[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.5555/2818754.2818768acmconferencesArticle/Chapter ViewAbstractPublication PagesicseConference Proceedingsconference-collections
research-article

Static control-flow analysis of user-driven callbacks in Android applications

Published: 16 May 2015 Publication History

Abstract

Android software presents many challenges for static program analysis. In this work we focus on the fundamental problem of static control-flow analysis. Traditional analyses cannot be directly applied to Android because the applications are framework-based and event-driven. We consider user-event-driven components and the related sequences of callbacks from the Android framework to the application code, both for lifecycle callbacks and for event handler callbacks.
We propose a program representation that captures such callback sequences. This representation is built using context-sensitive static analysis of callback methods. The analysis performs graph reachability by traversing context-compatible interprocedural control-flow paths and identifying statements that may trigger callbacks, as well as paths that avoid such statements. We also develop a client analysis that builds a static model of the application's GUI. Experimental evaluation shows that this context-sensitive approach leads to substantial precision improvements, while having practical cost.

References

[1]
Gartner, Inc., "Worldwide traditional PC, tablet, ultramobile and mobile phone shipments," Mar. 2014, www.gartner.com/newsroom/id/2692318.
[2]
M. Sharir and A. Pnueli, "Two approaches to interprocedural data flow analysis," in Program Flow Analysis: Theory and Applications, S. Muchnick and N. Jones, Eds. Prentice Hall, 1981, pp. 189--234.
[3]
T. Reps, S. Horwitz, and M. Sagiv, "Precise interprocedural dataflow analysis via graph reachability," in POPL, 1995, pp. 49--61.
[4]
A. P. Fuchs, A. Chaudhuri, and J. S. Foster, "SCanDroid: Automated security certification of Android applications," University of Maryland, College Park, Tech. Rep. CS-TR-4991, 2009.
[5]
E. Chin, A. P. Felt, K. Greenwood, and D. Wagner, "Analyzing inter-application communication in Android," in MobiSys, 2011, pp. 239--252.
[6]
M. Grace, Y. Zhou, Z. Wang, and X. Jiang, "Systematic detection of capability leaks in stock Android smartphones," in NDSS, 2012.
[7]
C. Zheng, S. Zhu, S. Dai, G. Gu, X. Gong, X. Han, and W. Zou, "Smart-Droid: An automatic system for revealing UI-based trigger conditions in Android applications," in SPSM, 2012, pp. 93--104.
[8]
D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein, and Y. le Traon, "Effective inter-component communication mapping in Android with Epicc," in USENIX Security, 2013.
[9]
S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel, "FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps," in PLDI, 2014, pp. 259--269.
[10]
A. Pathak, A. Jindal, Y. C. Hu, and S. P. Midkiff, "What is keeping my phone awake?" in MobiSys, 2012, pp. 267--280.
[11]
"Stopping and restarting an activity," developer.android.com/training/basics/activity-lifecycle/stopping.html.
[12]
P. Dubroy, "Memory management for Android applications," in Google I/O Developers Conference, 2011.
[13]
L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang, "CHEX: Statically vetting Android apps for component hijacking vulnerabilities," in CCS, 2012, pp. 229--240.
[14]
J. Huang, X. Zhang, L. Tan, P. Wang, and B. Liang, "AsDroid: Detecting stealthy behaviors in Android applications by user interface and program behavior contradiction," in ICSE, 2014, pp. 1036--1046.
[15]
Y. Feng, S. Anand, I. Dillig, and A. Aiken, "Apposcopy: Semantics-based detection of Android malware through static analysis," in FSE, 2014, pp. 576--587.
[16]
S. Zhang, H. Lü, and M. D. Ernst, "Finding errors in multithreaded GUI applications," in ISSTA, 2012, pp. 243--253.
[17]
E. Payet and F. Spoto, "Static analysis of Android programs," IST, vol. 54, no. 11, pp. 1192--1201, 2012.
[18]
T. Takala, M. Katara, and J. Harty, "Experiences of system-level model-based GUI testing of an Android application," in ICST, 2011, pp. 377--386.
[19]
C. S. Jensen, M. R. Prasad, and A. Møller, "Automated testing with targeted event sequence generation," in ISSTA, 2013, pp. 67--77.
[20]
D. Yan, S. Yang, and A. Rountev, "Systematic testing for resource leaks in Android applications," in ISSRE, 2013, pp. 411--420.
[21]
S. Yang, D. Yan, and A. Rountev, "Testing for poor responsiveness in Android applications," in MOBS, 2013, pp. 1--6.
[22]
D. Amalfitano, A. R. Fasolino, P. Tramontana, S. De Carmine, and A. M. Memon, "Using GUI ripping for automated testing of Android applications," in ASE, 2012, pp. 258--261.
[23]
"Gator: Program Analysis Toolkit For Android," web.cse.ohio-state.edu/presto/software/gator.
[24]
"OpenManager: File manager for Android," github.com/nexes/Android-File-Manager.
[25]
D. Grove and C. Chambers, "A framework for call graph construction algorithms," TOPLAS, vol. 23, no. 6, pp. 685--746, 2001.
[26]
A. Milanova, A. Rountev, and B. G. Ryder, "Parameterized object sensitivity for points-to analysis for Java," TOSEM, vol. 14, no. 1, pp. 1--41, 2005.
[27]
Y. Smaragdakis, M. Bravenboer, and O. Lhoták, "Pick your contexts well: Understanding object-sensitivity," in POPL, 2011, pp. 17--30.
[28]
A. Rountev and D. Yan, "Static reference analysis for GUI objects in Android software," in CGO, 2014, pp. 143--153.
[29]
D. Yan, "Program analyses for understanding the behavior and performance of traditional and mobile object-oriented software," Ph.D. dissertation, Ohio State University, Jul. 2014.
[30]
A. Rountev, S. Kagan, and T. Marlowe, "Interprocedural dataflow analysis in the presence of large libraries," in CC, 2006, pp. 2--16.
[31]
"SCanDroid: Security Certifier for anDroid," spruce.cs.ucr.edu/SCanDroid/tutorial.html.
[32]
T. Azim and I. Neamtiu, "Targeted and depth-first exploration for systematic testing of Android apps," in OOPSLA, 2013, pp. 641--660.
[33]
"Intents and intent filters," developer.android.com/guide/components/intents-filters.html.
[34]
M. Sagiv, T. Reps, and S. Horwitz, "Precise interprocedural dataflow analysis with applications to constant propagation," TCS, vol. 167, no. 1--2, pp. 131--170, 1996.
[35]
A. M. Memon, "An event-flow model of GUI-based applications for testing," STVR, vol. 17, no. 3, pp. 137--157, 2007.
[36]
W. Yang, M. Prasad, and T. Xie, "A grey-box approach for automated GUI-model generation of mobile applications," in FASE, 2013, pp. 250--265.
[37]
P. Zhang and S. Elbaum, "Amplifying tests to validate exception handling code," in ICSE, 2012, pp. 595--605.
[38]
M. Prasad, "Personal communication," 2014.
[39]
P. Tramontana, "Android GUI Ripper," wpage.unina.it/ptramont/GUIRipperWiki.htm.
[40]
S. Liang, A. W. Keep, M. Might, S. Lyde, T. Gilray, P. Aldous, and D. Van Horn, "Sound and precise malware analysis for Android via pushdown reachability and entry-point saturation," in SPSM, 2013, pp. 21--32.
[41]
E. Payet and F. Spoto, "An operational semantics for Android activities," in PEPM, 2014, pp. 121--132.
[42]
A. M. Memon, I. Banerjee, and A. Nagarajan, "GUI ripping: Reverse engineering of graphical user interfaces for testing," in WCRE, 2003, pp. 260--269.
[43]
A. M. Memon and Q. Xie, "Studying the fault-detection effectiveness of GUI test cases for rapidly evolving software," TSE, vol. 31, no. 10, pp. 884--896, 2005.
[44]
F. Gross, G. Fraser, and A. Zeller, "Search-based system testing: High coverage, no false alarms," in ISSTA, 2012, pp. 67--77.
[45]
P. Wang, B. Liang, W. You, J. Li, and W. Shi, "Automatic Android GUI traversal with high coverage," in CSNT, 2014, pp. 1161--1166.

