Skip to main content
Log in

Analyses for specific defects in android applications: a survey

  • Review Article
  • Published:
Frontiers of Computer Science Aims and scope Submit manuscript

Abstract

Android applications (APPS) are in widespread use and have enriched our life. To ensure the quality and security of the apps, many approaches have been proposed in recent years for detecting bugs and defects in the apps, of which program analysis is a major one. This paper mainly makes an investigation of existing works on the analysis of Android apps. We summarize the purposes and proposed techniques of existing approaches, and make a taxonomy of these works, based on which we point out the trends and challenges of research in this field. From our survey, we sum up four main findings: (1) program analysis in Android security field has gained particular attention in the past years, the fields of functionality and performance should also gain proper attention; the infrastructure that supports detection of various defects should be enriched to meet the industry’s need; (2) many kinds of defects result from developers’ misunderstanding or misuse of the characteristics and mechanisms in Android system, thus the works that can systematically collect and formalize Android recommendations are in demand; (3) various program analysis approaches with techniques in other fields are applied in analyzing Android apps; however, they can be improved with more precise techniques to be more applicable; (4) The fragmentation and evolution of Android system blocks the usability of existing tools, which should be taken into consideration when developing new approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Zhou Y, Jiang X. Dissecting Android malware: characterization and evolution. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy. 2012, 95–109

    Google Scholar 

  2. McDonnell T, Ray B, Kim M. An empirical study of API stability and adoption in the Android ecosystem. In: Proceedings of the 2013 IEEE International Conference on Software Maintenance. 2013, 70–79

    Google Scholar 

  3. Mirzaei N, Bagheri H, Mahmood R, Malek S. SIG-Droid: automated system input generation for Android applications. In: Proceedings of the 26th IEEE International Symposium on Software Reliability Engineering. 2015, 461–471

    Google Scholar 

  4. Kim J, Yoon Y, Yi K, Shin J. SCANDAL: static analyzer for detecting privacy leaks in Android applications. Mobile Security Technologies, 2012, 12: 110

    Google Scholar 

  5. Arzt S, Rasthofer S, Fritz C, Bodden E, Bartel A, Klein J, Traon Y L, Octeau D, McDaniel P. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In: Proceedings of the 2014 ACM SIGPLAN Conference on Programming Language Design and Implementation. 2014, 259–269

    Google Scholar 

  6. Jin X, Hu X, Ying K, Du W, Yin H, Peri G N. Code injection attacks on HTML5-based mobile apps: characterization, detection and mitigation. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 2014, 66–77

    Google Scholar 

  7. Enck W, Gilbert P, Chun B, Cox LP, Jung J, McDaniel P, Sheth A. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation. 2010, 393–407

    Google Scholar 

  8. Li D, Hao S, Halfond W G J, Govindan R. Calculating source line level energy information for Android applications. In: Proceedings of the 2013 International Symposium on Software Testing and Analysis. 2013, 78–89

    Google Scholar 

  9. Xu G H, Mitchell N, Arnold M, Rountev A, Schonberg E, Sevitsky G. Scalable runtime bloat detection using abstract dynamic slicing. ACM Transactions on Software Engineering Methodology, 2014, 23(3): 23

    Google Scholar 

  10. Azim T, Neamtiu I. Targeted and depth-first exploration for systematic testing of Android apps. In: Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming, Systems, Languages, and Applications. 2013, 641–660

    Google Scholar 

  11. Mirzaei N, Garcia J, Bagheri H, Sadeghi A, Malek S. Reducing combinatorics in GUI testing of Android applications. In: Proceedings of the 38th International Conference on Software Engineering. 2016, 559–570

    Google Scholar 

  12. Octeau D, Jha S, McDaniel P. Retargeting Android applications to Java bytecode. In: Proceedings of the 20th ACM SIGSOFT Symposium on the Foundations of Software Engineering. 2012, 6

