research-article

Multiple-entry testing of Android applications by constructing activity launching contexts

Authors:
Jiwei Yan

Univ. of Chinese Academy of Sciences, Beijing, China

Univ. of Chinese Academy of Sciences, Beijing, China
View Profile

,
Hao Liu

Beijing University of Tech., China, Beijing, China

Beijing University of Tech., China, Beijing, China
View Profile

,
Linjie Pan

Univ. of Chinese Academy of Sciences, Beijing, China

Univ. of Chinese Academy of Sciences, Beijing, China
View Profile

,
Jun Yan

Univ. of Chinese Academy of Sciences, Beijing, China

Univ. of Chinese Academy of Sciences, Beijing, China
View Profile

,
Jian Zhang

Univ. of Chinese Academy of Sciences, Beijing, China

Univ. of Chinese Academy of Sciences, Beijing, China
View Profile

,
Bin Liang

Renmin University of China, Beijing, China

Renmin University of China, Beijing, China
View Profile

ICSE '20: Proceedings of the ACM/IEEE 42nd International Conference on Software EngineeringJune 2020Pages 457–468https://doi.org/10.1145/3377811.3380347

Published:01 October 2020Publication History

ICSE '20: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering

Pages 457–468

ABSTRACT

Existing GUI testing approaches of Android apps usually test apps from a single entry. In this way, the marginal activities far away from the default entry are difficult to be covered. The marginal activities may fail to be launched due to requiring a great number of activity transitions or involving complex user operations, leading to uneven coverage on activity components. Besides, since the test space of GUI programs is infinite, it is difficult to test activities under complete launching contexts using single-entry testing approaches.

In this paper, we address these issues by constructing activity launching contexts and proposing a multiple-entry testing framework. We perform an inter-procedural, flow-, context- and path-sensitive analysis to build activity launching models and generate complete launching contexts. By activity exposing and static analysis, we could launch activities directly under various contexts without performing long event sequence on GUI. Besides, to achieve an in-depth exploration, we design an adaptive exploration framework which supports the multiple-entry exploration and dynamically assigns weights to entries in each turn.

Our approach is implemented in a tool called Fax, with an activity launching strategy Fax_la and an exploration strategy Fax_ex. The experiments on 20 real-world apps show that Fax_la can cover 96.4% and successfully launch 60.6% activities, based on which Fax_ex further achieves a relatively 19.7% improvement on method coverage compared with the most popular tool Monkey. Our tool also behaves well in revealing hidden bugs. Fax can trigger over seven hundred unique crashes, including 180 Errors and 539 Warnings, which is significantly higher than those of other tools. Among the 46 bugs reported to developers on Github, 33 have been fixed up to now.

