Static Control-Flow Analysis of User-Driven Callbacks in Android Applications

Android software presents many challenges for static program analysis. In this work we focus on the fundamental problem of static control-flow analysis. Traditional analyses cannot be directly applied to Android because the applications are framework-based and event-driven. We consider user-event-driven components and the related sequences of callbacks from the Android framework to the application code, both for lifecycle callbacks and for event handler callbacks. We propose a program representation that captures such callback sequences. This representation is built using context-sensitive static analysis of callback methods. The analysis performs graph reachability by traversing context-compatible interprocedural control-flow paths and identifying statements that may trigger callbacks, as well as paths that avoid such statements. We also develop a client analysis that builds a static model of the application's GUI. Experimental evaluation shows that this context-sensitive approach leads to substantial precision improvements, while having practical cost.

[1]  Peng Wang,et al.  AsDroid: detecting stealthy behaviors in Android applications by user interface and program behavior contradiction , 2014, ICSE.

[2]  Atanas Rountev,et al.  Interprocedural Dataflow Analysis in the Presence of Large Libraries , 2006, CC.

[3]  Atif M. Memon,et al.  GUI ripping: reverse engineering of graphical user interfaces for testing , 2003, 10th Working Conference on Reverse Engineering, 2003. WCRE 2003. Proceedings..

[4]  J. Foster,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[5]  Peng Wang,et al.  Automatic Android GUI Traversal with High Coverage , 2014, 2014 Fourth International Conference on Communication Systems and Network Technologies.

[6]  David A. Wagner,et al.  Analyzing inter-application communication in Android , 2011, MobiSys '11.

[7]  Matthew Might,et al.  Sound and precise malware analysis for android via pushdown reachability and entry-point saturation , 2013, SPSM '13.

[8]  Iulian Neamtiu,et al.  Targeted and depth-first exploration for systematic testing of android apps , 2013, OOPSLA.

[9]  Wenke Lee,et al.  CHEX: statically vetting Android apps for component hijacking vulnerabilities , 2012, CCS.

[10]  V. Rich Personal communication , 1989, Nature.

[11]  Mukul R. Prasad,et al.  Automated testing with targeted event sequence generation , 2013, ISSTA.

[12]  Sebastian G. Elbaum,et al.  Amplifying tests to validate exception handling code , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[13]  Thomas W. Reps,et al.  Precise Interprocedural Dataflow Analysis with Applications to Constant Propagation , 1995, TAPSOFT.

[14]  Yajin Zhou,et al.  Systematic Detection of Capability Leaks in Stock Android Smartphones , 2012, NDSS.

[15]  Atanas Rountev,et al.  Systematic testing for resource leaks in Android applications , 2013, 2013 IEEE 24th International Symposium on Software Reliability Engineering (ISSRE).

[16]  Tao Xie,et al.  A Grey-Box Approach for Automated GUI-Model Generation of Mobile Applications , 2013, FASE.

[17]  Atanas Rountev,et al.  Testing for poor responsiveness in android applications , 2013, 2013 1st International Workshop on the Engineering of Mobile-Enabled Systems (MOBS).

[18]  Jacques Klein,et al.  Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis , 2013 .

[19]  Avik Chaudhuri,et al.  SCanDroid: Automated Security Certification of Android , 2009 .

[20]  Étienne Payet,et al.  Static Analysis of Android Programs , 2011, CADE.

[21]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to analysis for Java , 2005, TSEM.

[22]  Atif M. Memon,et al.  An event‐flow model of GUI‐based applications for testing , 2007, Softw. Test. Verification Reliab..

[23]  Michael D. Ernst,et al.  Finding errors in multithreaded GUI applications , 2012, ISSTA 2012.

[24]  Isil Dillig,et al.  Apposcopy: semantics-based detection of Android malware through static analysis , 2014, SIGSOFT FSE.

[25]  Étienne Payet,et al.  An operational semantics for android activities , 2014, PEPM '14.

[26]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[27]  Dacong Yan,et al.  Program Analyses for Understanding the Behavior and Performance of Traditional and Mobile Object-Oriented Software , 2014 .

[28]  Guofei Gu,et al.  SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications , 2012, SPSM '12.

[29]  Ondrej Lhoták,et al.  Pick your contexts well: understanding object-sensitivity , 2011, POPL '11.

[30]  Atif M. Memon,et al.  Studying the fault-detection effectiveness of GUI test cases for rapidly evolving software , 2005, IEEE Transactions on Software Engineering.

[31]  Porfirio Tramontana,et al.  Using GUI ripping for automated testing of Android applications , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[32]  Samuel P. Midkiff,et al.  What is keeping my phone awake?: characterizing and detecting no-sleep energy bugs in smartphone apps , 2012, MobiSys '12.

[33]  Andreas Zeller,et al.  Search-based system testing: high coverage, no false alarms , 2012, ISSTA 2012.

[34]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[35]  Atanas Rountev,et al.  Static Reference Analysis for GUI Objects in Android Software , 2014, CGO '14.

[36]  David Grove,et al.  A framework for call graph construction algorithms , 2001, TOPL.

[37]  Mika Katara,et al.  Experiences of System-Level Model-Based GUI Testing of an Android Application , 2011, 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation.