Shuaihao Yang
ABSTRACT
The Android runtime permission model allows users to grant and revoke permissions at runtime. To verify the robustness of apps, developers have to test the apps repeatedly under a wide range of permission combinations, which is time-consuming and unsuited for regression testing. Existing app testing techniques are of limited help in this context, as they seldom consider different permission combinations explicitly. To address this issue, we present PermDroid to automatically test the permission-related behaviour of apps with permissions granted/revoked dynamically. PermDroid first statically constructs a state transition graph (STG) for the app; it then utilizes the STG for the permission-directed exploration to test permission-related behaviour only under the combinations of the relevant permissions. The experimental results on 50 real-world Android apps demonstrate the effectiveness and efficiency of PermDroid: the average permission-related API invocation coverage achieves 72.38% in 10 minutes, and seven permission-related bugs are uncovered, six of which are not detected by the competitors.
- Domenico Amalfitano, Anna Rita Fasolino, and Porfirio Tramontana. 2012. A GUI Crawling-Based Technique for Android Mobile Application Testing. In Proceedings of the 4th IEEE International Conference on Software Testing, Verification and Validation, ICST’12, Berlin, Germany, 21-25 March, Workshop Proceedings. IEEE, 252–261. https://doi.org/10.1109/ICSTW.2011.77
Google Scholar
Digital Library
- Domenico Amalfitano, Anna Rita Fasolino, Porfirio Tramontana, Salvatore De Carmine, and Atif M. Memon. 2012. Using GUI ripping for automated testing of Android applications. In Proceedings of the IEEE/ACM International Conference on Automated Software Engineering, ASE’12, Essen, Germany, September 3-7. ACM, 258–261. https://doi.org/10.1145/2351676.2351717
Google ScholarDigital Library
- Domenico Amalfitano, Anna Rita Fasolino, Porfirio Tramontana, Bryan Dzung Ta, and Atif M. Memon. 2015. MobiGUITAR: Automated Model-Based Testing of Mobile Apps. IEEE Softw., 32, 5 (2015), 53–59. https://doi.org/10.1109/MS.2014.55
Google ScholarDigital Library
- Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick D. McDaniel. 2014. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI’14, Edinburgh, United Kingdom - June 09 - 11. ACM, 259–269. https://doi.org/10.1145/2594291.2594299
Google ScholarDigital Library
- Kathy Wain Yee Au, Yi Fan Zhou, Zhen Huang, and David Lie. 2012. PScout: analyzing the Android permission specification. In Proceedings of the ACM Conference on Computer and Communications Security, CCS’12, Raleigh, NC, USA, October 16-18. ACM, 217–228. https://doi.org/10.1145/2382196.2382222
Google ScholarDigital Library
- Tanzirul Azim and Iulian Neamtiu. 2013. Targeted and depth-first exploration for systematic testing of android apps. In Proceedings of the ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications, OOPSLA’13, part of SPLASH’13, Indianapolis, IN, USA, October 26-31. ACM, 641–660. https://doi.org/10.1145/2509136.2509549
Google ScholarDigital Library
- Michael Backes, Sven Bugiel, Erik Derr, Patrick D. McDaniel, Damien Octeau, and Sebastian Weisgerber. 2016. On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis. In Proceedings of the 25th USENIX Security Symposium, USENIX Security’16, Austin, TX, USA, August 10-12. USENIX Association, 1101–1118. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/backes_android
Google Scholar
- David Barrera, Hilmi Günes Kayacik, Paul C. van Oorschot, and Anil Somayaji. 2010. A methodology for empirical analysis of permission-based security models and its application to android. In Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS’10, Chicago, Illinois, USA, October 4-8. ACM, 73–84. https://doi.org/10.1145/1866307.1866317
Google ScholarDigital Library