References

ADB shell - Android ADB Commands Manual. 2019. http://adbshell.com/. (2019).Google Scholar
Domenico Amalfitano, Anna Rita Fasolino, Porfirio Tramontana, Salvatore De Carmine, and Atif M. Memon. 2012. Using GUI ripping for automated testing of Android applications. In ASE 2012. 258--261.Google Scholar
Domenico Amalfitano, Anna Rita Fasolino, Porfirio Tramontana, Bryan Dzung Ta, and Atif M. Memon. 2015. MobiGUITAR: Automated Model-Based Testing of Mobile Apps. IEEE Software 32, 5 (2015), 53--59.Google ScholarDigital Library
Saswat Anand, Mayur Naik, Mary Jean Harrold, and Hongseok Yang. 2012. Automated concolic testing of smartphone apps. In SIGSOFT/FSE 2012. 1--11.Google Scholar
Ant. 2019. https://ant.apache.org/. (2019).Google Scholar
Apktool - A tool for reverse engineering. 2019. http://ibotpeaches.github.io/Apktool/. (2019).Google Scholar
Tanzirul Azim and Iulian Neamtiu. 2013. Targeted and depth-first exploration for systematic testing of Android apps. In OOPSLA 2013, part of SPLASH 2013. 641--660.Google ScholarDigital Library
Bundle | Android Developers. 2019. https://developer.android.com/reference/android/os/Bundle.html. (2019).Google Scholar
Wontae Choi, George C. Necula, and Koushik Sen. 2013. Guided GUI testing of Android apps with minimal restart and approximate learning. In OOPSLA 2013, part of SPLASH 2013. 623--640.Google ScholarDigital Library
Shauvik Roy Choudhary, Alessandra Gorla, and Alessandro Orso. 2015. Automated Test Input Generation for Android: Are We There Yet?. In ASE 2015. 429--440.Google ScholarDigital Library
Leonardo Mendonça de Moura and Nikolaj Bjørner. 2008. Z3: An Efficient SMT Solver. In ETAPS 2008. 337--340.Google ScholarCross Ref
F-Droid. 2019. https://f-droid.org/. (2019).Google Scholar
Fax. 2019. https://github.com/hanada31/Fax. (2019).Google Scholar
Xiang Gao, Shin Hwei Tan, Zhen Dong, and Abhik Roychoudhury. 2018. Android testing via synthetic symbolic execution. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, ASE 2018. 419--429.Google ScholarDigital Library
Tianxiao Gu, Chengnian Sun, Xiaoxing Ma, Chun Cao, Chang Xu, Yuan Yao, Qirun Zhang, Jian Lu, and Zhendong Su. 2019. Practical GUI testing of Android applications via model abstraction and refinement. In ICSE 2019. 269--280.Google ScholarDigital Library
Shuai Hao, Bin Liu, Suman Nath, William G. J. Halfond, and Ramesh Govindan. 2014. PUMA: programmable UI-automation for large-scale dynamic analysis of mobile apps. In MobiSys 2014. 204--217.Google ScholarDigital Library
Cuixiong Hu and Iulian Neamtiu. 2011. Automating GUI testing for Android applications. In AST 2011. 77--83.Google ScholarDigital Library
Intent Fuzzer. 2019. https://www.nccgroup.trust/us/our-research/intent-fuzzer/. (2019).Google Scholar
IntentBench. 2019. https://github.com/hanada31/Fax/tree/master/IntentBench. (2019).Google Scholar
Intents and Intent Filters | Android Developers. 2016. https://developer.android.com/guide/components/intents-filters.html. (2016).Google Scholar
Java Path Finder. 2019. http://javapathfinder.sourceforge.net/. (2019).Google Scholar
Casper Svenning Jensen, Mukul R. Prasad, and Anders Møller. 2013. Automated testing with targeted event sequence generation. In ISSTA 2013. 67--77.Google ScholarDigital Library
Jierui Liu, Tianyong Wu, Jun Yan, and Jian Zhang. 2017. InsDal: A safe and extensible instrumentation tool on Dalvik byte-code for Android applications. In IEEE 24th International Conference on Software Analysis, Evolution and Reengineering, SANER 2017. 502--506.Google ScholarCross Ref
Aravind Machiry, Rohan Tahiliani, and Mayur Naik. 2013. Dynodroid: an input generation system for Android apps. In ESEC/FSE 2013. 224--234.Google ScholarDigital Library
Riyadh Mahmood, Naeem Esfahani, Thabet Kacem, Nariman Mirzaei, Sam Malek, and Angelos Stavrou. 2012. A whitebox approach for automated security testing of Android applications on the cloud. In AST 2012. 22--28.Google ScholarCross Ref
Amiya Kumar Maji, Fahad A. Arshad, Saurabh Bagchi, and Jan S. Rellermeyer. 2012. An empirical study of the robustness of Inter-component Communication in Android. In DSN 2012. 1--12.Google Scholar
Ke Mao, Mark Harman, and Yue Jia. 2016. Sapienz: multi-objective automated testing for Android applications. In Proceedings of the 25th International Symposium on Software Testing and Analysis, ISSTA, 2016. 94--105.Google ScholarDigital Library
Nariman Mirzaei, Joshua Garcia, Hamid Bagheri, Alireza Sadeghi, and Sam Malek. 2016. Reducing combinatorics in GUI testing of android applications. In ICSE 2016. 559--570.Google ScholarDigital Library
Monkey. 2019. https://developer.android.com/studio/test/monkey. (2019).Google Scholar
Nielson, Flemming, Hanne R. Nielson, and Chris Hankin. 2015. Principles of program analysis. Springer.Google Scholar