    Google Scholar 

  13. Yang S, Zhang H, Wu H, Wang Y, Yan D, Rountev A. Static window transition graphs for Android. In: Proceedings of the 30th IEEE/ACM International Conference on Automated Software Engineering. 2015, 658–668

    Google Scholar 

  14. Yang S, Yan D, Wu H, Wang Y, Rountev A. Static control-flow analysis of user-driven callbacks in Android applications. In: Proceedings of the 37th IEEE/ACM International Conference on Software Engineering. 2015, 89–99

    Google Scholar 

  15. Cao Y, Fratantonio Y, Bianchi A, Egele M, Kruegel C, Vigna G, Chen Y. EdgeMiner: automatically detecting implicit control flow transitions through the Android framework. In: Proceedings of the 22nd Annual Network and Distributed System Security Symposium. 2015

    Google Scholar 

  16. Octeau D, McDaniel P, Jha S, Bartel A, Bodden E, Klein J, Traon Y L. Effective inter-component communication mapping in Android: an essential step towards holistic security analysis. In: Proceedings of the 22nd USENIX Security Symposium. 2013, 543–558

    Google Scholar 

  17. Octeau D, Luchaup D, Dering M, Jha S, McDaniel P. Composite constant propagation: application to Android inter-component communication analysis. In: Proceedings of the 37th IEEE/ACM International Conference on Software Engineering. 2015, 77–88

    Google Scholar 

  18. Octeau D, Luchaup D, Jha S, McDaniel P D. Composite constant propagation and its application to android program analysis. IEEE Transactions on Software Engineering, 2016, 42(11): 999–1014

    Google Scholar 

  19. Octeau D, Jha S, Dering M, McDaniel P D, Bartel A, Li L, Klein J, Traon Y L. Combining static analysis with probabilistic models to enable market-scale Android inter-component analysis. In: Proceedings of the 43rd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. 2016, 469–484

    Google Scholar 

  20. Wei X, Gomez L, Neamtiu I, Faloutsos M. ProfileDroid: multi-layer profiling of Android applications. In: Proceedings of the 18th Annual International Conference onMobile Computing and Networking. 2012, 137–148

    Google Scholar 

  21. Fratantonio Y, Machiry A, Bianchi A, Kruegel C, Vigna G. CLAPP: characterizing loops in Android applications. In: Proceedings of the 10th Joint Meeting on Foundations of Software Engineering. 2015, 687–697

    Google Scholar 

  22. Li D, Lyu Y, Wan M, Halfond W G J. String analysis for Java and Android applications. In: Proceedings of the 10th Joint Meeting on Foundations of Software Engineering. 2015, 661–672

    Google Scholar 

  23. Huang J, Li Z, Xiao X, Wu Z, Lu K, Zhang X, Jiang G. SUPOR: precise and scalable sensitive user input detection for Android apps. In: Proceedings of the 24th USENIX Security Symposium. 2015, 977–992

    Google Scholar 

  24. Nan Y, Yang M, Yang Z, Zhou S, Gu G, Wang X. UIPicker: userinput privacy identification in mobile applications. In: Proceedings of the 24th USENIX Security Symposium. 2015, 993–1008

    Google Scholar 

  25. Rasthofer S, Arzt S, Bodden E. A machine-learning approach for classifying and categorizing Android sources and sinks. In: Proceedings of the 21st Annual Network and Distributed System Security Symposium. 2014

    Google Scholar 

  26. Wei F, Roy S, Ou X, Robby. Amandroid: a precise and general intercomponent data flow analysis framework for security vetting of Android apps. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 2014, 1329–1341

    Google Scholar 

  27. Li L, Bartel A, Bissyandé T F, Klein J, Traon Y L, Arzt S, Rasthofer S, Bodden E, Octeau D, McDaniel P. IccTA: detecting intercomponent privacy leaks in Android apps. In: Proceedings of the 37th IEEE/ACM International Conference on Software Engineering. 2015, 280–291