- Alexandre Bartel, Jacques Klein, Martin Monperrus, and Yves Le Traon. 2014. Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges and Solutions for Analyzing Android. IEEE Trans. Software Eng., 40, 6 (2014), 617–632. https://doi.org/10.1109/TSE.2014.2322867
Google ScholarCross Ref
- Kevin Benton, L. Jean Camp, and Vaibhav Garg. 2013. Studying the effectiveness of android application permissions requests. In Proceedings of the IEEE International Conference on Pervasive Computing and Communications Workshops, PERCOM’13 Workshops, San Diego, CA, USA, March 18-22. IEEE, 291–296. https://doi.org/10.1109/PerComW.2013.6529497
Google ScholarCross Ref
- Sen Chen, Lingling Fan, Chunyang Chen, Ting Su, Wenhe Li, Yang Liu, and Lihua Xu. 2019. StoryDroid: automated generation of storyboard for Android apps. In Proceedings of the 41st International Conference on Software Engineering, ICSE’19, Montreal, QC, Canada, May 25-31. IEEE/ACM, 596–607. https://doi.org/10.1109/ICSE.2019.00070
Google ScholarDigital Library
- Wontae Choi, George C. Necula, and Koushik Sen. 2013. Guided GUI testing of android apps with minimal restart and approximate learning. In Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages & Applications, OOPSLA’13, part of SPLASH, Indianapolis, IN, USA, October 26-31. ACM, 623–640. https://doi.org/10.1145/2509136.2509552
Google ScholarDigital Library
- Shauvik Roy Choudhary, Alessandra Gorla, and Alessandro Orso. 2015. Automated Test Input Generation for Android: Are We There Yet? (E). In Proceedings of the 30th IEEE/ACM International Conference on Automated Software Engineering, ASE’15, Lincoln, NE, USA, November 9-13. IEEE, 429–440. https://doi.org/10.1109/ASE.2015.89
Google ScholarDigital Library
- Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, and Marcel Winandy. 2010. Privilege Escalation Attacks on Android. In Proceedings of the Information Security - 13th International Conference, ISC’10, Boca Raton, FL, USA, October 25-28, Revised Selected Papers (Lecture Notes in Computer Science, Vol. 6531). Springer, 346–360. https://doi.org/10.1007/978-3-642-18178-8_30
Google ScholarCross Ref
- Michael Dietz, Shashi Shekhar, Yuliy Pisetsky, Anhei Shu, and Dan S. Wallach. [n.d.]. QUIRE: Lightweight Provenance for Smart Phone Operating Systems. In Proceedings of the 20th USENIX Security Symposium, USENIX Security’11, San Francisco, CA, USA, August 8-12, publisher = USENIX Association, year = 2011, url = http://static.usenix.org/events/sec11/tech/full_papers/Dietz7-26-11.pdf.
Google Scholar
- Lingling Fan, Ting Su, Sen Chen, Guozhu Meng, Yang Liu, Lihua Xu, and Geguang Pu. 2018. Efficiently manifesting asynchronous programming errors in Android apps. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, ASE’18, Montpellier, France, September 3-7. ACM, 486–497. https://doi.org/10.1145/3238147.3238170
Google ScholarDigital Library
- Fausto Fasano, Fabio Martinelli, Francesco Mercaldo, and Antonella Santone. 2020. Android Run-time Permission Exploitation User Awareness by Means of Formal Methods. In Proceedings of the 6th International Conference on Information Systems Security and Privacy, ICISSP’20, Valletta, Malta, February 25-27. SCITEPRESS, 804–814. https://doi.org/10.5220/0009372308040814
Google ScholarCross Ref
- Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, and David A. Wagner. 2011. Android permissions demystified. In Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS’11, Chicago, Illinois, USA, October 17-21. ACM, 627–638. https://doi.org/10.1145/2046707.2046779
Google ScholarDigital Library
- Adrienne Porter Felt, Kate Greenwood, and David A. Wagner. 2011. The Effectiveness of Application Permissions. In Proceedings of the 2nd USENIX Conference on Web Application Development, WebApps’11, Portland, Oregon, USA, June 15-16. USENIX Association. https://www.usenix.org/conference/webapps11/effectiveness-application-permissions
