2,272 research outputs found
Keeping Context In Mind: Automating Mobile App Access Control with User Interface Inspection
Recent studies observe that app foreground is the most striking component
that influences the access control decisions in mobile platform, as users tend
to deny permission requests lacking visible evidence. However, none of the
existing permission models provides a systematic approach that can
automatically answer the question: Is the resource access indicated by app
foreground? In this work, we present the design, implementation, and evaluation
of COSMOS, a context-aware mediation system that bridges the semantic gap
between foreground interaction and background access, in order to protect
system integrity and user privacy. Specifically, COSMOS learns from a large set
of apps with similar functionalities and user interfaces to construct generic
models that detect the outliers at runtime. It can be further customized to
satisfy specific user privacy preference by continuously evolving with user
decisions. Experiments show that COSMOS achieves both high precision and high
recall in detecting malicious requests. We also demonstrate the effectiveness
of COSMOS in capturing specific user preferences using the decisions collected
from 24 users and illustrate that COSMOS can be easily deployed on smartphones
as a real-time guard with a very low performance overhead.Comment: Accepted for publication in IEEE INFOCOM'201
Automated Test Input Generation for Android: Are We There Yet?
Mobile applications, often simply called "apps", are increasingly widespread,
and we use them daily to perform a number of activities. Like all software,
apps must be adequately tested to gain confidence that they behave correctly.
Therefore, in recent years, researchers and practitioners alike have begun to
investigate ways to automate apps testing. In particular, because of Android's
open source nature and its large share of the market, a great deal of research
has been performed on input generation techniques for apps that run on the
Android operating systems. At this point in time, there are in fact a number of
such techniques in the literature, which differ in the way they generate
inputs, the strategy they use to explore the behavior of the app under test,
and the specific heuristics they use. To better understand the strengths and
weaknesses of these existing approaches, and get general insight on ways they
could be made more effective, in this paper we perform a thorough comparison of
the main existing test input generation tools for Android. In our comparison,
we evaluate the effectiveness of these tools, and their corresponding
techniques, according to four metrics: code coverage, ability to detect faults,
ability to work on multiple platforms, and ease of use. Our results provide a
clear picture of the state of the art in input generation for Android apps and
identify future research directions that, if suitably investigated, could lead
to more effective and efficient testing tools for Android
Strategy Patterns for Evaluating and Improving Usability
Patterns have had significant impact in many disciplines, particularly in software and web engineering, and we believe that they also provide a basis for selecting evaluation strategies via practical tips and tricks that can be easily adopted for evaluation and change projects. In this paper, we propose a holistic quality evaluation approach for usability and user experience (UX), which relies on quality views and strategy patterns. A quality view relates accordingly an entity super-category (e.g., product, system, system in use) with a quality focus (e.g., internal quality, external quality, quality in use). Usability and user experience are higher-level characteristics that should be linked to quality views appropriately. Also quality views support ‘influences’ and ‘depends on’ relationships between them. With a concrete evaluation or change project goal, our approach selects and instantiates a suitable strategy from a set of strategy patterns. Practical use of our approach is demonstrated through the specification and use of a strategy pattern in the evaluation of the Facebook mobile app.Sociedad Argentina de Informática e Investigación Operativa (SADIO
Strategy Patterns for Evaluating and Improving Usability
Patterns have had significant impact in many disciplines, particularly in software and web engineering, and we believe that they also provide a basis for selecting evaluation strategies via practical tips and tricks that can be easily adopted for evaluation and change projects. In this paper, we propose a holistic quality evaluation approach for usability and user experience (UX), which relies on quality views and strategy patterns. A quality view relates accordingly an entity super-category (e.g., product, system, system in use) with a quality focus (e.g., internal quality, external quality, quality in use). Usability and user experience are higher-level characteristics that should be linked to quality views appropriately. Also quality views support ‘influences’ and ‘depends on’ relationships between them. With a concrete evaluation or change project goal, our approach selects and instantiates a suitable strategy from a set of strategy patterns. Practical use of our approach is demonstrated through the specification and use of a strategy pattern in the evaluation of the Facebook mobile app.Sociedad Argentina de Informática e Investigación Operativa (SADIO
Translating Video Recordings of Mobile App Usages into Replayable Scenarios
Screen recordings of mobile applications are easy to obtain and capture a
wealth of information pertinent to software developers (e.g., bugs or feature
requests), making them a popular mechanism for crowdsourced app feedback. Thus,
these videos are becoming a common artifact that developers must manage. In
light of unique mobile development constraints, including swift release cycles
and rapidly evolving platforms, automated techniques for analyzing all types of
rich software artifacts provide benefit to mobile developers. Unfortunately,
automatically analyzing screen recordings presents serious challenges, due to
their graphical nature, compared to other types of (textual) artifacts. To
address these challenges, this paper introduces V2S, a lightweight, automated
approach for translating video recordings of Android app usages into replayable
scenarios. V2S is based primarily on computer vision techniques and adapts
recent solutions for object detection and image classification to detect and
classify user actions captured in a video, and convert these into a replayable
test scenario. We performed an extensive evaluation of V2S involving 175 videos
depicting 3,534 GUI-based actions collected from users exercising features and
reproducing bugs from over 80 popular Android apps. Our results illustrate that
V2S can accurately replay scenarios from screen recordings, and is capable of
reproducing 89% of our collected videos with minimal overhead. A case
study with three industrial partners illustrates the potential usefulness of
V2S from the viewpoint of developers.Comment: In proceedings of the 42nd International Conference on Software
Engineering (ICSE'20), 13 page
User-Customizable Web Components for Building One-Page Sites
Most of online website builders work by combining and customizing reusable HTML modules. This approach could rise the risk of conflicts among modules. The World Wide Web Consortium (W3C) is writing the specification of
Web Components. This standard provides a browser-native solution in order to realize encapsulated Document Object Model (DOM) elements, in which the Cascading Style Sheets (CSS) and JavaScript scope is locally bound and the interaction with the document is strictly designed by the component author. Upon this standard, libraries have been built, Google’s Polymer being an example, which provide a declarative and easy way to realize Components. In this paper, we provide a solution to the module approach limit in website builders by using Web Components as modules that are customizable by the end user. Our approach uses standard web technologies that modern browsers are natively supporting. We describe how a customizable Web Component is designed and how to bind their options with the generator UI. Furthermore, we will show an application of this approach in a Landing Page generator. We demonstrate that the generator could import again the generated HyperText Markup Language (HTML) and edit it, without any intermediary data structure (i.e., eXtensible Markup
Language, XML or JavaScript Object Notation, Json). Finally, we outline further future development of this approach
- …