    Google Scholar 

  28. Gordon M I, Kim D, Perkins J H, Gilham L, Nguyen N, Rinard M C. Information flow analysis of Android applications in droidsafe. In: Proceedings of the 22nd Annual Network and Distributed System Security Symposium. 2015

    Google Scholar 

  29. Huang W, Dong Y, Milanova A, Dolby J. Scalable and precise taint analysis for Android. In: Proceedings of the 2015 International Symposium on Software Testing and Analysis. 2015, 106–117

    Google Scholar 

  30. Lee S, Dolby J, Ryu S. HybriDroid: static analysis framework for Android hybrid applications. In: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering. 2016, 250–261

    Google Scholar 

  31. Hornyack P, Han S, Jung J, Schechter S E, Wetherall D. These aren’t the droids you’re looking for: retrofitting Android to protect data from imperious applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security. 2011, 639–652

    Google Scholar 

  32. Zhang Y, Yang M, Xu B, Yang Z, Gu G, Ning P, Wang X S, Zang B. Vetting undesirable behaviors in Android apps with permission use analysis. In: Proceedings of 2013 ACM SIGSAC Conference on Computer and Communications Security. 2013, 611–622

    Google Scholar 

  33. Yan L, Yin H. DroidScope: seamlessly reconstructing the OS and dalvik semantic views for dynamic Android malware analysis. In: Proceedings of the 21st USENIX Security Symposium. 2012, 569–584

    Google Scholar 

  34. Sun M, Wei T, Lui J. TaintART: a practical multi-level informationflow tracking system for Android runtime. In: Proceedings of 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016, 331–342

    Google Scholar 

  35. You W, Liang B, Shi W, Zhu S, Wang P, Xie S, Zhang X. Reference hijacking: patching, protecting and analyzing on unmodified and non-rooted Android devices. In: Proceedings of the 38th International Conference on Software Engineering. 2016, 959–970

    Google Scholar 

  36. Feng Y, Anand S, Dillig I, Aiken A. Apposcopy: semantics-based detection of Android malware through static analysis. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. 2014, 576–587

    Google Scholar 

  37. Avdiienko V, Kuznetsov K, Gorla A, Zeller A, Arzt S, Rasthofer S, Bodden E. Mining apps for abnormal usage of sensitive data. In: Proceedings of the 37th IEEE/ACM International Conference on Software Engineering. 2015, 426–436

    Google Scholar 

  38. Wu S, Wang P, Li X, Zhang Y. Effective detection of Android malware based on the usage of data flow APIs and machine learning. Information & Software Technology, 2016, 75:17–25

    Google Scholar 

  39. Yang W, Xiao X, Andow B, Li S, Xie T, Enck W. AppContext: differentiating malicious and benign mobile app behaviors using context. In: Proceedings of the 37th IEEE/ACM International Conference on Software Engineering. 2015, 303–313

    Google Scholar 

  40. Fan M, Liu J, Luo X, Chen K, Chen T, Tian Z, Zhang X, Zheng Q, Liu T. Frequent subgraph based familial classification of android malware. In: Proceedings of the IEEE International Symposium on Software Reliability Engineering. 2016, 24–35

    Google Scholar 

  41. Xu H, Zhou Y, Gao C, Kang Y, Lyu MR. SpyAware: investigating the privacy leakage signatures in app execution traces. In: Proceedings of the 26th IEEE International Symposium on Software Reliability Engineering. 2015, 348–358

    Google Scholar 

  42. Huang J, Zhang X, Tan L, Wang P, Liang B. AsDroid: detecting stealthy behaviors in Android applications by user interface and program behavior contradiction. In: Proceedings of the 36th International Conference on Software Engineering. 2014, 1036–1046

    Google Scholar 

  43. Slavin R, Wang X, Hosseini M B, Hester J, Krishnan R, Bhatia J, Breaux T D, Niu J. Toward a framework for detecting privacy policy violations in Android application code. In: Proceedings of the 38th International Conference on Software Engineering. 2016, 25–36

    Google Scholar 

  44. Felt A P, Chin E, Hanna S, Song D, Wagner D. Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security. 2011, 627–638