Google Scholar
- Adrienne Porter Felt, Helen J. Wang, Alexander Moshchuk, Steve Hanna, and Erika Chin. 2011. Permission Re-Delegation: Attacks and Defenses. In Proceedings of the 20th USENIX Security Symposium, USENIX Security’11, San Francisco, CA, USA, August 8-12. USENIX Association. http://static.usenix.org/events/sec11/tech/full_papers/Felt.pdf
Google ScholarDigital Library
- Google. 2020. The Monkey UI Android testing tool. [Online]. Available: http://developer.android.com/tools/help/monkey.html
Google Scholar
- Google. 2021. Android Debug Bridge. [Online]. Available: https://developer.android.com/studio/command-line/adb
Google Scholar
- Google. 2021. Android permission model. [Online]. Available: https://developer.android.com/guide/topics/permissions/overview
Google Scholar
- Google. 2021. Android Permissions best practices. [Online]. Available: https://developer.android.com/training/permissions/usage-notes
Google Scholar
- Google. 2021. UIAutomator. [Online]. Available: https://developer.android.com/training/testing/ui-automator
Google Scholar
- Tianxiao Gu, Chengnian Sun, Xiaoxing Ma, Chun Cao, Chang Xu, Yuan Yao, Qirun Zhang, Jian Lu, and Zhendong Su. 2019. Practical GUI testing of Android applications via model abstraction and refinement. In Proceedings of the 41st International Conference on Software Engineering, ICSE’19, Montreal, QC, Canada, May 25-31. IEEE/ACM, 269–280. https://doi.org/10.1109/ICSE.2019.00042
Google ScholarDigital Library
- Wunan Guo, Liwei Shen, Ting Su, Xin Peng, and Weiyang Xie. 2020. Improving Automated GUI Exploration of Android Apps via Static Dependency Analysis. In Proceedings of the IEEE International Conference on Software Maintenance and Evolution, ICSME’20, Adelaide, Australia, September 28 - October 2. IEEE, 557–568. https://doi.org/10.1109/ICSME46990.2020.00059
Google ScholarCross Ref
- Shuai Hao, Bin Liu, Suman Nath, William G. J. Halfond, and Ramesh Govindan. 2014. PUMA: programmable UI-automation for large-scale dynamic analysis of mobile apps. In Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services, MobiSys’14, Bretton Woods, NH, USA, June 16-19. ACM, 204–217. https://doi.org/10.1145/2594368.2594390
Google ScholarDigital Library
- Shashank Holavanalli, Don Manuel, Vishwas Nanjundaswamy, Brian Rosenberg, Feng Shen, Steven Y. Ko, and Lukasz Ziarek. 2013. Flow Permissions for Android. In Proceedings of the 28th IEEE/ACM International Conference on Automated Software Engineering, ASE’13, Silicon Valley, CA, USA, November 11-15. IEEE, 652–657. https://doi.org/10.1109/ASE.2013.6693128
Google ScholarDigital Library
- Cuixiong Hu and Iulian Neamtiu. 2011. Automating GUI testing for Android applications. In Proceedings of the 6th International Workshop on Automation of Software Test, AST’11, Waikiki, Honolulu, HI, USA, May 23-24. ACM, 77–83. https://doi.org/10.1145/1982595.1982612
Google ScholarDigital Library
- Jianmeng Huang, Wenchao Huang, Fuyou Miao, and Yan Xiong. 2020. Detecting Improper Behaviors of Stubbornly Requesting Permissions in Android Applications. Int. J. Netw. Secur., 22, 3 (2020), 381–391. http://ijns.jalaxy.com.tw/contents/ijns-v22-n3/ijns-2020-v22-n3-p381-391.pdf
Google Scholar
- iSECpartners. 2009. Intnet fuzzer. [Online]. https://www.isecpartners.com/tools/mobile-security/intent-fuzzer.aspx
Google Scholar
- Md Yasser Karim, Huzefa H. Kagdi, and Massimiliano Di Penta. 2016. Mining Android Apps to Recommend Permissions. In Proceedings of the IEEE International Conference on Software Analysis, Evolution, and Reengineering, SANER’16, Osaka, Japan, March 14-18. IEEE, 427–437. https://doi.org/10.1109/SANER.2016.74
Google ScholarCross Ref
- Duling Lai and Julia Rubin. 2019. Goal-Driven Exploration for Android Applications. In Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering, ASE’19, San Diego, CA, USA, November 11-15. IEEE, 115–127. https://doi.org/10.1109/ASE.2019.00021
