Verification of Android Applications

This study investigates an alternative approach to analyze Android applications using model checking. We develop an extension to Java Path Finder (JPF) called JPF-Android to verify Android applications outside of the Android platform. JPF is a powerful Java model checker and analysis engine that is very effective at detecting corner-case and hard-to-find errors using its fine-grained analysis capabilities. JPF-Android provides a simplified model of the Android application framework on which an Android application can run and it can generate input events or parse an input script containing sequences of input events to drive the execution of the application. JPF-Android traverses all execution paths of the application by simulating these input events and can detect common property violations such as deadlocks and runtime exceptions in Android applications. It also introduces user defined execution specifications called Checklists to verify the flow of application execution.

[1]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[2]  Oksana Tkachuk OCSEGen: open components and systems environment generator , 2013, SOAP '13.

[3]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[4]  Sundar Gopalakrishnan,et al.  A STUDY ON THE EVALUATION OF UNIT TESTING FOR ANDROID SYSTEMS , 2011 .

[5]  Hongseok Yang,et al.  Automated concolic testing of smartphone apps , 2012, SIGSOFT FSE.

[6]  Brink van der Merwe,et al.  Generation of Library Models for Verification of Android Applications , 2015, SOEN.

[7]  Brink van der Merwe,et al.  Verifying android applications using Java PathFinder , 2012, ACM SIGSOFT Softw. Eng. Notes.

[8]  Sam Malek,et al.  Testing android apps through symbolic execution , 2012, ACM SIGSOFT Softw. Eng. Notes.

[9]  Matteo Ceccarello,et al.  Automated generation of model classes for Java PathFinder , 2014, SOEN.

[10]  Byung-Gon Chun,et al.  TaintDroid: an information flow tracking system for real-time privacy monitoring on smartphones , 2014, Commun. ACM.

[11]  MalekSam,et al.  Testing android apps through symbolic execution , 2012 .

[12]  Brink van der Merwe,et al.  Execution and property specifications for JPF-android , 2014, SOEN.

[13]  Mayur Naik,et al.  Dynodroid: an input generation system for Android apps , 2013, ESEC/FSE 2013.

[14]  J. Foster,et al.  SCanDroid: Automated Security Certification of Android , 2009 .