    Google Scholar 

  45. Bartel A, Klein J, Monperrus M, Traon Y L. Static analysis for extracting permission checks of a large scale framework: the challenges and solutions for analyzing Android. IEEE Transactions on Software Engineering, 2014, 40(6): 617–632

    Google Scholar 

  46. Pandita R, Xiao X, Yang W, Enck W, Xie T. WHYPER: towards automating risk assessment of mobile applications. In: Proceedings of the 22nd USENIX Security Symposium. 2013, 527–542

    Google Scholar 

  47. Qu Z, Rastogi V, Zhang X, Chen Y, Zhu T, Chen Z. AutoCog: measuring the description-to-permission fidelity in Android applications. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. 2014, 1354–1365

    Google Scholar 

  48. Xu W, Zhang F, Zhu S. Permlyzer: analyzing permission usage in Android applications. In: Proceedings of the 24th IEEE International Symposium on Software Reliability Engineering. 2013, 400–410

    Google Scholar 

  49. Felt A P, Wang H J, Moshchuk A, Hanna S, Chin E. Permission re-delegation: attacks and defenses. In: Proceedings of the 20th USENIX Security Symposium. 2011

    Google Scholar 

  50. Bagheri H, Sadeghi A, Garcia J, Malek S. COVERT: compositional analysis of Android inter-app permission leakage. IEEE Transactions on Software Engineering, 2015, 41(9): 866–886

    Google Scholar 

  51. Grace M C, Zhou Y, Wang Z, Jiang X. Systematic detection of capability leaks in stock Android smartphones. In: Proceedings of the 19th Annual Network and Distributed System Security Symposium. 2012

    Google Scholar 

  52. Lu L, Li Z, Wu Z, Lee W, Jiang G. CHEX: statically vetting Android apps for component hijacking vulnerabilities. In: Proceedings of the ACM Conference on Computer and Communications Security. 2012, 229–240

    Google Scholar 

  53. Zhang M, Yin H. AppSealer: automatic generation of vulnerabilityspecific patches for preventing component hijacking attacks in Android applications. In: Proceedings of the 21st Annual Network and Distributed System Security Symposium. 2014

    Google Scholar 

  54. Shao Y, Ott J, Jia Y J, Qian Z, Mao Z M. The misuse of Android unix domain sockets and security implications. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016, 80–91

    Google Scholar 

  55. Chin E, Felt A P, Greenwood K, Wagner D. Analyzing interapplication communication in Android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services. 2011, 239–252

    Google Scholar 

  56. Hay R, Tripp O, Pistoia M. Dynamic detection of inter-application communication vulnerabilities in Android. In: Proceedings of the 2015 International Symposium on Software Testing and Analysis. 2015, 118–128

    Google Scholar 

  57. Gibler C, Stevens R, Crussell J, Chen H, Zang H, Choi H. AdRob: examining the landscape and impact of Android application plagiarism. In: Proceedings of the 11st Annual International Conference on Mobile Systems, Applications, and Services. 2013, 431–444

    Google Scholar 

  58. Chen K, Liu P, Zhang Y. Achieving accuracy and scalability simultaneously in detecting application clones on Android markets. In: Proceedings of the 36th International Conference on Software Engineering. 2014, 175–186

    Google Scholar 

  59. Wang H, Guo Y, Ma Z, Chen X. WuKong: a scalable and accurate two-phase approach to Android app clone detection. In: Proceedings of the 2015 International Symposium on Software Testing and Analysis. 2015, 71–82

    Google Scholar 

  60. Yuan Y, Guo Y. Boreas: an accurate and scalable token-based approach to code clone detection. In: Proceedings of the IEEE/ACM International Conference on Automated Software Engineering. 2012, 286–289

    Google Scholar 

  61. Gui J, McIlroy S, Nagappan M, Halfond W G J. Truth in advertising: the hidden cost of mobile ads for software developers. In: Proceedings of the 37th IEEE/ACM International Conference on Software Engineering. 2015, 100–110

