Aleksandr Pilgun,Olga Gadyatskaya,Stanislav Dashevskyi,Yury Zhauniarovich,Artsiom Kushniarou

DOI: https://doi.org/10.48550/arXiv.1812.10729

2018-12-27

Abstract:Today, there are millions of third-party Android applications. Some of these applications are buggy or even malicious. To identify such applications, novel frameworks for automated black-box testing and dynamic analysis are being developed by the Android community, including Google. Code coverage is one of the most common metrics for evaluating effectiveness of these frameworks. Furthermore, code coverage is used as a fitness function for guiding evolutionary and fuzzy testing techniques. However, there are no reliable tools for measuring fine-grained code coverage in black-box Android app testing. We present the Android Code coVerage Tool, ACVTool for short, that instruments Android apps and measures the code coverage in the black-box setting at the class, method and instruction granularities. ACVTool has successfully instrumented 96.9% of apps in our experiments. It introduces a negligible instrumentation time overhead, and its runtime overhead is acceptable for automated testing tools. We show in a large-scale experiment with Sapienz, a state-of-art testing tool, that the fine-grained instruction-level code coverage provided by ACVTool helps to uncover a larger amount of faults than coarser-grained code coverage metrics.

Cryptography and Security,Software Engineering

Hao Zhou,Shuohan Wu,Xiapu Luo,Ting Wang,Yajin Zhou,Chao Zhang,Haipeng Cai

DOI: https://doi.org/10.1145/3533767.3534410

2022-01-01

Abstract:More and more Android apps implement their functionalities in native code, so does malware. Although various approaches have been designed to analyze the native code used by apps, they usually generate incomplete and biased results due to their limitations in obtaining and analyzing high-fidelity execution traces and memory data with low overheads. To fill the gap, in this paper, we propose and develop a novel hardware-assisted analyzer for native code in apps. We leverage ETM, a hardware feature of ARM platform, and eBPF, a kernel component of Android system, to collect real execution traces and relevant memory data of target apps, and design new methods to scrutinize native code according to the collected data. To show the unique capability of NCScope, we apply it to four applications that cannot be accomplished by existing tools, including systematic studies on self-protection and anti-analysis mechanisms implemented in native code of apps, analysis of memory corruption in native code, and identification of performance differences between functions in native code. The results uncover that only 26.8% of the analyzed financial apps implement self-protection methods in native code, implying that the security of financial apps is far from expected. Meanwhile, 78.3% of the malicious apps under analysis have anti-analysis behaviors, suggesting that NCScope is very useful to malware analysis. Moreover, NCScope can effectively detect bugs in native code and identify performance differences.

Huajie Chen,Tian Zhang,Lei Bu,Xuandong Li

DOI: https://doi.org/10.1109/ssiri-c.2011.20

2011-01-01

Abstract:Dynamic analysis has been widely used in program analysis. Instrumentation is a general technology used to trace dynamic behavior of software. This paper presents a java source code instrumentation tool, which supports making instrumentation manually and automatically according to rules based on AST analysis. On one hand, users can instrument source code manually. It supports to manage those instrumentation points. On the other hand, code snippets can be instrumented automatically in compliance with criteria defined by users. This tool defines some inside criteria and makes instrumentation automatically for them. What's more, these inside criteria can be expanded. By instrumentation, a dynamic execution report about the java source code can be obtained.

Haiyang Sun,Yudi Zheng,Lubomír Bulej,Alex Villazón,Zhengwei Qi,Petr Tůma,Walter Binder

DOI: https://doi.org/10.1145/2724525.2724566

2015-01-01

Abstract:The multi-process architecture of Android applications combined with the lack of suitable APIs make dynamic program analysis (DPA) on Android challenging and unduly difficult. Existing analysis tools and frameworks are tailored mainly to the needs of security-related analyses and are not flexible enough to support the development of generic DPA tools. In this paper we present a framework that, besides providing the fundamental support for the development of DPA tools for Android, enables development of cross-platform analyses that can be applied to applications targeting the Android and Java platforms. The framework provides a convenient high-level programming model, flexible instrumentation support, and strong isolation of the base program from the analysis. To boost developer productivity, the framework retains Java as the main development language, while seamless integration with the platform overcomes the recurring obstacles hindering development of DPA tools for Android. We evaluate the framework on two diverse case studies, demonstrating key concepts, the flexibility of the framework, and analysis portability.

