NChecker: saving mobile app developers from network disruptions

Most of today's mobile apps rely on the underlying networks to deliver key functions such as web browsing, file synchronization, and social networking. Compared to desktop-based networks, mobile networks are much more dynamic with frequent connectivity disruptions, network type switches, and quality changes, posing unique programming challenges for mobile app developers. As revealed in this paper, many mobile app developers fail to handle these intermittent network conditions in the mobile network programming. Consequently, network programming defects (NPDs) are pervasive in mobile apps, causing bad user experiences such as crashes, data loss, etc. Despite the development of network libraries in the hope of lifting the developers' burden, we observe that many app developers fail to use these libraries properly and still introduce NPDs. In this paper, we study the characteristics of the real-world NPDs in Android apps towards a deep understanding of their impacts, root causes, and code patterns. Driven by the study, we build NChecker, a practical tool to detect NPDs by statically analyzing Android app binaries. NChecker has been applied to hundreds of real Android apps and detected 4180 NPDs from 285 randomly-selected apps with a 94+% accuracy. Our further analysis of these defects reveals the common mistakes of app developers in working with the existing network libraries' abstractions, which provide insights for improving the usability of mobile network libraries.

[1]  Arun Venkataramani,et al.  Augmenting mobile 3G using WiFi , 2010, MobiSys '10.

[2]  Suman Nath,et al.  Automatic and scalable fault detection for mobile applications , 2014, MobiSys.

[3]  David W. Binkley,et al.  Program slicing , 2008, 2008 Frontiers of Software Maintenance.

[4]  David Brumley,et al.  All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) , 2010, 2010 IEEE Symposium on Security and Privacy.

[5]  Joshua J. Bloch How to design a good API and why it matters , 2006, OOPSLA '06.

[6]  Hammad Khalid On identifying user complaints of iOS apps , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[7]  Ranveer Chandra,et al.  Caiipa: automated large-scale mobile app testing through contextual fuzzing , 2014, MobiCom.

[8]  Jacques Klein,et al.  Dexpler: converting Android Dalvik bytecode to Jimple for static analysis with Soot , 2012, SOAP '12.

[9]  Jacques Klein,et al.  Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis , 2013 .

[10]  Laurie Hendren,et al.  Soot: a Java bytecode optimization framework , 2010, CASCON.

[11]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[12]  Mayur Naik,et al.  Dynodroid: an input generation system for Android apps , 2013, ESEC/FSE 2013.

[13]  Hongseok Yang,et al.  Automated concolic testing of smartphone apps , 2012, SIGSOFT FSE.

[14]  Brian Neil Levine,et al.  Concurrent Wi-Fi for mobile users: analysis and measurements , 2011, CoNEXT '11.

[15]  Ratul Mahajan,et al.  AppInsight: Mobile App Performance Monitoring in the Wild , 2022 .

[16]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[17]  David W. Binkley,et al.  Interprocedural slicing using dependence graphs , 1990, TOPL.

[18]  Matthew Roughan,et al.  Passive and Active Measurement , 2013, Lecture Notes in Computer Science.

[19]  Suman Nath,et al.  Prefetching mobile ads: can advertising systems afford it? , 2013, EuroSys '13.

[20]  Dawn Xiaodong Song,et al.  Understanding Mobile App Usage Patterns Using In-App Advertisements , 2013, PAM.

[21]  Junfeng Yang,et al.  Efficiently, effectively detecting mobile app bugs with AppDoctor , 2014, EuroSys '14.

[22]  Thomas W. Reps,et al.  Precise interprocedural chopping , 1995, SIGSOFT FSE.

[23]  Ning Ding,et al.  Smartphone Background Activities in the Wild: Origin, Energy Drain, and Optimization , 2015, MobiCom.

[24]  Alessandro Orso,et al.  Dytan: a generic dynamic taint analysis framework , 2007, ISSTA '07.

[25]  Sam Malek,et al.  Testing android apps through symbolic execution , 2012, ACM SIGSOFT Softw. Eng. Notes.

[26]  Arun Venkataramani,et al.  Energy consumption in mobile phones: a measurement study and implications for network applications , 2009, IMC '09.

[27]  Gail E. Kaiser,et al.  Pebbles: Fine-Grained Data Management Abstractions for Modern Operating Systems , 2014, OSDI.

[28]  Byung-Gon Chun,et al.  Vision: automated security validation of mobile apps at app markets , 2011, MCS '11.

[29]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.