Cited By

View all
  • (2022)Detecting resource utilization bugs induced by variant lifecycles in AndroidProceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3533767.3534413(642-653)Online publication date: 18-Jul-2022
  • (2021)ProMalProceedings of the 43rd International Conference on Software Engineering: Companion Proceedings10.1109/ICSE-Companion52605.2021.00061(144-146)Online publication date: 25-May-2021
  • (2019)A microservice architecture for online mobile app optimizationProceedings of the 6th International Conference on Mobile Software Engineering and Systems10.5555/3340730.3340742(45-49)Online publication date: 25-May-2019
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
ICSE '15: Proceedings of the 37th International Conference on Software Engineering - Volume 1
May 2015
999 pages
ISBN:9781479919345

Sponsors

Publisher

IEEE Press

Publication History

Published: 16 May 2015

Check for updates

Qualifiers

  • Research-article

Conference

ICSE '15
Sponsor:

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)14
  • Downloads (Last 6 weeks)5
Reflects downloads up to 21 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2022)Detecting resource utilization bugs induced by variant lifecycles in AndroidProceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3533767.3534413(642-653)Online publication date: 18-Jul-2022
  • (2021)ProMalProceedings of the 43rd International Conference on Software Engineering: Companion Proceedings10.1109/ICSE-Companion52605.2021.00061(144-146)Online publication date: 25-May-2021
  • (2019)A microservice architecture for online mobile app optimizationProceedings of the 6th International Conference on Mobile Software Engineering and Systems10.5555/3340730.3340742(45-49)Online publication date: 25-May-2019
  • (2019)IconIntentProceedings of the 41st International Conference on Software Engineering10.1109/ICSE.2019.00041(257-268)Online publication date: 25-May-2019
  • (2019)Mobile-app analysis and instrumentation techniques reimagined with DECREEProceedings of the 41st International Conference on Software Engineering: Companion Proceedings10.1109/ICSE-Companion.2019.00086(218-221)Online publication date: 25-May-2019
  • (2019)Analyses for specific defects in android applicationsFrontiers of Computer Science: Selected Publications from Chinese Universities10.1007/s11704-018-7008-113:6(1210-1227)Online publication date: 1-Dec-2019
  • (2018)CrawlDroidProceedings of the 10th Asia-Pacific Symposium on Internetware10.1145/3275219.3275238(1-6)Online publication date: 16-Sep-2018
  • (2018)TDroid: exposing app switching attacks in Android with control flow specializationProceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering10.1145/3238147.3238188(236-247)Online publication date: 3-Sep-2018
  • (2018)Detection of energy inefficiencies in Android wear watch facesProceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3236024.3236073(691-702)Online publication date: 26-Oct-2018
  • (2018)P2AProceedings of the 5th International Conference on Mobile Software Engineering and Systems10.1145/3197231.3197249(224-235)Online publication date: 27-May-2018
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media