Wing Lam,Zhengkai Wu,Dengfeng Li,Wenyu Wang,Haibing Zheng,Hui Luo,Peng Yan,Yuetang Deng,Tao Xie

DOI: https://doi.org/10.1145/3106237.3117769

2017-01-01

Abstract:Mobile applications, or apps for short, are gaining popularity. The input sources (e.g., touchscreen, sensors, transmitters) of the smart devices that host these apps enable the apps to offer a rich experience to the users, but these input sources pose testing complications to the developers (e.g., writing tests to accurately utilize multiple input sources together and be able to replay such tests at a later time). To alleviate these complications, researchers and practitioners in recent years have developed a variety of record-and-replay tools to support the testing expressiveness of smart devices. These tools allow developers to easily record and automate the replay of complicated usage scenarios of their app. Due to Android's large share of the smart-device market, numerous record-and-replay tools have been developed using a variety of techniques to test Android apps. To better understand the strengths and weaknesses of these tools, we present a comparison of popular record-and-replay tools from researchers and practitioners, by applying these tools to test three popular industrial apps downloaded from the Google Play store. Our comparison is based on three main metrics: (1) ability to reproduce common usage scenarios, (2) space overhead of traces created by the tools, and (3) robustness of traces created by the tools (when being replayed on devices with different resolutions). The results from our comparison show which record-and-replay tools may be the best for developers and identify future directions for improving these tools to better address testing complications of smart devices.

Kevin Moran,Mario Linares-Vasquez,Carlos Bernal-Cardenas,Christopher Vendome,Denys Poshyvanyk

DOI: https://doi.org/10.48550/arXiv.1801.06428

2018-01-18

Software Engineering

Abstract:Unique challenges arise when testing mobile applications due to their prevailing event-driven nature and complex contextual features (e.g. sensors, notifications). Current automated input generation approaches for Android apps are typically not practical for developers to use due to required instrumentation or platform dependence and generally do not effectively exercise contextual features. To better support developers in mobile testing tasks, in this demo we present a novel, automated tool called CrashScope. This tool explores a given Android app using systematic input generation, according to several strategies informed by static and dynamic analyses, with the intrinsic goal of triggering crashes. When a crash is detected, CrashScope generates an augmented crash report containing screenshots, detailed crash reproduction steps, the captured exception stack trace, and a fully replayable script that automatically reproduces the crash on a target device(s). Results of preliminary studies show that CrashScope is able to uncover about as many crashes as other state of the art tools, while providing detailed useful crash reports and test scripts to developers. Website: www.crashscope-android.com/crashscope-home Video url: https://youtu.be/ii6S1JF6xDw

Juanru Li,Yuanyuan Zhang,Wenbo Yang,Junliang Shu,Dawu Gu

DOI: https://doi.org/10.1109/cit.2014.82

2014-01-01

Abstract:Online program analysis aims to analyze a program as it executes. Traditional online program analysis is generally interactive and not automated. An automated online program analysis requires fine-grained yet flexible analyzing infrastructure to support. Android system, although providing many high-level debugging interfaces, lacks such functionality and is not convenient for developing automated analysis tools.In this paper we present DIAS, a flexible and extensible framework for automated online analysis of Android applications. DIAS contains an introspection monitor and many analysis modules. Based on the introspection monitor and the analysis modules, DIAS provides a set of analysis interfaces to help access various types of runtime information and performs automated online analysis. Automated program analysis is then accomplished using these interfaces.DIAS can monitor applications' execution and understand their behavior, which is useful for profiling, debugging and security analysis. Moreover, DIAS's analysis interface eases the task of developing new online analysis functions.

Chun Cao,Chenglin Meng,Hongjun Ge,Ping Yu,Xiaoxing Ma

DOI: https://doi.org/10.1109/compsac.2017.268

2017-01-01

Abstract:The applications ("apps") running on Android need to be adequately tested to avoid faults. Researchers have developed a number of test input generation tools for automated app testing and tried to improve test coverage to detect as many faults as possible. However, existing testing tools achieve very low coverage for some specific apps because they highly depend on external factors to run properly such as business logic, content providers and so on. In this paper, we present Xdroid to catch when and what kind of dependencies apps require and inject them correspondingly in a lightweight way. Working with a built-in tool Xmonkey which generates GUI events directly on Android devices, Xdroid implements an effective testing engine to get a high coverage. We evaluate Xdroid with diverse Android apps and demonstrate that it outperforms Monkey for 17%, Sapienz for 22% in coverage and meanwhile reveals more bugs than manual testing. Overall, it combines the benefits of both manual testing and random testing to improve test coverage and detect bugs effectively.