Damien Octeau, Daniel Luchaup, Matthew Dering, Somesh Jha, and Patrick McDaniel. 2015. Composite Constant Propagation: Application to Android Inter-Component Communication Analysis. In ICSE 2015. 77--88.Google ScholarDigital Library
Issuse of AnkiDroid. 2019. https://github.com/ankidroid/Anki-Android/issues/5401. (2019).Google Scholar
Issuse of AntennaPod. 2019. https://github.com/AntennaPod/AntennaPod/issues/3304. (2019).Google Scholar
Issuse of Conversations. 2019. https://github.com/siacs/Conversations/issues/3512. (2019).Google Scholar
Issuse of EteSync. 2019. https://github.com/etesync/android/issues/84. (2019).Google Scholar
Issuse of iNaturalist. 2019. https://github.com/inaturalist/iNaturalistAndroid/issues/684. (2019).Google Scholar
Issuse of K9Mail. 2019. https://github.com/k9mail/k-9/issues/4160. (2019).Google Scholar
Issuse of Padland. 2019. https://github.com/mikifus/padland/issues/54. (2019).Google Scholar
Issuse of PassAndroid. 2019. https://github.com/ligi/PassAndroid/issues/228. (2019).Google Scholar
Issuse of SuntimesWidget. 2019. https://github.com/forrestguice/SuntimesWidget/issues/353. (2019).Google Scholar
Issuse of Synthing. 2019. https://github.com/syncthing/syncthing-android/issues/1382. (2019).Google Scholar
K9Mail on Github. 2019. https://github.com/k9mail/k-9/tree/GH-701_fix_special_use_folders_with_prefix. (2019).Google Scholar
Linjie Pan, Baoquan Cui, Jiwei Yan, Xutong Ma, Jun Yan, and Jian Zhang. 2019. Androlic: an extensible flow, context, object, field, and path-sensitive static analysis framework for Android. In ISSTA 2019. 394--397.Google ScholarDigital Library
Siegfried Rasthofer, Steven Arzt, Stefan Triller, and Michael Pradel. 2017. Making malory behave maliciously: targeted fuzzing of android execution environments. In ICSE 2017. 300--311.Google ScholarDigital Library
Raimondas Sasnauskas and John Regehr. 2014. Intent fuzzer: crafting intents of death. In WODA+PERTEA 2014. 1--5.Google ScholarDigital Library
Soot. 2019. http://www.bodden.de/2008/09/22/soot-intra. (2019).Google Scholar
Java String. 2019. https://docs.oracle.com/javase/8/docs/api/java/lang/String.html. (2019).Google Scholar
Ting Su, Guozhu Meng, Yuting Chen, Ke Wu, Weiming Yang, Yao Yao, Geguang Pu, Yang Liu, and Zhendong Su. 2017. Guided, stochastic model-based GUI testing of Android apps. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, ESEC/FSE, 2017. 245--256.Google ScholarDigital Library
Sutton, Michael, Adam Greene, and Pedram Amini. 2007. Fuzzing: brute force vulnerability discovery. Pearson Education.Google Scholar
Cong Tian, Congli Xia, and Zhenhua Duan. 2018. Android inter-component communication analysis with intent revision. In ICSE 2018. 254--255.Google ScholarDigital Library
IntentFuzzer Tool. 2019. https://github.com/MindMac/IntentFuzzer. (2019).Google Scholar
Heila van der Merwe, Brink van der Merwe, and Willem Visser. 2012. Verifying android applications using Java PathFinder. ACM SIGSOFT Software Engineering Notes 37, 6 (2012), 1--5.Google ScholarDigital Library
Jue Wang, Yanyan Jiang, Chang Xu, Xiaoxing Ma, and Jian Lu. 2019. Automatic test-input generation for Android applications (in Chinese). SCIENCE CHINA Informationis 49, 10 (2019), 1234--1266. Google ScholarCross Ref
Tianyong Wu, Xi Deng, Jun Yan, and Jian Zhang. 2019. Analyses for specific defects in android applications: a survey. Frontiers Comput. Sci. 13, 6 (2019), 1210--1227.Google ScholarDigital Library
Jiwei Yan, Xi Deng, Ping Wang, Tianyong Wu, Jun Yan, and Jian Zhang. 2018. Characterizing and identifying misexposed activities in Android applications. In ASE 2018. 691--701.Google ScholarDigital Library
Kun Yang, Jianwei Zhuge, Yongke Wang, Lujue Zhou, and Hai-Xin Duan. 2014. IntentFuzzer: detecting capability leaks of android applications. In ASIA CCS 2014. 531--536.Google ScholarDigital Library
Shengqian Yang, Hailong Zhang, Haowei Wu, Yan Wang, Dacong Yan, and Atanas Rountev. 2015. Static Window Transition Graphs for Android. In ASE 2015. 658--668.Google Scholar
Wei Yang, Mukul R. Prasad, and Tao Xie. 2013. A Grey-Box Approach for Automated GUI-Model Generation of Mobile Applications. In ETAPS 2013. 250--265.Google ScholarDigital Library
Hui Ye, Shaoyin Cheng, Lanbo Zhang, and Fan Jiang. 2013. DroidFuzzer: Fuzzing the Android Apps with Intent-Filter Tag. In MoMM 2013. 68--74.Google Scholar
Xia Zeng, Dengfeng Li, Wujie Zheng, Fan Xia, Yuetang Deng, Wing Lam, Wei Yang, and Tao Xie. 2016. Automated test input generation for Android: are we really there yet in an industrial case?. In FSE 2016. 987--992.Google ScholarDigital Library
Yunhui Zheng, Xiangyu Zhang, and Vijay Ganesh. 2013. Z3-str: a z3-based string solver for web application analysis. In ESEC/FSE 2013. 114--124.Google ScholarDigital Library