    Google Scholar 

  62. Crussell J, Stevens R, Chen H. Madfraud: investigating ad fraud in Android applications. In: Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services. 2014, 123–134

    Google Scholar 

  63. Poeplau S, Fratantonio Y, Bianchi A, Kruegel C, Vigna G. Execute this! analyzing unsafe and malicious dynamic code loading in Android applications. In: Proceedings of the 21st Annual Network and Distributed System Security Symposium. 2014

    Google Scholar 

  64. Machiry A, Tahiliani R, Naik M. Dynodroid: an input generation system for Android apps. In: Proceedings of the 2013 Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering. 2013, 224–234

    Google Scholar 

  65. Hao S, Liu B, Nath S, Halfond W G J, Govindan R. PUMA: programmable UI-automation for large-scale dynamic analysis of mobile apps. In: Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services. 2014, 204–217

    Google Scholar 

  66. Choi W, Necula G C, Sen K. Guided GUI testing of Android apps with minimal restart and approximate learning. In: Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages and Applications. 2013, 623–640

    Google Scholar 

  67. Anand S, Naik M, Harrold M J, Yang H. Automated concolic testing of smartphone apps. In: Proceedings of the 20th ACM SIGSOFT Symposium on the Foundations of Software Engineering. 2012, 59

    Google Scholar 

  68. Baek Y M, Bae D. Automated model-based Android GUI testing using multi-level GUI comparison criteria. In: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering. 2016, 238–249

    Google Scholar 

  69. Pasareanu C S, Visser W, Bushnell D H, Geldenhuys J, Mehlitz P C, Rungta N. Symbolic pathfinder: integrating symbolic execution with model checking for Java bytecode analysis. Automated Software Engineering, 2013, 20(3): 391–425

    Google Scholar 

  70. Visser W, Pasareanu C S, Khurshid S. Test input generation with Java PathFinder. In: Proceedings of the ACM/SIGSOFT International Symposium on Software Testing and Analysis. 2004, 97–107

    Google Scholar 

  71. Jensen C S, Prasad M R, Møller A. Automated testing with targeted event sequence generation. In: Proceedings of the 2013 International Symposium on Software Testing and Analysis. 2013, 67–77

    Google Scholar 

  72. Mahmood R, Mirzaei N, Malek S. EvoDroid: segmented evolutionary testing of Android apps. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. 2014, 599–609

    Google Scholar 

  73. Mao K, Harman M, Jia Y. Sapienz: multi-objective automated testing for Android applications. In: Proceedings of the 25th International Symposium on Software Testing and Analysis. 2016, 94–105

    Google Scholar 

  74. Harman M, Mansouri A, Zhang Y. Search based software engineering: trends, techniques and applications. ACM Computing Surveys, 2012, 45: 11:1–11:61

    Google Scholar 

  75. Liang C M, Lane N D, Brouwers N, Zhang L, Karlsson B, Liu H, Liu Y, Tang J, Shan X, Chandra R, Zhao F. Caiipa: automated largescale mobile app testing through contextual fuzzing. In: Proceedings of the 20th Annual International Conference on Mobile Computing and Networking. 2014, 519–530

    Google Scholar 

  76. Payet É, Spoto F. Static analysis of Android programs. In: Information & Software Technology, 2012, 54(11): 1192–1201

    Google Scholar 

  77. Cousot P, Cousot R. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the 4th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. 1977, 238–252

    Google Scholar 

  78. Maiya P, Kanade A, Majumdar R. Race detection for Android applications. In: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation. 2014, 316–325

    Google Scholar 

  79. Bielik P, Raychev V, Vechev M T. Scalable race detection for Android applications. In: Proceedings of the 2015 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications. 2015, 332–348

    Google Scholar 

  80. Hsiao C, Pereira C, Yu J, Pokam G, Narayanasamy S, Chen P M, Kong Z, Flinn J. Race detection for event-driven mobile applications. In: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation. 2014, 326–336

