nach oben

Automated Software Engineering

Erschienen in:

16.06.2018

Static window transition graphs for Android

verfasst von: Shengqian Yang, Haowei Wu, Hailong Zhang, Yan Wang, Chandrasekar Swaminathan, Dacong Yan, Atanas Rountev

Erschienen in: Automated Software Engineering | Ausgabe 4/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

This work develops a static analysis to create a model of the behavior of an Android application’s GUI. We propose the window transition graph (WTG), a model representing the possible GUI window sequences and their associated events and callbacks. A key component and contribution of our work is the careful modeling of the stack of currently-active windows, the changes to this stack, and the effects of callbacks related to these changes. To the best of our knowledge, this is the first detailed study of this important static analysis problem for Android. We develop novel analysis algorithms for WTG construction and traversal, based on this modeling of the window stack. We also propose WTG extensions to handle certain aspects of asynchronous control flow. We describe an application of the WTG for GUI test generation, using path traversals. The evaluation of the proposed algorithms indicates their effectiveness and practicality.

Vorheriger Artikel Synthesis of probabilistic models for quality-of-service software engineering

Nächster Artikel Developing and evolving a DSL-based approach for runtime monitoring of systems of systems

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

There is a related callback onPrepareOptionsMenu; for simplicity, it is not discussed here, but our implementation handles it.

The discussion assumes Android version 8.0; some earlier versions have slight variations in certain sequences of callbacks.

Since the lifetime of a menu/dialog is contained within the lifetime of its owner, closing an owner implies that all owned windows have been closed.

In general, w could have multiple owners, e.g., due to subclassing of activities; the necessary algorithmic generalizations are straightforward.

An alternative would be to traverse all acyclic paths, without a length limit.

There is also a separate mechanism which uses a Handler to send messages to the targeted thread, but its analysis is beyond the scope of this work.

Amalfitano, D., Fasolino, A.R., Tramontana, P., De Carmine, S., Memon, A.M.: Using GUI ripping for automated testing of Android applications. In: International Conference on Automated Software Engineering, pp. 258–261 (2012)

Anand, S., Naik, M., Harrold, M.J., Yang, H.: Automated concolic testing of smartphone apps. In: ACM SIGSOFT International Symposium on the Foundations of Software Engineering, pp. 59:1–59:11 (2012)

APV: APV PDF viewer. http://code.google.com/p/apv. Accessed 2015 (2015)

Arlt, S., Podelski, A., Bertolini, C., Schäf, M., Banerjee, I., Memon, A.M.: Lightweight static analysis for GUI testing. In: IEEE International Symposium on Software Reliability Engineering, pp. 301–310 (2012)

Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 259–269 (2014)

Azim, T., Neamtiu, I.: Targeted and depth-first exploration for systematic testing of Android apps. In: ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, pp. 641–660 (2013)

Baek, Y.M., Bae, D.H.: Automated model-based android gui testing using multi-level gui comparison criteria. In: International Conference on Automated Software Engineering, pp. 238–249 (2016)

Banerjee, A., Chong, L.K., Chattopadhyay, S., Roychoudhury, A.: Detecting energy bugs and hotspots in mobile apps. In: ACM SIGSOFT International Symposium on the Foundations of Software Engineering, pp. 588–598 (2014)

Cai, H., Ryder, B.G.: Understanding android application programming and security: a dynamic study. In: IEEE International Conference on Software Maintenance and Evolution, pp. 364–375 (2017)

Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in Android. In: International Conference on Mobile Systems, Applications, and Services, pp. 239–252 (2011)

Choudhary, S.R., Gorla, A., Orso, A.: Automated test input generation for Android: Are we there yet? In: International Conference on Automated Software Engineering, pp. 429–440 (2015)

Dubroy, P.: Memory management for Android applications. In: Google I/O Developers Conference (2011)

Feng, Y., Anand, S., Dillig, I., Aiken, A.: Apposcopy: Semantics-based detection of Android malware through static analysis. In: ACM SIGSOFT International Symposium on the Foundations of Software Engineering, pp. 576–587 (2014)

Fuchs, A.P., Chaudhuri, A., Foster, J.S.: SCanDroid: Automated security certification of Android applications. Technical Report CS-TR-4991, University of Maryland, College Park (2009)

GATOR: Gator: Program analysis toolkit for Android. web.cse.ohio-state.edu/presto/software/gator (2017). Accessed Nov 2017

Google Inc.: Android dialogs. developer.android.com/guide/topics/ui/dialogs.html (2017a). Accessed June 2018

