailored to ArkTS syntax features, and implements extended analysis interfaces that interact with pointer analysis. Specifically, 318 instructions in Panda IR are semantically categorized and processed, and a customized pointer flow graph design is further developed. To support ArkTS syntax features, new propagation rules for pointer sets are introduced, and the semantics of special calls are accurately modeled. In addition, based on the pointer analysis results, inter-procedural data dependencies are optimized, and alias analysis capabilities are provided.The experimental evaluation of HarmonyFlow covers three aspects: ArkTS syntax feature coverage, pointer analysis accuracy, and pointer analysis speed. Experimental results show that HarmonyFlow can correctly handle key ArkTS syntax features. The precision and recall rates for call-edge identification in 9 open-source HarmonyOS applications are 98.33% and 92.22%, respectively, with an average runtime of 96 s for 35 real-world HarmonyOS applications.