Index Terms

Multiple-entry testing of Android applications by constructing activity launching contexts
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

Systematic Exploration of Android Apps' Events for Automated Testing
MoMM '16: Proceedings of the 14th International Conference on Advances in Mobile Computing and Multi Media

The popularity of mobile devices is ever increasing which led to rapid increase in the development of mobile applications. GUI testing has been an effective means of validating Android apps. However, it still suffers a strong challenge about how to ...
Read More
HybriDroid: static analysis framework for Android hybrid applications
ASE '16: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering

Mobile applications (apps) have long invaded the realm of desktop apps, and hybrid apps become a promising solution for supporting multiple mobile platforms. Providing both platform-specific functionalities via native code like native apps and user ...
Read More
Quantitative Security Risk Assessment of Android Permissions and Applications
DBSec 2013: Proceedings of the 27th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy XXVII - Volume 7964

The booming of the Android platform in recent years has attracted the attention of malware developers. However, the permissions-based model used in Android system to prevent the spread of malware, has shown to be ineffective. In this paper, we propose ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ICSE '20: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering
June 2020
1640 pages
ISBN:9781450371216
DOI:10.1145/3377811
General Chairs:
Gregg Rothermel
North Carolina State University
,
Doo-Hwan Bae
KAIST, South Korea
Copyright © 2020 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 1 October 2020
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Badges
- Artifacts Available / v1.1
Author Tags
Android app
ICC
multiple-entry testing
static analysis
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate276of1,856submissions,15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 21
  Total Citations
  View Citations
- 310
  Total Downloads
- Downloads (Last 12 months)57
- Downloads (Last 6 weeks)4
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Multiple-entry testing of Android applications by constructing activity launching contexts

ICSE '20: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering

ABSTRACT

References

Cited By

Index Terms

Recommendations

Systematic Exploration of Android Apps' Events for Automated Testing

HybriDroid: static analysis framework for Android hybrid applications

Quantitative Security Risk Assessment of Android Permissions and Applications