Smartphone User Privacy Preserving through Crowdsourcing

In current Android architecture, users have to decide whether an app is safe to use or not. Expert users can make savvy decisions to avoid unnecessary private data breach. However, the majority of regular users are not technically capable or do not care to consider privacy implications to make safe decisions. To assist the technically incapable crowd, we propose a permission control framework based on crowdsourcing. At its core, our framework runs new apps under probation mode without granting their permission requests up-front. It provides recommendations on whether to accept or not the permission requests based on decisions from peer expert users. To seek expert users, we propose an expertise rating algorithm using a transitional Bayesian inference model. The recommendation is based on aggregated expert responses and their confidence level. As a complete framework design of the system, this thesis also includes a solution for Android app risks estimation based on behaviour analysis. To eliminate the negative impact from dishonest app owners, we also proposed a bot user detection to make it harder to utilize false recommendations through bot users to impact the overall recommendations. This work also covers a multi-view permission notification design to customize the app safety notification interface based on users\u27 need and an app recommendation method to suggest safe and usable alternative apps to users

Context-Sensitive Code Completion

Developers depend extensively on software frameworks and libraries to deliver the products on time. While these frameworks and libraries support software reuse, save development time, and reduce the possibility of introducing errors, they do not come without a cost. Developers need to learn and remember Application Programming Interfaces (APIs) for effectively using those frameworks and libraries. However, APIs are difficult to learn and use. This is mostly due to APIs being large in number, they may not be properly documented, and finally there exist complex relationships between various classes and methods that make APIs difficult to learn. To support developers using those APIs, this thesis focuses on the code completion feature of modern integrated development environments (IDEs). As a developer types code, a code completion system offers a list of completion proposals through a popup menu to navigate and select. This research aims to improve the current state of code completion systems in discovering APIs. Towards this direction, a case study on tracking source code lines has been conducted to better understand capturing code context and to evaluate the benefits of using the simhash technique. Observations from the study have helped to develop a simple, context-sensitive method call completion technique, called CSCC. The technique is compared with a large number of existing code completion techniques. The notion of context proposed in CSCC can even outweigh graph-based statistical language models. Existing method call completion techniques leave the task of completing method parameters to developers. To address this issue, this thesis has investigated how developers complete method parameters. Based on the analysis, a method parameter completion technique, called PARC, has been developed. To date, the technique supports the largest number of expressions to complete method parameters. The technique has been implemented as an Eclipse plug-in that demonstrates the proof of the concept. To meet application-specific requirements, software frameworks need to be customized via extension points. It was observed that developers often pass a framework related object as an argument to an API call to customize default aspects of application frameworks. To enable such customizations, the object can be created by extending a framework class, implementing an interface, or changing the properties of the object via API calls. However, it is both a common and non-trivial task to find all the details related to the customizations. To address this issue, a technique has been developed, called FEMIR. The technique utilizes partial program analysis and graph mining technique to detect, group, and rank framework extension examples. The tool extends existing code completion infrastructure to inform developers about customization choices, enabling them to browse through extension points of a framework, and frequent usages of each point in terms of code examples. Findings from this research and proposed techniques have the potential to help developers to learn different aspects of APIs, thus ease software development, and improve the productivity of developers

Assisting Developers and Users in Developing and Choosing Efficient Mobile Device Apps

Les applications pour appareils mobiles jouent, de nos jours, un rôle important dans nos vies. Même si la consommation énergétique affecte la durée de vie de la batterie des appareils mobiles et limite l’utilisation des appareils, nous les utilisons presque partout, tout le temps et pour presque tout. Avec la croissance exponentielle du marché des applications pour appareils mobiles, les développeurs ont été témoins d’un changement radical dans le paysage du développement du logiciel. Les applications mobiles présentent de nouveaux défis dans la conception et l’implantation logicielle dus aux contraintes des ressources internes (tel que la batterie, le CPU et la mémoire) et externes (l’utilisation de donnés). Donc, les exigences traditionnelles non-fonctionnelles, tels que la fonctionnalité et la maintenabilité, ont été éclipsées par la performance. Les chercheurs étudient activement le rôle des pratiques de codage sur la consommation énergétique. Cependant, le CPU, la mémoire et les utilisations du réseau sont aussi des mesures importantes pour la performance. Même si le matériel informatique des appareils mobiles s’est beaucoup amélioré dans les dernières années, des nouveaux utilisateurs arrivent, possèdant des appareils bas de gamme avec accès limité aux données. Les développeurs doivent donc gérer les ressources attentivement car les nouveaux marchés possèdent une part importante des nouveaux utilisateurs qui se connectent en ligne pour la première fois. La performance des applications pour les appareils mobiles est donc un sujet très important. Des études récentes suggèrent que les ingénieurs logiciels peuvent aider à réduire la consommation énergétique en tenant compte des impacts de leurs décisions de conception et d’implantation sur l’énergie. Mais les décisions des développeurs ont un impact aussi sur le CPU, la mémoire et l’usage du réseau. Les développeurs doivent aussi prendre en considération la performance au moment d’évoluer le design de l’application des appareils mobiles. Le problème est que les développeurs n’ont pas de soutien pour comprendre l’impact de leurs décisions sur la performance de leurs apps. Ce problème est aussi vrai pour les utilisateurs d’appareils mobiles qui installent des apps en ignorant s’il existe des alternatives plus efficaces. Dans cette dissertation, nous aidons les développeurs et les utilisateurs à connaitre d’avantage l’impact de leurs décisions sur la performance des applications qu’ils développent et qu’ils consomment. Nous voulons aider les développeurs et les utilisateurs à développer et choisir des applications performantes. Nous fournissons des observations, des techniques et des lignes directrices qui aiderons les développeurs à prendre des décisions informées pour améliorer la performance de leurs applications. Nous proposons aussi une approche qui peut servir de complément aux marchés des applications pour appareils mobiles pour qu’ils puissent aider les développeurs et les utilisateurs à chercher des applications efficientes. Notre contribution est un pas précieux vers l’ingénierie de logiciels performants pour les applications des appareils mobiles et un avantage pour les utilisateurs d’appareils mobiles qui veulent utiliser des applications performantes.----------ABSTRACT: Mobile device applications (apps) play nowadays a central role in our life. Although energy consumption affects battery life of mobile devices and limits device use, we use them almost anywhere, all the time, and for almost everything. With the exponential growth of the market of mobile device apps in recent years, developers have witnessed a radical change in the landscape of software development. Mobile apps introduce new challenges in software design and implementation due to the constraints of internal resources (such as battery, CPU, and memory), as well as external resources (as data usage). Thus, traditional non-functional requirements, such as functionality and maintainability, have been overshadowed by performance. Researchers are actively investigating the role of coding practices on energy consumption. However, CPU, memory, and network usages are also important performance metrics. Although the hardware of mobile devices has considerably improved in recent years, emerging market users own low-devices and have limited access to data connection. Therefore, developers should manage resources mindfully because emerging markets own a significant share of the new users coming on-line for the first time. Thus, the performance of mobile device apps is a very important topic. Recent studies suggest that software engineers can help reduce energy consumption by considering the energy impacts of their design and implementation decisions. But developers’decisions also have an impact on CPU, memory, and network usages. So that, developers must take into account performance when evolving the design of mobile device apps. The problem is that mobile device app developers have no support to understand the impact of their decisions on their apps performance. This problem is also true for mobile device users who install apps ignoring if there exist more efficient alternatives. In this dissertation we help developers and users to know more about the impact of their decisions on the performance of apps they develop and consume, respectively. Thus, we want to assist developers and users in developing and choosing, respectively, efficient mobile device apps. We provide observations, techniques, and guidelines to help developers make informed decisions to improve the performance of their apps. We also propose an approach to complement mobile device app marketplaces to assist developers and users to search for efficient apps. Our contribution is a valuable step towards efficient software engineering for mobile device apps and a benefit for mobile device users who want to use efficient apps

