An automated and directed testing technique for target behavior of Android application

doi:10.7523/j.issn.2095-6134.2018.03.016

Abstract

Abstract: Directed testing of specific behaviors for Android applications is usually used to detect privacy leak, remote control, or other malicious behaviors. In order to solve the problems of the high failure-rate and large time-consuming of the present approaches, an automated testing method that uses target API invocation to represent the application's behavior is proposed. First, the method gets the invocation paths to the target API by using static analysis. Then dynamic testing is adopted to exclude extraneous components and GUI elements, and the application is driven to automatically run along the specific paths to reach the target API invocations and the specific behavior is triggered. Experimental results show that the method achieves a high efficiency.

Key words: Android, directed test, target API, static analysis, dynamic testing

CLC Number:

TP393

YE Yanling, FU Xiaotong, ZHANG Yuqing, YUE Hongzhou. An automated and directed testing technique for target behavior of Android application[J]. , 2018, 35(3): 409-416.

References

[1] 吴敬征,武延军,武志飞,等. 基于有向信息流的Android隐私泄露类恶意应用检测方法[J]. 中国科学院大学学报, 2015, 32(6):807-815.
[2] Wong M Y, Lie D. IntelliDroid:a targeted input generator for the dynamic analysis of Android malware[C]//Proceedings of the Annual Symposium on Network and Distributed System Security (NDSS), 2016:21-24.
[3] Bhoraskar R, Han S, Jeon J, et al. Brahmastra:driving apps to test the security of third-party components[C]//The Usenix Security Symposium, 2014:1021-1036.
[4] Zheng C, Zhu S, Dai S, et al. Smartdroid:an automatic system for revealing ui-based trigger conditions in android Applications[C]//Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. ACM, 2012:93-104.
[5] Android Developers. UI/Application exerciser monkey[EB/OL]. (2016-09-20)[2017-01-12]. https://developer.android.com/studio/test/monkey.html.
[6] Hao S, Liu B, Nath S, et al. PUMA:programmable UI-automation for large-scale dynamic analysis of mobile Apps[C]//Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services. ACM, 2014:204-217.
[7] Android Developers. Monkeyrunner[EB/OL]. (2016-09-20)[2017-01-12]. https://developer.android.com/studio/test/monkeyrunner/index.html.
[8] Google Code. Robotium[EB/OL]. (2017-01-11)[2017-01-12]. https://robotium.com/.
[9] Android Developers. Uiautomator[EB/OL]. (2016-05-14)[2017-01-12]. http://developer.android.com/tools/help/uiautomator/.
[10] Azim T, Neamtiu I. Targeted and depth-first exploration for systematic testing of android Apps[J]//ACM SIGPLAN Notices, 2013, 48(10):641-660.
[11] Rastogi V, Chen Y, Enck W. AppsPlayground:automatic security analysis of smartphone applications[C]//Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy. ACM, 2013:209-220.
[12] Mao K, Harman M, Jia Y. Sapienz:multi-objective automated testing for android applications[C]//Proceedings of the 25th International Symposium on Software Testing and Analysis. ACM, 2016:94-105.
[13] Memon A, Banerjee I, Nagarajan A. GUI ripping:reverse engineering of graphical user interfaces for testing[C]//Reverse Engineering, 2003. Wcre 2003. Proceedings. Working Conference on. IEEE, 2003:260-269.
[14] Dutia S N, Oh T H, Oh Y H. Developing automated input generator for android mobile device to evaluate malware behavior[C]//Proceedings of the 4th Annual ACM Conference on Research in Information Technology. ACM, 2015:43.
[15] Amalfitano D, Fasolino A R, Tramontana P. A gui crawling-based technique for android mobile application testing[C]//2011 IEEE Fourth International Conference on Software Testing, Verification and Validation Workshops (ICSTW). IEEE, 2011:252-261.
[16] 赵耀宗, 程绍银, 蒋凡. Android应用程序GUI遍历的自动化方法[J]. 计算机系统应用, 2015, 24(9):219-224.
[17] Ma X, Wang N, Xie P, et al. An automated testing platform for mobile applications[C]//2016 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). IEEE, 2016:159-162.
[18] Wen H L, Lin C H, Hsieh T H, et al. PATS:a parallel GUI testing framework for android applications[C]//Computer Software and Applications Conference (COMPSAC), 2015 IEEE 39th Annual. IEEE, 2015, 2:210-215.
[19] Amalfitano D, Fasolino A R, Tramontana P, et al. MobiGUITAR:automated model-based testing of mobile apps[J]. IEEE Software, 2015, 32(5):53-59.
[20] Machiry A, Tahiliani R, Naik M. Dynodroid:an input generation system for android apps[C]//Proceedings of the 20139th Joint Meeting on Foundations of Software Engineering. ACM, 2013:224-234.
[21] Bartel A, Klein J,Le Traon Y, et al. Dexpler:converting android dalvik bytecode to jimple for static analysis with soot[C]//Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program analysis. ACM, 2012:27-38.
[22] Arzt S, Rasthofer S, Fritz C, et al. Flowdroid:precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps[J]. ACM SIGPLAN Notices, 2014, 49(6):259-269.
[23] 孔德光, 郑烇, 帅建梅, 等. 基于污点分析的源代码脆弱性检测技术[J]. 小型微型计算机系统, 2009, 30(1):78-82.
[24] Reps T, Horwitz S, Sagiv M. Precise interprocedural dataflow analysis via graph reachability[C]//Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages. ACM, 1995:49-61.
[25] Android Developers. Android debug bridge[EB/OL]. (2017-01-11)[2017-01-12]. https://developer.android.com/studio/command-line/adb.html?hl=zh-cn.
[26] Android Developers. Requesting permissions.[EB/OL]. (2016-12-21)[2017-01-12]. https://developer.android.com/guide/topics/permissions/requesting.html.