Nothing Special   »   [go: up one dir, main page]

skip to main content
10.1145/3650212.3685302acmconferencesArticle/Chapter ViewAbstractPublication PagesisstaConference Proceedingsconference-collections
short-paper
Open access

DMMPP: Constructing Dummy Main Methods for Android Apps with Path-Sensitive Predicates

Published: 11 September 2024 Publication History

Abstract

Android is based on an event-driven model, which hides the main method, and is driven by the lifecycle methods and listeners from user interaction. FlowDroid, constructs a dummy main method statically emulating the lifecycle methods. The dummy main method has been widely used by FlowDroid and also other Android analyzers as their entry points. However, the existing dummy main method is not designed for path-sensitive analysis, whose paths may be unsatisfiable. Thus, when using original dummy main methods, path-sensitive analysis, e.g., symbolic execution, may suffer from infeasible paths. In this paper, we present DMMPP, the first dummy main method generator for Android applications with path-sensitive predicates, and the corresponding path condition is satisfiable. DMMPP constructs dummy main methods for the four types of components in an application with a more realistic simulation for the lifecycle methods. The experiment demonstrates the benefits of our tool for path-sensitive analyzers, improving 28.5 times more explored paths with a low time overhead.

References

[1]
Steven Arzt. 2023. Implementation of the Opaque Predicate in FlowDroid. https://github.com/secure-software-engineering/FlowDroid/blob/develop/soot-infoflow/src/soot/jimple/infoflow/entryPointCreators/BaseEntryPointCreator.java##L960
[2]
Steven Arzt. 2023. We may skip the complete component. https://github.com/secure-software-engineering/FlowDroid/blob/develop/soot-infoflow-android/src/soot/jimple/infoflow/android/entryPointCreators/components/AbstractComponentEntryPointCreator.java##L186
[3]
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick D. McDaniel. 2014. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI ’14, Edinburgh, United Kingdom - June 09 - 11, 2014. ACM, 259–269. https://doi.org/10.1145/2594291.2594299
[4]
Ciaran Gultnieks. 2010. F-Droid: Free and Open Source Software. https://f-droid.org/
[5]
Wenhao Fan, Daishuai Zhang, Ye Chen, Fan Wu, and Yuan’an Liu. 2020. EstiDroid: Estimate API Calls of Android Applications Using Static Analysis Technology. IEEE Access, 8 (2020), 105384–105398. https://doi.org/10.1109/ACCESS.2020.3000523
[6]
Umar Farooq, Zhijia Zhao, Manu Sridharan, and Iulian Neamtiu. 2020. LiveDroid: identifying and preserving mobile app state in volatile runtime environments. Proc. ACM Program. Lang., 4, OOPSLA (2020), 160:1–160:30. https://doi.org/10.1145/3428228
[7]
GooglePlay. 2024. Google Play Store. https://play.google.com/
[8]
Assad Maalouf and Lunjin Lu. 2021. Taint analysis of arrays in Android applications. In SAC ’21: The 36th ACM/SIGAPP Symposium on Applied Computing, Virtual Event, Republic of Korea, March 22-26, 2021. ACM, 893–899. https://doi.org/10.1145/3412841.3441964
[9]
Linjie Pan, Baoquan Cui, Hao Liu, Jiwei Yan, Siqi Wang, Jun Yan, and Jian Zhang. 2020. Static asynchronous component misuse detection for Android applications. In ESEC/FSE ’20: 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Virtual Event, USA, November 8-13, 2020. ACM, 952–963. https://doi.org/10.1145/3368089.3409699
[10]
Linjie Pan, Baoquan Cui, Jiwei Yan, Xutong Ma, Jun Yan, and Jian Zhang. 2019. Androlic: an extensible flow, context, object, field, and path-sensitive static analysis framework for Android. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2019, Beijing, China, July 15-19, 2019. ACM, 394–397. https://doi.org/10.1145/3293882.3339001
[11]
Android Platform. 2024. Activity state changes. https://developer.android.com/guide/components/activities/state-changes
[12]
Hong Song, Dandan Lin, Shuang Zhu, Weiping Wang, and Shigeng Zhang. [n. d.]. ADS-SA: System for Automatically Detecting Sensitive Path of Android Applications Based on Static Analysis.
[13]
Junwei Tang, Ruixuan Li, Kaipeng Wang, Xiwu Gu, and Zhiyong Xu. 2020. A novel hybrid method to analyze security vulnerabilities in android applications. Tsinghua Science and Technology, 25, 5 (2020), 589–603.
[14]
Tianyong Wu, Xi Deng, Jun Yan, and Jian Zhang. 2019. Analyses for specific defects in android applications: a survey. Frontiers Comput. Sci., 13, 6 (2019), 1210–1227. https://doi.org/10.1007/S11704-018-7008-1
[15]
Yiheng Xiong, Mengqian Xu, Ting Su, Jingling Sun, Jue Wang, He Wen, Geguang Pu, Jifeng He, and Zhendong Su. 2023. An Empirical Study of Functional Bugs in Android Apps. In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2023, Seattle, WA, USA, July 17-21, 2023. ACM, 1319–1331. https://doi.org/10.1145/3597926.3598138
[16]
Sen Yang, Sen Chen, Lingling Fan, Sihan Xu, Zhanwei Hui, and Song Huang. 2023. Compatibility Issue Detection for Android Apps Based on Path-Sensitive Semantic Analysis. In 45th IEEE/ACM International Conference on Software Engineering, ICSE 2023, Melbourne, Australia, May 14-20, 2023. IEEE, 257–269. https://doi.org/10.1109/ICSE48619.2023.00033
[17]
Junbin Zhang, Yingying Wang, Lina Qiu, and Julia Rubin. 2022. Analyzing Android Taint Analysis Tools: FlowDroid, Amandroid, and DroidSafe. IEEE Trans. Software Eng., 48, 10 (2022), 4014–4040. https://doi.org/10.1109/TSE.2021.3109563
[18]
Huijuan Zhu, Yang Li, Ruidong Li, Jianqiang Li, Zhuhong You, and Houbing Song. 2021. SEDMDroid: An Enhanced Stacking Ensemble Framework for Android Malware Detection. IEEE Trans. Netw. Sci. Eng., 8, 2 (2021), 984–994. https://doi.org/10.1109/TNSE.2020.2996379

Index Terms

  1. DMMPP: Constructing Dummy Main Methods for Android Apps with Path-Sensitive Predicates

    Recommendations

    Comments

    Please enable JavaScript to view thecomments powered by Disqus.

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    ISSTA 2024: Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis
    September 2024
    1928 pages
    ISBN:9798400706127
    DOI:10.1145/3650212
    This work is licensed under a Creative Commons Attribution International 4.0 License.

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 11 September 2024

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Android
    2. Dummy Main
    3. Entry Point
    4. Path-sensitive
    5. Predicate

    Qualifiers

    • Short-paper

    Conference

    ISSTA '24
    Sponsor:

    Acceptance Rates

    Overall Acceptance Rate 58 of 213 submissions, 27%

    Upcoming Conference

    ISSTA '25

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 85
      Total Downloads
    • Downloads (Last 12 months)85
    • Downloads (Last 6 weeks)37
    Reflects downloads up to 05 Jan 2025

    Other Metrics

    Citations

    View Options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Login options

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media