Keeping Context In Mind: Automating Mobile App Access Control with User Interface Inspection

Recent studies observe that app foreground is the most striking component that influences the access control decisions in mobile platform, as users tend to deny permission requests lacking visible evidence. However, none of the existing permission models provides a systematic approach that can automatically answer the question: Is the resource access indicated by app foreground? In this work, we present the design, implementation, and evaluation of COSMOS, a context-aware mediation system that bridges the semantic gap between foreground interaction and background access, in order to protect system integrity and user privacy. Specifically, COSMOS learns from a large set of apps with similar functionalities and user interfaces to construct generic models that detect the outliers at runtime. It can be further customized to satisfy specific user privacy preference by continuously evolving with user decisions. Experiments show that COSMOS achieves both high precision and high recall in detecting malicious requests. We also demonstrate the effectiveness of COSMOS in capturing specific user preferences using the decisions collected from 24 users and illustrate that COSMOS can be easily deployed on smartphones as a real-time guard with a very low performance overhead.Comment: Accepted for publication in IEEE INFOCOM'201

Automated Test Input Generation for Android: Are We There Yet?

Mobile applications, often simply called "apps", are increasingly widespread, and we use them daily to perform a number of activities. Like all software, apps must be adequately tested to gain confidence that they behave correctly. Therefore, in recent years, researchers and practitioners alike have begun to investigate ways to automate apps testing. In particular, because of Android's open source nature and its large share of the market, a great deal of research has been performed on input generation techniques for apps that run on the Android operating systems. At this point in time, there are in fact a number of such techniques in the literature, which differ in the way they generate inputs, the strategy they use to explore the behavior of the app under test, and the specific heuristics they use. To better understand the strengths and weaknesses of these existing approaches, and get general insight on ways they could be made more effective, in this paper we perform a thorough comparison of the main existing test input generation tools for Android. In our comparison, we evaluate the effectiveness of these tools, and their corresponding techniques, according to four metrics: code coverage, ability to detect faults, ability to work on multiple platforms, and ease of use. Our results provide a clear picture of the state of the art in input generation for Android apps and identify future research directions that, if suitably investigated, could lead to more effective and efficient testing tools for Android

Strategy Patterns for Evaluating and Improving Usability

Patterns have had significant impact in many disciplines, particularly in software and web engineering, and we believe that they also provide a basis for selecting evaluation strategies via practical tips and tricks that can be easily adopted for evaluation and change projects. In this paper, we propose a holistic quality evaluation approach for usability and user experience (UX), which relies on quality views and strategy patterns. A quality view relates accordingly an entity super-category (e.g., product, system, system in use) with a quality focus (e.g., internal quality, external quality, quality in use). Usability and user experience are higher-level characteristics that should be linked to quality views appropriately. Also quality views support ‘influences’ and ‘depends on’ relationships between them. With a concrete evaluation or change project goal, our approach selects and instantiates a suitable strategy from a set of strategy patterns. Practical use of our approach is demonstrated through the specification and use of a strategy pattern in the evaluation of the Facebook mobile app.Sociedad Argentina de Informática e Investigación Operativa (SADIO

Strategy Patterns for Evaluating and Improving Usability

Patterns have had significant impact in many disciplines, particularly in software and web engineering, and we believe that they also provide a basis for selecting evaluation strategies via practical tips and tricks that can be easily adopted for evaluation and change projects. In this paper, we propose a holistic quality evaluation approach for usability and user experience (UX), which relies on quality views and strategy patterns. A quality view relates accordingly an entity super-category (e.g., product, system, system in use) with a quality focus (e.g., internal quality, external quality, quality in use). Usability and user experience are higher-level characteristics that should be linked to quality views appropriately. Also quality views support ‘influences’ and ‘depends on’ relationships between them. With a concrete evaluation or change project goal, our approach selects and instantiates a suitable strategy from a set of strategy patterns. Practical use of our approach is demonstrated through the specification and use of a strategy pattern in the evaluation of the Facebook mobile app.Sociedad Argentina de Informática e Investigación Operativa (SADIO

Translating Video Recordings of Mobile App Usages into Replayable Scenarios

Screen recordings of mobile applications are easy to obtain and capture a wealth of information pertinent to software developers (e.g., bugs or feature requests), making them a popular mechanism for crowdsourced app feedback. Thus, these videos are becoming a common artifact that developers must manage. In light of unique mobile development constraints, including swift release cycles and rapidly evolving platforms, automated techniques for analyzing all types of rich software artifacts provide benefit to mobile developers. Unfortunately, automatically analyzing screen recordings presents serious challenges, due to their graphical nature, compared to other types of (textual) artifacts. To address these challenges, this paper introduces V2S, a lightweight, automated approach for translating video recordings of Android app usages into replayable scenarios. V2S is based primarily on computer vision techniques and adapts recent solutions for object detection and image classification to detect and classify user actions captured in a video, and convert these into a replayable test scenario. We performed an extensive evaluation of V2S involving 175 videos depicting 3,534 GUI-based actions collected from users exercising features and reproducing bugs from over 80 popular Android apps. Our results illustrate that V2S can accurately replay scenarios from screen recordings, and is capable of reproducing $\approx$ 89% of our collected videos with minimal overhead. A case study with three industrial partners illustrates the potential usefulness of V2S from the viewpoint of developers.Comment: In proceedings of the 42nd International Conference on Software Engineering (ICSE'20), 13 page

User-Customizable Web Components for Building One-Page Sites

Most of online website builders work by combining and customizing reusable HTML modules. This approach could rise the risk of conflicts among modules. The World Wide Web Consortium (W3C) is writing the specification of Web Components. This standard provides a browser-native solution in order to realize encapsulated Document Object Model (DOM) elements, in which the Cascading Style Sheets (CSS) and JavaScript scope is locally bound and the interaction with the document is strictly designed by the component author. Upon this standard, libraries have been built, Google’s Polymer being an example, which provide a declarative and easy way to realize Components. In this paper, we provide a solution to the module approach limit in website builders by using Web Components as modules that are customizable by the end user. Our approach uses standard web technologies that modern browsers are natively supporting. We describe how a customizable Web Component is designed and how to bind their options with the generator UI. Furthermore, we will show an application of this approach in a Landing Page generator. We demonstrate that the generator could import again the generated HyperText Markup Language (HTML) and edit it, without any intermediary data structure (i.e., eXtensible Markup Language, XML or JavaScript Object Notation, Json). Finally, we outline further future development of this approach