Google Inc.: Intents and intent filters. developer.android.com/guide/components/intents-filters.html (2017b). Accessed June 2018

Google Inc.: Stopping and restarting an activity. developer.android.com/training/basics/activity-lifecycle/st opping.html (2017c). Accessed June 2018

Google Inc.: Tasks and back stack. developer.android.com/guide/components/tasks-and-back-stack.html (2017d). Accessed June 2018

Grace, M., Zhou, Y., Wang, Z., Jiang, X.: Systematic detection of capability leaks in stock Android smartphones. In: Network and Distributed System Security Symposium (2012)

Gross, F., Fraser, G., Zeller, A.: Search-based system testing: high coverage, no false alarms. In: ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 67–77 (2012)

Guo, C., Zhang, J., Yan, J., Zhang, Z., Zhang, Y.: Characterizing and detecting resource leaks in Android applications. In: International Conference on Automated Software Engineering, pp. 389–398 (2013)

Hao, S., Liu, B., Nath, S., Halfond, W.G., Govindan, R.: PUMA: Programmable UI-automation for large-scale dynamic analysis of mobile apps. In: International Conference on Mobile Systems, Applications, and Services, pp. 204–217 (2014)

Huang, J., Zhang, X., Tan, L., Wang, P., Liang, B.: AsDroid: Detecting stealthy behaviors in Android applications by user interface and program behavior contradiction. In: International Conference on Software Engineering, pp. 1036–1046 (2014)

Jamrozik, K., von Styp-Rekowsky, P., Zeller, A.: BOXMATE (2017). boxmate.org

Jensen, C.S., Prasad, M.R., Møller, A.: Automated testing with targeted event sequence generation. In: ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 67–77 (2013)

Lee, Y.K., Safi, G., Shahbazian, A., Zhao, Y., Medvidovic, N., et al.: A sealant for inter-app security holes in Android. In: International Conference on Software Engineering, pp. 312–323 (2017)

Li, D., Hao, S., Halfond, W.G.J., Govindan, R.: Calculating source line level energy information for Android applications. In: ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 78–89 (2013)

Li, L., Bartel, A., Bissyandé, T.F., Klein, J., Le Traon, Y., Arzt, S., Rasthofer, S., Bodden, E., Octeau, D., McDaniel, P.: Iccta: Detecting inter-component privacy leaks in android apps. In: International Conference on Software Engineering, pp. 280–291 (2015)

Li, L., Bissyandé, T.F., Papadakis, M., Rasthofer, S., Bartel, A., Octeau, D., Klein, J., Le Traon, Y.: Static analysis of android apps: A systematic literature review. In: Information and Software Technology (2017)

Liang, S., Keep, A.W., Might, M., Lyde, S., Gilray, T., Aldous, P., Van Horn, D.: Sound and precise malware analysis for Android via pushdown reachability and entry-point saturation. In: ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 21–32 (2013)

Lin, Y., Radoi, C., Dig, D.: Retrofitting concurrency for Android applications through refactoring. In: ACM SIGSOFT International Symposium on the Foundations of Software Engineering, pp. 341–352 (2014)

Liu, Y., Xu, C., Cheung, S.C., Lu, J.: GreenDroid: automated diagnosis of energy inefficiency for smartphone applications. IEEE Trans. Softw. Eng. 40, 911–940 (2014)CrossRef

Lu, K., Li, Z., Kemerlis, V.P., Wu, Z., Lu, L., Zheng, C., Qian, Z., Lee, W., Jiang, G.: Checking more and alerting less: detecting privacy leakages via enhanced data-flow analysis and peer voting. In: Network and Distributed System Security Symposium (2015)

Lu, L., Li, Z., Wu, Z., Lee, W., Jiang, G.: CHEX: Statically vetting Android apps for component hijacking vulnerabilities. In: ACM Conference on Computer and Communications Security, pp. 229–240 (2012)

Machiry, A., Tahiliani, R., Naik, M.: Dynodroid: An input generation system for Android apps. In: ACM SIGSOFT International Symposium on the Foundations of Software Engineering, pp. 224–234 (2013)

Mahmood, R., Mirzaei, N., Malek, S.: EvoDroid: Segmented evolutionary testing of Android apps. In: ACM SIGSOFT International Symposium on the Foundations of Software Engineering, pp. 599–609 (2014)

Memon, A.M.: An event-flow model of GUI-based applications for testing. Softw. Test. Verif. Reliab. 17(3), 137–157 (2007)CrossRef