Google ScholarDigital Library
- Chieh-Jan Mike Liang, Nicholas D. Lane, Niels Brouwers, Li Zhang, Börje F. Karlsson, Hao Liu, Yan Liu, Jun Tang, Xiang Shan, Ranveer Chandra, and Feng Zhao. 2014. Caiipa: automated large-scale mobile app testing through contextual fuzzing. In Proceedings of the 20th Annual International Conference on Mobile Computing and Networking, MobiCom’14, Maui, HI, USA, September 7-11. ACM, 519–530. https://doi.org/10.1145/2639108.2639131
Google ScholarDigital Library
- Aravind Machiry, Rohan Tahiliani, and Mayur Naik. 2013. Dynodroid: an input generation system for Android apps. In Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE’13, Saint Petersburg, Russian Federation, August 18-26. ACM, 224–234. https://doi.org/10.1145/2491411.2491450
Google ScholarDigital Library
- Riyadh Mahmood, Nariman Mirzaei, and Sam Malek. 2014. EvoDroid: segmented evolutionary testing of Android apps. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, FSE’14, Hong Kong, China, November 16 - 22. ACM, 599–609. https://doi.org/10.1145/2635868.2635896
Google ScholarDigital Library
- Amiya Kumar Maji, Fahad A. Arshad, Saurabh Bagchi, and Jan S. Rellermeyer. 2012. An empirical study of the robustness of Inter-component Communication in Android. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks, DSN’12, Boston, MA, USA, June 25-28. IEEE, 1–12. https://doi.org/10.1109/DSN.2012.6263963
Google ScholarCross Ref
- Ke Mao, Mark Harman, and Yue Jia. 2016. Sapienz: multi-objective automated testing for Android applications. In Proceedings of the 25th International Symposium on Software Testing and Analysis, ISSTA’16, Saarbrücken, Germany, July 18-20, Andreas Zeller and Abhik Roychoudhury (Eds.). ACM, 94–105. https://doi.org/10.1145/2931037.2931054
Google ScholarDigital Library
- Nariman Mirzaei, Joshua Garcia, Hamid Bagheri, Alireza Sadeghi, and Sam Malek. 2016. Reducing combinatorics in GUI testing of android applications. In Proceedings of the 38th International Conference on Software Engineering, ICSE’16, Austin, TX, USA, May 14-22. ACM, 559–570. https://doi.org/10.1145/2884781.2884853
Google ScholarDigital Library
- Kevin Moran, Mario Linares Vásquez, Carlos Bernal-Cárdenas, Christopher Vendome, and Denys Poshyvanyk. 2016. Automatically Discovering, Reporting and Reproducing Android Application Crashes. In Proceedings of the IEEE International Conference on Software Testing, Verification and Validation, ICST’16, Chicago, IL, USA, April 11-15. IEEE, 33–44. https://doi.org/10.1109/ICST.2016.34
Google ScholarCross Ref
- Mohammad Nauman, Sohail Khan, and Xinwen Zhang. 2010. Apex: extending Android permission model and enforcement with user-defined runtime constraints. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS’10, Beijing, China, April 13-16. ACM, 328–332. https://doi.org/10.1145/1755688.1755732
Google ScholarDigital Library
- Hoang H. Nguyen, Lingxiao Jiang, and Tho T. Quan. 2017. Android repository mining for detecting publicly accessible functions missing permission checks. In Proceedings of the 25th International Conference on Program Comprehension, ICPC’17, Buenos Aires, Argentina, May 22-23. IEEE, 324–327. https://doi.org/10.1109/ICPC.2017.14
Google ScholarDigital Library
- Changhai Nie and Hareton Leung. 2011. A survey of combinatorial testing. ACM Comput. Surv., 43, 2 (2011), 11:1–11:29. https://doi.org/10.1145/1883612.1883618
Google ScholarDigital Library
- Damien Octeau, Daniel Luchaup, Matthew Dering, Somesh Jha, and Patrick D. McDaniel. 2015. Composite Constant Propagation: Application to Android Inter-Component Communication Analysis. In Proceedings of the 37th IEEE/ACM International Conference on Software Engineering, ICSE’15, Florence, Italy, May 16-24. IEEE, 77–88. https://doi.org/10.1109/ICSE.2015.30
Google ScholarCross Ref
