FragDroid: Automated User Interface Interaction with Activity and Fragment Analysis in Android Applications

Recent years have witnessed the enormous growth of Android phones in the consumer market. On the other hand, as the most popular mobile platform, Android also attracts lots of attackers' attention. As a result, more and more Android malicious apps appear in the wild, which poses a serious threat to user's security and privacy. To such massive volume of Android malware, automated UI testing techniques have become the mainstream solutions because of the detection efficiency and accuracy. However, all existing UI testing techniques treat the Activity as the basic unit of UI interactions and cannot carry out a fine-grained analysis for Fragments. Due to the lack of Fragment-level analysis, the path coverage is usually quite limited. To fill this gap, in this paper, we propose FragDroid, a novel automated UI testing framework supporting both Activity and Fragment analysis. To achieve the Fragment-level testing, we design the Activity & Fragment Transition Model (AFTM) to simulate the internal interactions of an app, and ATFM could be utilized to generate test cases automatically through UI interactions. With the assist of AFTM, FragDroid achieves accessing most Activities and Fragments contained in the app along with the capability of detecting arbitrary API calls. We implemented a prototype of FragDroid and evaluated it on 15 popular apps. The results show FragDroid successfully covered 66% Fragments and the corresponding API calls of testing apps. Also, the traditional approaches have to miss at least 9.6% of API calls invoked in Fragments.

[1]  Porfirio Tramontana,et al.  Using GUI ripping for automated testing of Android applications , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[2]  Ziming Zhao,et al.  Toward Discovering and Exploiting Private Server-Side Web APIs , 2016, 2016 IEEE International Conference on Web Services (ICWS).

[3]  Tao Xie,et al.  A Grey-Box Approach for Automated GUI-Model Generation of Mobile Applications , 2013, FASE.

[4]  Alireza Sadeghi,et al.  Reducing Combinatorics in GUI Testing of Android Applications , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).

[5]  Iulian Neamtiu,et al.  Targeted and depth-first exploration for systematic testing of android apps , 2013, OOPSLA.

[6]  Guofei Gu,et al.  SmartDroid: an automatic system for revealing UI-based trigger conditions in android applications , 2012, SPSM '12.

[7]  Todd D. Millstein,et al.  RERAN: Timing- and touch-sensitive record and replay for Android , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[8]  Herbert Bos,et al.  Paranoid Android: versatile protection for smartphones , 2010, ACSAC '10.

[9]  Suman Nath,et al.  PUMA: programmable UI-automation for large-scale dynamic analysis of mobile apps , 2014, MobiSys.

[10]  Mayur Naik,et al.  Dynodroid: an input generation system for Android apps , 2013, ESEC/FSE 2013.