3,151 research outputs found
StoryDroid: Automated Generation of Storyboard for Android Apps
Mobile apps are now ubiquitous. Before developing a new app, the development
team usually endeavors painstaking efforts to review many existing apps with
similar purposes. The review process is crucial in the sense that it reduces
market risks and provides inspiration for app development. However, manual
exploration of hundreds of existing apps by different roles (e.g., product
manager, UI/UX designer, developer) in a development team can be ineffective.
For example, it is difficult to completely explore all the functionalities of
the app in a short period of time. Inspired by the conception of storyboard in
movie production, we propose a system, StoryDroid, to automatically generate
the storyboard for Android apps, and assist different roles to review apps
efficiently. Specifically, StoryDroid extracts the activity transition graph
and leverages static analysis techniques to render UI pages to visualize the
storyboard with the rendered pages. The mapping relations between UI pages and
the corresponding implementation code (e.g., layout code, activity code, and
method hierarchy) are also provided to users. Our comprehensive experiments
unveil that StoryDroid is effective and indeed useful to assist app
development. The outputs of StoryDroid enable several potential applications,
such as the recommendation of UI design and layout code
Recommended from our members
Systems and methods for automated detection of application vulnerabilities
*/Board of Regents, University of Texas Syste
Target Directed Event Sequence Generation for Android Applications
Testing is a commonly used approach to ensure the quality of software, of
which model-based testing is a hot topic to test GUI programs such as Android
applications (apps). Existing approaches mainly either dynamically construct a
model that only contains the GUI information, or build a model in the view of
code that may fail to describe the changes of GUI widgets during runtime.
Besides, most of these models do not support back stack that is a particular
mechanism of Android. Therefore, this paper proposes a model LATTE that is
constructed dynamically with consideration of the view information in the
widgets as well as the back stack, to describe the transition between GUI
widgets. We also propose a label set to link the elements of the LATTE model to
program snippets. The user can define a subset of the label set as a target for
the testing requirements that need to cover some specific parts of the code. To
avoid the state explosion problem during model construction, we introduce a
definition "state similarity" to balance the model accuracy and analysis cost.
Based on this model, a target directed test generation method is presented to
generate event sequences to effectively cover the target. The experiments on
several real-world apps indicate that the generated test cases based on LATTE
can reach a high coverage, and with the model we can generate the event
sequences to cover a given target with short event sequences
Generating Predicate Callback Summaries for the Android Framework
One of the challenges of analyzing, testing and debugging Android apps is
that the potential execution orders of callbacks are missing from the apps'
source code. However, bugs, vulnerabilities and refactoring transformations
have been found to be related to callback sequences. Existing work on control
flow analysis of Android apps have mainly focused on analyzing GUI events. GUI
events, although being a key part of determining control flow of Android apps,
do not offer a complete picture. Our observation is that orthogonal to GUI
events, the Android API calls also play an important role in determining the
order of callbacks. In the past, such control flow information has been modeled
manually. This paper presents a complementary solution of constructing program
paths for Android apps. We proposed a specification technique, called Predicate
Callback Summary (PCS), that represents the callback control flow information
(including callback sequences as well as the conditions under which the
callbacks are invoked) in Android API methods and developed static analysis
techniques to automatically compute and apply such summaries to construct apps'
callback sequences. Our experiments show that by applying PCSs, we are able to
construct Android apps' control flow graphs, including inter-callback
relations, and also to detect infeasible paths involving multiple callbacks.
Such control flow information can help program analysis and testing tools to
report more precise results. Our detailed experimental data is available at:
http://goo.gl/NBPrKsComment: 11 page
Keeping Context In Mind: Automating Mobile App Access Control with User Interface Inspection
Recent studies observe that app foreground is the most striking component
that influences the access control decisions in mobile platform, as users tend
to deny permission requests lacking visible evidence. However, none of the
existing permission models provides a systematic approach that can
automatically answer the question: Is the resource access indicated by app
foreground? In this work, we present the design, implementation, and evaluation
of COSMOS, a context-aware mediation system that bridges the semantic gap
between foreground interaction and background access, in order to protect
system integrity and user privacy. Specifically, COSMOS learns from a large set
of apps with similar functionalities and user interfaces to construct generic
models that detect the outliers at runtime. It can be further customized to
satisfy specific user privacy preference by continuously evolving with user
decisions. Experiments show that COSMOS achieves both high precision and high
recall in detecting malicious requests. We also demonstrate the effectiveness
of COSMOS in capturing specific user preferences using the decisions collected
from 24 users and illustrate that COSMOS can be easily deployed on smartphones
as a real-time guard with a very low performance overhead.Comment: Accepted for publication in IEEE INFOCOM'201
Scene-Driven Exploration and GUI Modeling for Android Apps
Due to the competitive environment, mobile apps are usually produced under
pressure with lots of complicated functionality and UI pages. Therefore, it is
challenging for various roles to design, understand, test, and maintain these
apps. The extracted transition graphs for apps such as ATG, WTG, and STG have a
low transition coverage and coarse-grained granularity, which limits the
existing methods of graphical user interface (GUI) modeling by UI exploration.
To solve these problems, in this paper, we propose SceneDroid, a scene-driven
exploration approach to extracting the GUI scenes dynamically by integrating a
series of novel techniques including smart exploration, state fuzzing, and
indirect launching strategies. We present the GUI scenes as a scene transition
graph (SceneTG) to model the GUI of apps with high transition coverage and
fine? grained granularity. Compared with the existing GUI modeling tools,
SceneDroid has improved by 168.74% in the coverage of transition pairs and
162.42% in scene extraction. Apart from the effectiveness evaluation of
SceneDroid, we also illustrate the future potential of SceneDroid as a
fundamental capability to support app development, reverse engineering, and GUI
regression testing
Automated, Cost-effective, and Update-driven App Testing
Apps' pervasive role in our society led to the definition of test automation
approaches to ensure their dependability. However, state-of-the-art approaches
tend to generate large numbers of test inputs and are unlikely to achieve more
than 50% method coverage. In this paper, we propose a strategy to achieve
significantly higher coverage of the code affected by updates with a much
smaller number of test inputs, thus alleviating the test oracle problem. More
specifically, we present ATUA, a model-based approach that synthesizes App
models with static analysis, integrates a dynamically-refined state abstraction
function and combines complementary testing strategies, including (1) coverage
of the model structure, (2) coverage of the App code, (3) random exploration,
and (4) coverage of dependencies identified through information retrieval. Its
model-based strategy enables ATUA to generate a small set of inputs that
exercise only the code affected by the updates. In turn, this makes common test
oracle solutions more cost-effective as they tend to involve human effort. A
large empirical evaluation, conducted with 72 App versions belonging to nine
popular Android Apps, has shown that ATUA is more effective and less effort
intensive than state-of-the-art approaches when testing App updates
- …