- Machigar Ongtang, Stephen E. McLaughlin, William Enck, and Patrick D. McDaniel. 2012. Semantically rich application-centric security in Android. Secur. Commun. Networks, 5, 6 (2012), 658–673. https://doi.org/10.1002/sec.360
Google ScholarDigital Library
- Alireza Sadeghi, Reyhaneh Jabbarvand, and Sam Malek. 2017. PATDroid: permission-aware GUI testing of Android. In Proceedings of the 11th Joint Meeting on Foundations of Software Engineering, ESEC/FSE’17, Paderborn, Germany, September 4-8. ACM, 220–232. https://doi.org/10.1145/3106237.3106250
Google ScholarDigital Library
- Raimondas Sasnauskas and John Regehr. 2014. Intent fuzzer: crafting intents of death. In Proceedings of the 2014 Joint International Workshop on Dynamic Analysis (WODA) and Software and System Performance Testing, Debugging, and Analytics (PERTEA), WODA+PERTEA’14, San Jose, CA, USA, July 22. ACM, 1–5. https://doi.org/10.1145/2632168.2632169
Google ScholarDigital Library
- Wei Song, Xiangxing Qian, and Jeff Huang. 2017. EHBDroid: beyond GUI testing for Android applications. In Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering, ASE’17, Urbana, IL, USA, October 30 - November 03, Grigore Rosu, Massimiliano Di Penta, and Tien N. Nguyen (Eds.). IEEE, 27–37. https://doi.org/10.1109/ASE.2017.8115615
Google ScholarCross Ref
- Ting Su, Guozhu Meng, Yuting Chen, Ke Wu, Weiming Yang, Yao Yao, Geguang Pu, Yang Liu, and Zhendong Su. 2017. Guided, stochastic model-based GUI testing of Android apps. In Proceedings of the 11th Joint Meeting on Foundations of Software Engineering, ESEC/FSE’17, Paderborn, Germany, September 4-8. ACM, 245–256. https://doi.org/10.1145/3106237.3106298
Google ScholarDigital Library
- Jingling Sun, Ting Su, Junxin Li, Zhen Dong, Geguang Pu, Tao Xie, and Zhendong Su. 2021. Understanding and finding system setting-related defects in Android apps. In Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA’21, Virtual Event, Denmark, July 11-17. ACM, 204–215. https://doi.org/10.1145/3460319.3464806
Google ScholarDigital Library
- Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie J. Hendren, Patrick Lam, and Vijay Sundaresan. 1999. Soot - a Java bytecode optimization framework. In Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative Research, CASCON’99 , November 8-11, Mississauga, Ontario, Canada. IBM, 13. https://dl.acm.org/citation.cfm?id=782008
Google Scholar
- Jue Wang, Yanyan Jiang, Chang Xu, Chun Cao, Xiaoxing Ma, and Jian Lu. 2020. ComboDroid: generating high-quality test inputs for Android apps via use case combinations. In Proceedings of the 42nd International Conference on Software Engineering, ICSE’20, Seoul, South Korea, 27 June - 19 July. ACM, 469–480. https://doi.org/10.1145/3377811.3380382
Google ScholarDigital Library
- Wenyu Wang, Wei Yang, Tianyin Xu, and Tao Xie. 2021. Vet: identifying and avoiding UI exploration tarpits. In Proceedings of the 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE’21, Athens, Greece, August 23-28. ACM, 83–94. https://doi.org/10.1145/3468264.3468554
Google ScholarDigital Library
- Yan Wang and Atanas Rountev. 2016. Profiling the responsiveness of Android applications via automated resource amplification. In Proceedings of the International Conference on Mobile Software Engineering and Systems, MOBILESoft’16, Austin, Texas, USA, May 14-22. ACM, 48–58. https://doi.org/10.1145/2897073.2897097
Google ScholarDigital Library
- Ryszard Wiśniewski and Connor Tumbleson. 2020. Apktool. [Online]. Available: https://ibotpeaches.github.io/Apktool/
Google Scholar
- Haowei Wu, Shengqian Yang, and Atanas Rountev. 2016. Static detection of energy defect patterns in Android applications. In Proceedings of the 25th International Conference on Compiler Construction, CC’16, Barcelona, Spain, March 12-18. ACM, 185–195. https://doi.org/10.1145/2892208.2892218
Google ScholarDigital Library