Holistic recommender systems for software engineering

The knowledge possessed by developers is often not sufficient to overcome a programming problem. Short of talking to teammates, when available, developers often gather additional knowledge from development artifacts (e.g., project documentation), as well as online resources. The web has become an essential component in the modern developer’s daily life, providing a plethora of information from sources like forums, tutorials, Q&A websites, API documentation, and even video tutorials. Recommender Systems for Software Engineering (RSSE) provide developers with assistance to navigate the information space, automatically suggest useful items, and reduce the time required to locate the needed information. Current RSSEs consider development artifacts as containers of homogeneous information in form of pure text. However, text is a means to represent heterogeneous information provided by, for example, natural language, source code, interchange formats (e.g., XML, JSON), and stack traces. Interpreting the information from a pure textual point of view misses the intrinsic heterogeneity of the artifacts, thus leading to a reductionist approach. We propose the concept of Holistic Recommender Systems for Software Engineering (H-RSSE), i.e., RSSEs that go beyond the textual interpretation of the information contained in development artifacts. Our thesis is that modeling and aggregating information in a holistic fashion enables novel and advanced analyses of development artifacts. To validate our thesis we developed a framework to extract, model and analyze information contained in development artifacts in a reusable meta- information model. We show how RSSEs benefit from a meta-information model, since it enables customized and novel analyses built on top of our framework. The information can be thus reinterpreted from an holistic point of view, preserving its multi-dimensionality, and opening the path towards the concept of holistic recommender systems for software engineering

A Systematic Approach to Benchmark and Improve Automated Static Detection of Java-API Misuses

Today's software industry relies heavily on the reuse of existing software libraries. Such libraries provide the building blocks for modern software products. Reusing them allow developers to focus on innovation, while standing on the shoulders of giants. To use libraries effectively, developers need to know the Application Programming Interfaces (APIs) through which they communicate with the libraries. This includes both the APIs' semantics and the (implicit) usage constraints that come with them. In the face of the rapidly growing and evolving supply of software libraries, this has become a challenging task. As a result, incorrect usages of APIs, or API misuses, are a prevalent cause of software bugs, crashes, and vulnerabilities. In reaction to this problem, researchers have proposed a multitude of developer-assistance tools. One particular class of such tools automates the detection of API misuses in software code. We call these tools API-misuse detectors. Existing misuse detectors address different aspects of API misuse. However, no attempt has been made to systematically define the problem space of API misuse and to assess the prevalence of API misuses compared to other types of bugs. This makes it impossible to judge the relevance of research on API-misuse detection. Moreover, previous empirical evaluations of misuse detectors commonly measure the detectors' precision. However, since the studies use different datasets, it is unclear to which extend the results are comparable. It is also unclear where the detectors make trade-offs between their precision and their recall. In this thesis, we first present a systematic analysis of the problem of API misuse. We find that API misuse causes 9.1% of all software bugs in real-world projects, including many critical issues, such as program crashes, data loss, and security vulnerabilities. Then, we survey the literature to consolidate over a decade of research on API-misuse detection and build MUBench, a public automated benchmark for API-misuse detectors. This enables us to conduct the first-ever qualitative and quantitative comparison of existing misuse detectors. We find that these detectors have the potential to discover many API misuses, but suffer from extremely low precision and recall in practice. Finally, we systematically design MUDetect, a new API-misuse detector that addresses many of the problems of existing detectors. Using MUBench, we demonstrate that MUDetect clearly outperforms existing detectors with respect to both precision and recall. Our results provide strong evidence that, following our systematic approach, we can develop API-misuse detectors that are fit for practical application