Shuaifu Dai,Tao Wei,Wei Zou

2012-01-01

Abstract:As the mobile devices increased rapidly in recent years, mobile malware is becoming a severe threat to users. Traditional malware detection uses signature-based methods, but these methods can be evaded by obfuscation or polymorphism. So the behavior-based detection techniques were proposed recently. To capture the apps' behavior, previous works either use OS level tool such as strace to capture system call, or intercept high level API by modifying the virtual machine. However, the information retrieved from the former method is too difficult to understand the program's behavior, and the technique used in latter method requires to modify the emulator, which it is not compatible when the Android version upgrade. In this paper, we proposed a new light-weight method to understand the applications' behavior by logging program's API and corresponding arguments. We build the logging system DroidLogger, which instruments the logging code into the application binary, and prints out the API usage information at run time. We analyzed several malware and show DroidLogger can reveal the malicious behavior effectively.

Xiao Fu,Hao Ruan,Xuanyu Liu,Xiaojiang Du,B. Luo

DOI: https://doi.org/10.1109/ICCCN.2017.8038362

2017-07-01

Abstract:The wide spread of mobile devices has also caused the explosive growth of malwares. Application behavior analysis is a popular technique to fight against malwares. However current app behavior analysis methods still have some limitations. For example, many popular dynamic analysis methods are built on Dalvik virtual machines. They cannot disclose the behavior of native code. VMI based methods can overcome this limitation but they're executed in simulated environments. Now malwares can detect where they are running so as to hide the illegal behaviors by anti-forensic techniques. Considering these, we present the DroidRevealer. It is based on kernel-level system calls monitoring and it's running on real android devices. By intercepting and interpreting certain file/network related and android-specific system calls, it can reconstruct app behaviors in real-time. It's difficult to evade as it runs in the kernel. And its results do not simply focus on a single kind of behavior or a single app. Instead it is data oriented, i.e. it monitors how the target data source is used. The result is presented as an intelligible graph which can provide both a good basis for detection and crucial evidence for forensics. Experiments have proved that the performance of our method is acceptable.

Computer Science

Marc Miltenberger,Steven Arzt

DOI: https://doi.org/10.1145/3649591

IF: 3.685

2024-02-27

ACM Transactions on Software Engineering and Methodology

Abstract:Millions of users nowadays rely on their smartphones to process sensitive data through apps from various vendors and sources. Therefore, it is vital to assess these apps for security vulnerabilities and privacy violations. Information such as to which server an app connects through which protocol, and which algorithm it applies for encryption are usually encoded as variable values and arguments of API calls. However, extracting these values from an app is not trivial. The source code of an app is usually not available, and manual reverse engineering is cumbersome with binary sizes in the tens of megabytes. Current automated tools, on the other hand, cannot retrieve values that are computed at runtime through complex transformations. In this paper, we present ValDroid , a novel static analysis tool for automatically extracting the set of possible values for a given variable at a given statement in the Dalvik byte code of an Android app. We evaluate ValDroid against existing approaches (JSA, Violist, DroidRA, Harvester, BlueSeal, StringHound, IC3, COAL) on benchmarks and 794 real-world apps. ValDroid greatly outperforms existing tools. It provides an average F 1 score of more than 90%, while only requiring 0.1 seconds per value on average. For many data types including Network Connections and Dynamic Code Loading, its recall is more than twice the recall of the best existing approaches.

computer science, software engineering

Yi Zhong,Mengyu Shi,Youran Xu,Chunrong Fang,Zhenyu Chen

DOI: https://doi.org/10.1007/s11704-022-1658-8

IF: 2.6688

2023-01-01

Frontiers of Computer Science

Abstract:With the benefits of reducing time and workforce, automated testing has been widely used for the quality assurance of mobile applications (APPs). Compared with automated testing, manual testing can achieve higher coverage in complex interactive Activities. And the effectiveness of manual testing is highly dependent on the user operation process (UOP) of experienced testers. Based on the UOP, we propose an iterative Android automated testing (IAAT) method that automatically records, extracts, and integrates UOPs to guide the test logic of the tool across the complex Activity iteratively. The feedback test results can train the UOPs to achieve higher coverage in each iteration. We extracted 50 UOPs and conducted experiments on 10 popular mobile APPs to demonstrate IAAT’s effectiveness compared with Monkey and the initial automated tests. The experimental results show a noticeable improvement in the IAAT compared with the test logic without human knowledge. Under the 60 minutes test time, the average code coverage is improved by 13.98% to 37.83%, higher than the 27.48% of Monkey under the same conditions.