Memon, A.M., Xie, Q.: Studying the fault-detection effectiveness of GUI test cases for rapidly evolving software. IEEE Trans. Softw. Eng. 31(10), 884–896 (2005)CrossRef

Memon, A.M., Soffa, M.L., Pollack, M.E.: Coverage criteria for GUI testing. In: ACM SIGSOFT International Symposium on the Foundations of Software Engineering, pp. 256–267 (2001)CrossRef

Memon, A.M., Banerjee, I., Nagarajan, A: GUI ripping: Reverse engineering of graphical user interfaces for testing. In: Working Conference on Reverse Engineering, pp. 260–269 (2003)

Min, C., Lee, Y., Yoo, C., Kang, S., Choi, S., Park, P., Hwang, I., Ju, Y., Choi, S., Song, J.: PowerForecaster: Predicting smartphone power impact of continuous sensing applications at pre-installation time. In: ACM Conference on Embedded Networked Sensor Systems, pp. 31–44 (2015)

Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., le Traon, Y.: Effective inter-component communication mapping in Android with Epicc. In: USENIX Security Symposium (2013)

Octeau, D., Luchaup, D., Dering, M., Jha, S., McDaniel, P.: Composite constant propagation: Application to Android inter-component communication analysis. In: International Conference on Software Engineering, pp. 77–88 (2015)

Oliner, A.J., Iyer, A.P., Stoica, I., Lagerspetz, E., Tarkoma, S.: Carat: Collaborative energy diagnosis for mobile devices. In: ACM Conference on Embedded Networked Sensor Systems, pp 10:1–10:14 (2013)

Pathak, A., Jindal, A., Hu, Y.C., Midkiff, S.P.: What is keeping my phone awake? In: International Conference on Mobile Systems, Applications, and Services, pp. 267–280 (2012)

Payet, E., Spoto, F.: Static analysis of Android programs. Inf. Softw. Technol. 54(11), 1192–1201 (2012)CrossRef

Payet, E., Spoto, F.: An operational semantics for Android activities. In: ACM SIGPLAN Workshop on Partial Evaluation and Program Manipulation, pp. 121–132 (2014)

Robotium: Robotium testing framework for Android (2016). code.google.com/p/robotium

Rountev, A., Yan, D.: Static reference analysis for GUI objects in Android software. In: International Symposium on Code Generation and Optimization, pp. 143–153 (2014)

SCanDroid: SCanDroid: Security Certifier for anDroid (2015). spruce.cs.ucr.edu/SCanDroid/tutorial.html. Accessed 2015

Sharir, M., Pnueli, A.: Two approaches to interprocedural data flow analysis. In: Muchnick, S., Jones, N. (eds.) Program Flow Analysis: Theory and Applications, pp. 189–234. Prentice Hall, New York (1981)

Song, W., Qian, X., Huang, J.: Ehbdroid: beyond GUI testing for android applications. In: International Conference on Automated Software Engineering, pp. 27–37 (2017)

Soot: Soot Analysis Framework. http://www.sable.mcgill.ca/soot (2018). Accessed Nov 2017

Takala, T., Katara, M., Harty, J.: Experiences of system-level model-based GUI testing of an Android application. In: IEEE International Conference on Software Testing, Verification, and Validation, pp. 377–386 (2011)

Tramontana, P.: Android GUI Ripper(2013). wpage.unina.it/ptramont/GUIRipperWiki.htm

Tsutano, Y., Bachala, S., Srisa-an, W., Rothermel, G., Dinh, J.: An efficient, robust, and scalable approach for analyzing interacting android apps. In: International Conference on Software Engineering, pp. 324–334 (2017)

Wang, P., Liang, B., You, W., Li, J., Shi, W.: Automatic Android GUI traversal with high coverage. In: Communication Systems and Network Technologies, pp. 1161–1166 (2014)

Wang, Y., Rountev, A.: Profiling the responsiveness of Android applications via automated resource amplification. In: IEEE/ACM International Conference on Mobile Software Engineering and Systems, pp. 48–58 (2016)

Wang, Y., Zhang, H., Rountev, A.: On the unsoundness of static analysis for Android GUIs. In: ACM SIGPLAN International Workshop on the State Of the Art in Program Analysis, pp. 18–23 (2016)

Wei, F., Roy, S., Ou, X., et al.: Amandroid: A precise and general inter-component data flow analysis framework for security vetting of android apps. In: ACM Conference on Computer and Communications Security, pp. 1329–1341 (2014)