    Google Scholar 

  81. Hu Y, Neamtiu I, Alavi A. Automatically verifying and reproducing event-based races in Android apps. In: Proceedings of the 25th International Symposium on Software Testing and Analysis. 2016, 377–388

    Google Scholar 

  82. Shan Z, Azim T, Neamtiu I. Finding resume and restart errors in Android applications. In: Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications. 2016, 864–880

    Google Scholar 

  83. Wei L, Liu Y, Cheung S. Taming Android fragmentation: characterizing and detecting compatibility issues for Android apps. In: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering. 2016, 226–237

    Google Scholar 

  84. Liu Y, Xu C, Cheung S. Characterizing and detecting performance bugs for smartphone applications. In: Proceedings of the 36th International Conference on Software Engineering. 2014, 1013–1024

    Google Scholar 

  85. Kang Y, Zhou Y, Gao M, Sun Y, Lyu M R. Experience report: detecting poor-responsive UI in android applications. In: Proceedings of the IEEE International Symposium on Software Reliability Engineering. 2016, 490–501

    Google Scholar 

  86. Kang Y, Zhou Y, Xu H, Lyu M R. DiagDroid: Android performance diagnosis via anatomizing asynchronous executions. In: Proceedings of the 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering. 2016, 410–421

    Google Scholar 

  87. Lin Y, Okur S, Dig D. Study and refactoring of Android asynchronous programming. In: Proceedings of the 30th IEEE/ACM International Conference on Automated Software Engineering. 2015, 224–235

    Google Scholar 

  88. Lin Y, Radoi C, Dig D. Retrofitting concurrency for Android applications through refactoring. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. 2014, 341–352

    Google Scholar 

  89. Zhang Y, Huang G, Liu X, Zhang W, Mei H, Yang S. Refactoring Android Java code for on-demand computation offloading. In: Proceedings of the 27th Annual ACM SIGPLAN Conference on Object- Oriented Programming, Systems, Languages, and Applications. 2012, 233–248

    Google Scholar 

  90. Yan D, Yang S, Rountev A. Systematic testing for resource leaks in Android applications. In: Proceedings of the 24th IEEE International Symposium on Software Reliability Engineering. 2013, 411–420

    Google Scholar 

  91. Guo C, Zhang J, Yan J, Zhang Z, Zhang Y. Characterizing and detecting resource leaks in Android applications. In: Proceedings of the 28th IEEE/ACM International Conference on Automated Software Engineering. 2013, 389–398

    Google Scholar 

  92. Wu T, Liu J, Xu Z, Guo C, Zhang Y, Yan J, Zhang J. Lightweight, inter-procedural and callback-aware resource leak detection for Android apps. IEEE Transactions on Software Engineering, 2016, 42(11): 1054–1076

    Google Scholar 

  93. Liu J, Wu T, Yan J, Zhang J. Fixing resource leaks in Android apps with light-weight static analysis and low-overhead instrumentation. In: Proceedings of the 27th IEEE International Symposium on Software Reliability Engineering. 2016, 342–352

    Google Scholar 

  94. Banerjee A, Chong L K, Chattopadhyay S, Roychoudhury A. Detecting energy bugs and hotspots in mobile apps. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. 2014, 588–598

    Google Scholar 

  95. Pathak A, Jindal A, Hu Y C, Midkiff S P. What is keeping my phone awake?: characterizing and detecting no-sleep energy bugs in smartphone apps. In: Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services. 2012, 267–280

    Google Scholar 

  96. Liu Y, Xu C, Cheung S, Terragni V. Understanding and detecting wake lock misuses for Android applications. In: Proceedings of the 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering. 2016, 396–409

    Google Scholar 

  97. Liu Y, Xu C, Cheung S, Lu J. Greendroid: automated diagnosis of energy inefficiency for smartphone applications. IEEE Transactions on Software Engineering, 2014, 40(9): 911–940