Amid Golmohammadi,Man Zhang,Andrea Arcuri

DOI: https://doi.org/10.1007/s11219-023-09645-1

2023-09-03

Software Quality Journal

Abstract:C# is one of the most widely used programming languages. However, to the best of our knowledge, there has been no work in the literature aimed at enabling search-based software testing techniques for applications running on the .NET platform, like the ones written in C#. In this paper, we propose a search-based approach and an open source tool to enable white-box testing for C# applications. The approach is integrated with a .NET bytecode instrumentation, in order to collect code coverage at runtime during the search. In addition, by taking advantage of Branch Distance , we define heuristics to better guide the search, e.g., how heuristically close it is to cover a branch in the source code. To empirically evaluate our technique, we integrated our tool into the EvoMaster test generation tool and conducted experiments on three .NET RESTful APIs as case studies. Results show that our technique significantly outperforms gray-box testing tools in terms of code coverage.

computer science, software engineering

Kris Heid,Jens Heider

DOI: https://doi.org/10.1145/3487405.3487652

2021-11-10

Abstract:Smartphones apps aid humans in plenty of situations. There exists an app for everything. However, without the user’s awareness, some apps contain vulnerabilities or leak private data. Static and dynamic app analysis are ways to find these software properties. Especially setting up a dynamic analysis environment is not a trivial task. Several peculiarities of Android have to be considered, existing tools for different aspects have to be evaluated, selected and setup to work together. Existing literature is often outdated and only covers tools for one aspect but doesn’t combine them together in a big picture. This paper presents a generic design for an automated dynamic app analysis environment and highlights the required components as well as functionality to reveal security and privacy issues. Available tools are listed, realizing different aspects of the proposed environment design. Tool features are evaluated and tool usability for an automated large scale dynamic app analysis is compared. This document should serve as a reference to all who need to implement dynamic analysis on Android (or some aspects) and require an overview of available and usable solutions.

Zhen Dong,Marcel Bohme,Lucia Cojocaru,Abhik Roychoudhury

DOI: https://doi.org/10.1145/3377811.3380402

2020-01-01

Abstract:Android testing tools generate sequences of input events to exercise the state space of the app-under-test. Existing search-based techniques systematically evolve a population of event sequences so as to achieve certain objectives such as maximal code coverage. The hope is that the mutation of fit event sequences leads to the generation of even fitter sequences. However, the evolution of event sequences may be ineffective. Our key insight is that pertinent app states which contributed to the original sequence's fitness may not be reached by a mutated event sequence. The original path through the state space is truncated at the point of mutation. In this paper, we propose instead to evolve a population of states which can be captured upon discovery and resumed when needed. The hope is that generating events on a fit program state leads to the transition to even fitter states. For instance, we can quickly deprioritize testing the main screen state which is visited by most event sequences, and instead focus our limited resources on testing more interesting states that are otherwise difficult to reach. We call our approach time-travel testing because of this ability to travel back to any state that has been observed in the past. We implemented time-travel testing into TimeMachine, a time-travel enabled version of the successful, automated Android testing tool Monkey. In our experiments on a large number of open- and closed source Android apps, TimeMachine outperforms the state-of-the-art search-based/model-based Android testing tools Sapienz and Stoat, both in terms of coverage achieved and crashes found.

Xiaodong Lin,Ting Chen,Tong Zhu,Kun Yang,Fengguo Wei

DOI: https://doi.org/10.1016/j.diin.2018.04.012

2018-01-01

Digital Investigation

Abstract:It is not uncommon that mobile phones are involved in criminal activities, e.g., the surreptitious collection of credit card information. Forensic analysis of mobile applications plays a crucial part in order to gather evidences against criminals. However, traditional forensic approaches, which are based on manual investigation, are not scalable to the large number of mobile applications. On the other hand, dynamic analysis is hard to automate due to the burden of setting up the proper runtime environment to accommodate OS differences and dependent libraries and activate all feasible program paths. We propose a fully automated tool, Fordroid for the forensic analysis of mobile applications on Android. Fordroid conducts inter-component static analysis on Android APKs and builds control flow and data dependency graphs. Furthermore, Fordroid identifies what and where information written in local storage with taint analysis. Data is located by traversing the graphs. This addresses several technique challenges, which include inter-component string propagation, string operations (e.g., append) and API invocations. Also, Fordroid identifies how the information is stored by parsing SQL commands, i.e., the structure of database tables. Finally, we selected 100 random Android applications consisting of 2841 components from four categories for evaluation. Analysis of all apps took 64 h. Fordroid discovered 469 paths in 36 applications that wrote sensitive information (e.g., GPS) to local storage. Furthermore, Fordroid successfully located where the information was written for 458 (98%) paths and identified the structure of all (22) database tables.