White, L., Almezen, H.: Generating test cases for GUI responsibilities using complete interaction sequences. In: IEEE International Symposium on Software Reliability Engineering, pp. 110–121 (2000)

Wontae, C., George, N., Koushik, S.: Guided GUI testing of Android apps with minimal restart and approximate learning. In: ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, pp. 623–640 (2013)

Wu, H., Yang, S., Rountev, A.: Static detection of energy defect patterns in Android applications. In: International Conference on Compiler Construction, pp. 185–195 (2016)

Wu, H., Wang, Y., Rountev, A.: Sentinel: generating GUI tests for Android sensor leaks. In: IEEE/ACM International Workshop on Automation of Software Test (2018)

Xie, Q., Memon, A.M.: Using a pilot study to derive a GUI model for automated testing. ACM Trans. Softw. Eng. Methodol. 18(2), 7:1–7:35 (2008)CrossRef

Xiong, B., Xiang, G., Du, T., He, J.S., Ji, S.: Static taint analysis method for intent injection vulnerability in android applications. In: International Symposium on Cyberspace Safety and Security, pp 16–31 (2017)CrossRef

Yan, D.: Program analyses for understanding the behavior and performance of traditional and mobile object-oriented software. Ph.D. thesis, Ohio State University (2014)

Yan, D., Yang, S., Rountev, A.: Systematic testing for resource leaks in Android applications. In: IEEE International Symposium on Software Reliability Engineering, pp. 411–420 (2013)

Yang, S.: Static analyses of GUI behavior in Android applications. Ph.D. thesis, Ohio State University (2015)

Yang, S., Yan, D., Rountev, A.: Testing for poor responsiveness in Android applications. In: Workshop on Engineering Mobile-Enabled Systems, pp. 1–6 (2013a)

Yang, S., Yan, D., Wu, H., Wang, Y., Rountev, A.: Static control-flow analysis of user-driven callbacks in Android applications. In: International Conference on Software Engineering, pp. 89–99 (2015a)

Yang, S., Zhang, H., Wu, H., Wang, Y., Yan, D., Rountev, A.: Static window transition graphs for Android. In: IEEE/ACM International Conference on Automated Software Engineering, pp. 658–668 (2015b)

Yang, W., Prasad, M., Xie, T.: A grey-box approach for automated GUI-model generation of mobile applications. In: International Conference on Fundamental Approaches to Software Engineering, pp. 250–265 (2013b)CrossRef

Yuan, X., Memon, A.M.: Generating event sequence-based test cases using GUI run-time state feedback. IEEE Trans. Softw. Eng. 36(1), 81–95 (2010)CrossRef

Yuan, X., Cohen, M.B., Memon, A.M.: GUI interaction testing: incorporating event context. IEEE Trans. Softw. Eng. 37(4), 559–574 (2011)CrossRef

Zhang, H., Wu, H., Rountev, A.: Automated test generation for detection of leaks in Android applications. In: IEEE/ACM International Workshop on Automation of Software Test, pp. 64–70 (2016)

Zhang, P., Elbaum, S.: Amplifying tests to validate exception handling code. In: International Conference on Software Engineering, pp. 595–605 (2012)

Zhang, S., Lü, H., Ernst, M.D.: Finding errors in multithreaded GUI applications. In: ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 243–253 (2012)

Zheng, C., Zhu, S., Dai, S., Gu, G., Gong, X., Han, X., Zou, W.: SmartDroid: An automatic system for revealing UI-based trigger conditions in Android applications. In: ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 93–104 (2012)

Titel: Static window transition graphs for Android
verfasst von: Shengqian Yang
Haowei Wu
Hailong Zhang
Yan Wang
Chandrasekar Swaminathan
Dacong Yan
Atanas Rountev
Publikationsdatum: 16.06.2018
Verlag: Springer US
Erschienen in: Automated Software Engineering / Ausgabe 4/2018
Print ISSN: 0928-8910
Elektronische ISSN: 1573-7535
DOI: https://doi.org/10.1007/s10515-018-0237-6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2018

How verified (or tested) is my code? Falsification-driven verification and testing

Synthesis of probabilistic models for quality-of-service software engineering

Inferring visual contracts from Java programs

Guest editorial: advanced topics in automated software engineering

FastTagRec: fast tag recommendation for software information sites

Developing and evolving a DSL-based approach for runtime monitoring of systems of systems