    Google Scholar 

  98. Hao S, Li D, Halfond W G J, Govindan R. Estimating mobile application energy consumption using program analysis. In: Proceedings of the 35th International Conference on Software Engineering. 2013, 92–101

    Google Scholar 

  99. Li D, Lyu Y, Gui J, Halfond W G J. Automated energy optimization of HTTP requests for mobile applications. In: Proceedings of the 38th International Conference on Software Engineering. 2016, 249–260

    Google Scholar 

  100. Yang Z, Yang M, Zhang Y, Gu G, Ning P, Wang X S. AppIntent: analyzing sensitive data transmission in Android for privacy leakage detection. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. 2013, 1043–1054

    Google Scholar 

  101. Haris M, Haddadi H, Hui P. Privacy leakage in mobile computing: tools, methods, and characteristics. 2014, arXiv preprint arXiv:1410.4978

    Google Scholar 

  102. Choudhary S R, Gorla A, Orso A. Automated test input generation for Android: are we there yet? In: Proceedings of the 30th IEEE/ACM International Conference on Automated Software Engineering. 2015, 429–440

    Google Scholar 

  103. Martin W, Sarro F, Jia Y, Zhang Y, Harman M. A survey of app store analysis for software engineering. IEEE Transactions on Software Engineering, 2017, 43(9): 817–847

    Google Scholar 

  104. Sufatrio, Tan D J J, Chua T, Thing V L L. Securing Android: a survey, taxonomy, and challenges. ACMComputing Surveys, 2015, 47(4): 58

    Google Scholar 

  105. Li L, Bissyandé T F, Papadakis M, Rasthofer S, Bartel A, Octeau D, Klein J, Traon Y L. Static analysis of Android apps: a systematic literature review. Information & Software Technology, 2017, 88: 67–95

    Google Scholar 

  106. Sadeghi A, Bagheri H, Garcia J, Malek S. A taxonomy and qualitative comparison of program analysis techniques for security assessment of android software. IEEE Transactions on Software Engineering, 2017, 43(6): 492–530

    Google Scholar 

Download references

Acknowledgements

The authors would like to thank the anonymous reviewers for their helpful comments and suggestions. This work was supported by the National Natural Science Foundation of China (Grant No. 61672505), the National Key Basic Research (973) Program of China (2014CB340701), and Key Research Program of Frontier Sciences, Chinese of Academy Sciences (QYZDJ-SSW-JSC036).

Author information

Authors and Affiliations

Authors

Corresponding authors

Correspondence to Xi Deng or Jun Yan.

Additional information

Tianyong Wu received his BS and PhD degrees from Xiamen University (XMU), China in 2011 and University of Chinese Academy of Sciences (UCAS), China in 2017, respectively, China. His research interests include software test generation and static analysis.

Xi Deng received the BS degree from Wuhan University, China in 2015. She is currently working toward the PhD degree at the University of Chinese Academy of Sciences, China. Her research interests include software testing and static analysis.

Jun Yan received his BS degree from University of Science and Technology of China (USTC), China in 2001 and his PhD degree from University of Chinese Academy of Science (UCAS), China in 2007, respectively. He is now an associate research professor at Institute of Software, Chinese Academy of Sciences (ISCAS), China. His research interests include program analysis and software testing. He is a senior member of China Computer Federation (CCF).

Jian Zhang is a research professor at the Institute of Software, Chinese Academy of Sciences (ISCAS), China. His main research interests include automated reasoning, constraint satisfaction, program analysis and software testing. He has served on the program committee of about 70 international conferences. He also serves on the editorial boards of several journals including Frontiers of Computer Science, Journal of Computer Science and Technology, IEEE Transactions on Reliability. He is a senior member of ACM, the IEEE, and a distinguished member of China Computer Federation (CCF).

Electronic supplementary material

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wu, T., Deng, X., Yan, J. et al. Analyses for specific defects in android applications: a survey. Front. Comput. Sci. 13, 1210–1227 (2019). https://doi.org/10.1007/s11704-018-7008-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11704-018-7008-1

Keywords

Navigation