- Shengqu Xi, Shao Yang, Xusheng Xiao, Yuan Yao, Yayuan Xiong, Fengyuan Xu, Haoyu Wang, Peng Gao, Zhuotao Liu, Feng Xu, and Jian Lu. 2019. DeepIntent: Deep Icon-Behavior Learning for Detecting Intention-Behavior Discrepancy in Mobile Apps. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS’19, London, UK, November 11-15. ACM, 2421–2436. https://doi.org/10.1145/3319535.3363193
Google ScholarDigital Library
- Wei Xu, Fangfang Zhang, and Sencun Zhu. 2013. Permlyzer: Analyzing permission usage in Android applications. In Proceedings of the IEEE 24th International Symposium on Software Reliability Engineering, ISSRE’13, Pasadena, CA, USA, November 4-7. IEEE, 400–410. https://doi.org/10.1109/ISSRE.2013.6698893
Google ScholarCross Ref
- Jiwei Yan, Hao Liu, Linjie Pan, Jun Yan, Jian Zhang, and Bin Liang. 2020. Multiple-entry testing of Android applications by constructing activity launching contexts. In Proceedings of the 42nd International Conference on Software Engineering, Seoul, ICSE’20, South Korea, 27 June - 19 July. ACM, 457–468. https://doi.org/10.1145/3377811.3380347
Google ScholarDigital Library
- Shuaihao Yang, Zigang Zeng, and Wei Song. 2022. Artifact of PermDroid. [Online]. Available: https://doi.org/10.5281/zenodo.6534755
Google ScholarDigital Library
- Shengqian Yang, Hailong Zhang, Haowei Wu, Yan Wang, Dacong Yan, and Atanas Rountev. 2015. Static Window Transition Graphs for Android (T). In Proceedings of the 30th IEEE/ACM International Conference on Automated Software Engineering, ASE’15, Lincoln, NE, USA, November 9-13. IEEE, 658–668. https://doi.org/10.1109/ASE.2015.76
Google ScholarDigital Library
- Wei Yang, Mukul R. Prasad, and Tao Xie. 2013. A Grey-Box Approach for Automated GUI-Model Generation of Mobile Applications. In Proceedings of the 16th International Conference on Fundamental Approaches to Software Engineering, FASE’13, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS’13, Rome, Italy, March 16-24 (Lecture Notes in Computer Science, Vol. 7793). Springer, 250–265. https://doi.org/10.1007/978-3-642-37057-1_19
Google ScholarDigital Library
- Hui Ye, Shaoyin Cheng, Lanbo Zhang, and Fan Jiang. 2013. DroidFuzzer: Fuzzing the Android Apps with Intent-Filter Tag. In Proceedings of the 11th International Conference on Advances in Mobile Computing & Multimedia, MoMM’13, Vienna, Austria, December 2-4. ACM, 68–74. https://doi.org/10.1145/2536853.2536881
Google ScholarDigital Library
- Yifei Zhang, Yulei Sui, and Jingling Xue. 2018. Launch-mode-aware context-sensitive activity transition analysis. In Proceedings of the 40th International Conference on Software Engineering, ICSE’18, Gothenburg, Sweden, May 27 - June 03. ACM, 598–608. https://doi.org/10.1145/3180155.3180188
Google ScholarDigital Library
Index Terms
- PermDroid: automatically testing permission-related behaviour of Android applications
Recommendations
PATDroid: permission-aware GUI testing of Android
ESEC/FSE 2017: Proceedings of the 2017 11th Joint Meeting on Foundations of Software EngineeringRecent introduction of a dynamic permission system in Android, allowing the users to grant and revoke permissions after the installation of an app, has made it harder to properly test apps. Since an app's behavior may change depending on the granted ...
Mutation operators for testing Android apps
Context: Due to the widespread use of Android devices, Android applications (apps) have more releases, purchases, and downloads than apps for any other mobile devices. The sheer volume of code in these apps creates significant concerns about the quality ...
COVERT: Compositional Analysis of Android Inter-App Permission Leakage
Android is the most popular platform for mobile devices. It facilitates sharing of data and services among applications using a rich inter-app communication system. While access to resources can be controlled by the Android permission system, enforcing ...
Comments