Automated Test Input Generation for Android: Are We There Yet?

Mobile applications, often simply called "apps", are increasingly widespread, and we use them daily to perform a number of activities. Like all software, apps must be adequately tested to gain confidence that they behave correctly. Therefore, in recent years, researchers and practitioners alike have begun to investigate ways to automate apps testing. In particular, because of Android's open source nature and its large share of the market, a great deal of research has been performed on input generation techniques for apps that run on the Android operating systems. At this point in time, there are in fact a number of such techniques in the literature, which differ in the way they generate inputs, the strategy they use to explore the behavior of the app under test, and the specific heuristics they use. To better understand the strengths and weaknesses of these existing approaches, and get general insight on ways they could be made more effective, in this paper we perform a thorough comparison of the main existing test input generation tools for Android. In our comparison, we evaluate the effectiveness of these tools, and their corresponding techniques, according to four metrics: code coverage, ability to detect faults, ability to work on multiple platforms, and ease of use. Our results provide a clear picture of the state of the art in input generation for Android apps and identify future research directions that, if suitably investigated, could lead to more effective and efficient testing tools for Android

Environment Modeling Using Runtime Values for JPF-Android

Software applications are developed to be executed in a specific environment. This environment includes external native libraries to add functionality to the application and drivers to fire the application execution. For testing and verification, the environment of an application is simplified abstracted using models or stubs. Empty stubs, returning default values, are simple to generate automatically, but they do not perform well when the application expects specific return values. Symbolic execution is used to find input parameters for drivers and return values for library stubs, but it struggles to detect the values of complex objects. In this work-in-progress paper, we explore an approach to generate drivers and stubs based on values collected during runtime instead of using default values. Entry-points and methods that need to be modeled are instrumented to log their parameters and return values. The instrumented applications are then executed using a driver and instrumented libraries. The values collected during runtime are used to generate driver and stub values on- the-fly that improve coverage during verification by enabling the execution of code that previously crashed or was missed. We are implementing this approach to improve the environment model of JPF-Android, our model checking and analysis tool for Android applications

Security checking experiments with mobile services

In this paper, we continue to investigate th

Towards model checking Android applications

As feature-rich Android applications (apps for short) are increasingly popularized in security-sensitive scenarios, methods to verify their security properties are highly desirable. Existing approaches on verifying Android apps often have limited effectiveness. For instance, static analysis often suffers from a high false-positive rate, whereas approaches based on dynamic testing are limited in coverage. In this work, we propose an alternative approach, which is to apply the software model checking technique to verify Android apps. We have built a general framework named DroidPF upon Java PathFinder (JPF), towards model checking Android apps. In the framework, we craft an executable mock-up Android OS which enables JPF to dynamically explore the concrete state spaces of the tested apps; we construct programs to generate user interaction and environmental input so as to drive the dynamic execution of the apps; and we introduce Android specific reduction techniques to help alleviate the state space explosion. DroidPF focuses on common security vulnerabilities in Android apps including sensitive data leakage involving a non-trivial flow- and context-sensitive taint-style analysis. DroidPF has been evaluated with 131 apps, which include real-world apps, third-party libraries, malware samples and benchmarks for evaluating app analysis techniques like ours. DroidPF precisely identifies nearly all of the previously known security issues and nine previously unreported vulnerabilities/bugs.NRF (Natl Research Foundation, S’pore

Mobile Learning Application with Cloud Computing

This project focuses on the development of M-Learning and Performance Tracking System at university level. The system provides mobility for the University students to do revision through the exercises and perform immediate tracking and analysis on the results. The project also served as a channel for students to access the latest information and news in the industry. The core problems that I had identified before I initiate this project are the immobility and limited features of current learning system which might causing the ineffective of learning among the university student. The inconvenience of the current system also included the trouble in checking their academic performance constantly from time to time. The primary goal of this research is to investigate the acceptability of the university students of m-learning, designing m-learning features that would help students to improve their academic performance, and develop the system which is able to cater the needs and meet the expectation of the students and lecturers. The methodology adapted in this project is phased development methodology that breaks the projects into 3 stages which are development of quizzes, development of performance tracking and last stage is the library function. The process involved planning, analysis, design, and last but not least implementation. As the result at the end of the project, the result found that the project is feasible with high acceptance level from the university students who believe that mobile learning is useful in learning. However more improvement has to be made on the project especially on the performance tracking method. For future development suggestions, we can adopt several methods in knowledge management in performance tracking to provide more accurate suggestions for the students. Cross platform can be achieved by adapting the HTML5 technology into the development. Cloud computing is important for the development of smartphone program with limited memory and capacity ability

Problems and Solutions in Mobile Application Testing

Mobiilirakenduste testimise alaste teadusartiklite arv on viimastel aastatel visalt suurenenud. Samas testivad vähesed mobiilirakendustega tegelevad teadlased oma oletusi ja lahendusi firmades. Selle lõputöö eesmärgiks on pakkuda ülevaade teaduskirjanduses mainitud mobiilirakenduste testimisega seotud probleemidest ja potentsiaalsetest lahendustest ning kõrvutada seda alal igapäevaselt tegutsevate professionaalide arvamusega. Kõigepealt viiakse selle töö käigus läbi teaduskirjanduse uuring probleemide ja potentsiaalsete lahenduste väljaselgitamiseks, misjärel intervjueeritakse kuue mobiilirakenduste testimisega tegeleva firma esindajaid, et välja selgitada, kas kirjelduses esile toodud probleemid on olulised ka tööstuses. Intervjuude tulemusena selgus, et kuigi firmad hindavad probleemide tähtsust väga erinevalt, on siiski olemas mõned võtmeprobleemid, mida peetakse oluliseks nii teaduses kui ka tööstuses. Samas on teaduskirjanduses pakutud lahendused tihti liiga teoreetilised, üldised või vananenud, et firmade esindajatele huvi pakkuda.In recent years the amount of scientific papers published on the topic of mobile applications has significantly increased. However, few researchers test their assumptions and solutions in industry. This thesis aims to provide an overview of what current scientific literature considers problems and potential solutions in mobile application testing, and compare it to opinions of industry professionals. A literature review is performed to extract the list of problems and potential solutions, after which representatives of six Estonian companies involved in the field are interviewed to verify whether the problems and solutions proposed in the literature are relevant for industry. The study reveals that while the relevance of each problem is highly variable from one company to another, there are some key problems that are generally considered vital both by research and industry. However, the solution concepts proposed by scientific literature are often too theoretical, general or outdated to be of much interest to industry professionals