Minxue Pan,Yifei Lu,Yu Pei,Tian Zhang,Juan Zhai,Xuandong Li

2019-01-01

Abstract:7 The last decade has seen a vast proliferation of mobile apps. To improve the 8 reliability of such apps, various techniques have been developed to automatically 9 generate tests for them. While such techniques have been proven to be useful 10 in producing test suites that achieve significant levels of code coverage, there is 11 still enormous demand for techniques that effectively generate tests to exercise 12 more code and detect more bugs of apps. 13 We propose in this paper the Adamant approach to automated Android app 14 testing. Adamant utilizes models that incorporate valuable human knowledge 15 about the behaviours of the app under consideration to guide effective test 16 generation, and the models are encoded in an extended version of the Interaction 17 Flow Modeling Language (IFML). 18 In an experimental evaluation on 10 open source Android apps, Adamant 19 generated over 130 test actions per minute, achieved around 68% code coverage, 20 and exposed 8 real bugs, significantly outperforming other test generation tools 21 like Monkey, AndroidRipper, and Gator in terms of code covered and bugs 22 detected. 23

Mario Linares Vasquez,Carlos Bernal-Cardenas,Kevin Moran,Denys Poshyvanyk

DOI: https://doi.org/10.48550/arXiv.1801.06268

2018-01-19

Abstract:Enabling fully automated testing of mobile applications has recently become an important topic of study for both researchers and practitioners. A plethora of tools and approaches have been proposed to aid mobile developers both by augmenting manual testing practices and by automating various parts of the testing process. However, current approaches for automated testing fall short in convincing developers about their benefits, leading to a majority of mobile testing being performed manually. With the goal of helping researchers and practitioners - who design approaches supporting mobile testing - to understand developer's needs, we analyzed survey responses from 102 open source contributors to Android projects about their practices when performing testing. The survey focused on questions regarding practices and preferences of developers/testers in-the-wild for (i) designing and generating test cases, (ii) automated testing practices, and (iii) perceptions of quality metrics such as code coverage for determining test quality. Analyzing the information gleaned from this survey, we compile a body of knowledge to help guide researchers and professionals toward tailoring new automated testing approaches to the need of a diverse set of open source developers.

Software Engineering

Zhanshuai Meng,Yanyan Jiang,Chang Xu

DOI: https://doi.org/10.1145/2875913.2875937

2015-01-01

Abstract:Mobile apps are prevalent in everyone's daily life. However, apps are oftentimes defective, undermining their convenience, and therefore automated testing and analysis of apps are developed to enhance apps' quality. As these advanced technologies become increasingly effective and complicated, prototyping such a tool also becomes a challenge. To facilitate easy development of high-quality testing and analysis tools that work with real-world apps, we in this paper present the design and implementation of ATT (Android Testing Toolkit), for crafting reusable and scalable testing and analysis on Android apps. ATT consists of integrated tools and APIs for event generation, profiling and program instrumentation, and can be distributed over cloud platforms for scalable testing and analysis. We qualitatively evaluated the applicability of ATT by demonstrating implementation of a series of existing and enhanced work (RERAN, Monkey+ and UGA) upon ATT, and quantitatively studied the scalability of parallelized UGA on a cloud platform with five real-world apps. We believe that our ATT tool would facilitate development of more advanced testing and analysis approaches for Android apps.

Wenyu Wang,Dengfeng Li,Wei Yang,Yurui Cao,Zhenwen Zhang,Yuetang Deng,Tao Xie

DOI: https://doi.org/10.1145/3238147.3240465

2018-01-01

Abstract:User Interface (UI) testing is a popular approach to ensure the quality of mobile apps. Numerous test generation tools have been developed to support UI testing on mobile apps, especially for Android apps. Previous work evaluates and compares different test generation tools using only relatively simple open-source apps, while real-world industrial apps tend to have more complex functionalities and implementations. There is no direct comparison among test generation tools with regard to effectiveness and ease-of-use on these industrial apps. To address such limitation, we study existing state-of-the-art or state-of-the-practice test generation tools on 68 widely-used industrial apps. We directly compare the tools with regard to code coverage and fault-detection ability. According to our results, Monkey, a state-of-the-practice tool from Google, achieves the highest method coverage on 22 of 41 apps whose method coverage data can be obtained. Of all 68 apps under study, Monkey also achieves the highest activity coverage on 35 apps, while Stoat, a state-of-the-art tool, is able to trigger the highest number of unique crashes on 23 apps. By analyzing the experimental results, we provide suggestions for combining different test generation tools to achieve better performance. We also report our experience in applying these tools to industrial apps under study. Our study results give insights on how Android UI test generation tools could be improved to better handle complex industrial apps.