research-article

Open access

ICCBot: fragment-aware and context-sensitive ICC resolution for Android applications

Authors:

Jian ZhangAuthors Info & Claims

ICSE '22: Proceedings of the ACM/IEEE 44th International Conference on Software Engineering: Companion Proceedings

Pages 105 - 109

https://doi.org/10.1145/3510454.3516864

Published: 19 October 2022 Publication History

Abstract

For GUI programs, like Android apps, the program functionalities are encapsulated in a set of basic components, each of which represents an independent function module. When interacting with an app, users are actually operating a set of components. The transitions among components, which are supported by the Android Inter-Component Communication (ICC) mechanism, can reflect the skeleton of an app. To effectively resolve the source and destination of an ICC message, both the correct entry-point identification and the precise data value tracking of ICC fields are required. However, with the wide usage of Android fragment components, the entry-point analysis usually terminates at an inner fragment but not its host component. Also, the simply tracked ICC field values may become inaccurate when data is transferred among multiple methods. In this paper, we design a practical ICC resolution tool ICCBot, which resolves the component transitions that are connected by fragments to help the entry-point identification. Besides, it performs context-sensitive inter-procedural analysis to precisely obtain the ICC-carried data values. Compared with the state-of-the-art tools, ICCBot achieves both a higher success rate and accuracy. ICCBot is open-sourced at https://github.com/hanada31/ICCBot. A video demonstration of it is at https://www.youtube.com/watch?v=7zcoMBtGiLY.

References

[1]

2015. CSipSimple. https://github.com/r3gis3r/CSipSimple.

[2]

2015. IC3. https://github.com/siis/ic3.

[3]

2017. DroidBench. https://github.com/secure-software-engineering/DroidBench.

[4]

2017. ICC-Bench. https://github.com/fgwei/ICC-Bench.

[5]

2019. GATOR. http://web.cse.ohio-state.edu/presto/software/gator/.

[6]

2020. IC3-DIALDroid. https://github.com/dialdroid-android/ic3-dialdroid.

[7]

2022. F-Droid. https://f-droid.org/.

[8]

2022. Fragment. https://developer.android.com/guide/fragments.

[9]

2022. ICCBot, ICCBotBench. https://github.com/hanada31/ICCBot.

[10]

2022. Intent. https://developer.android.com/guide/components/intents-filters.

[11]

2022. json-handle. https://chrome.google.com/webstore/detail/json-handle/iahnhfdhidomcpggpaimmmahffihkfinj?hl=en.

[12]

2022. Soot. https://github.com/soot-oss/soot.

[13]

2022. Use-define chain. https://en.wikipedia.org/wiki/Use-define_chain.

[14]

Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: precise context, flow, field, object-sensitive and life cycle-aware taint analysis for Android apps. In PLDI 2014. 29.

Digital Library

[15]

Tanzirul Azim and Iulian Neamtiu. 2013. Targeted and depth-first exploration for systematic testing of Android apps. In OOPSLA 2013. 641--660.

Digital Library

[16]

Amiangshu Bosu, Fang Liu, Danfeng (Daphne) Yao, and Gang Wang. 2017. Collusive Data Leak and More: Large-scale Threat Analysis of Inter-app Communications. In AsiaCCS. 71--85.

[17]

Jia Chen, Ge Han, Shanqing Guo, and Wenrui Diao. 2018. FragDroid: Automated User Interface Interaction with Activity and Fragment Analysis in Android Applications. In DSN 2018. 398--409.

[18]

Sen Chen, Lingling Fan, Chunyang Chen, Ting Su, Wenhe Li, Yang Liu, and Lihua Xu. 2019. StoryDroid: automated generation of storyboard for Android apps. In Proceedings of the 41st International Conference on Software Engineering, ICSE 2019, Montreal, QC, Canada, May 25--31, 2019. IEEE / ACM, 596--607.

Digital Library

[19]

Damien Octeau, Daniel Luchaup, Matthew Dering, Somesh Jha, and Patrick McDaniel. 2015. Composite Constant Propagation: Application to Android Inter-Component Communication Analysis. In ICSE 2015. 77--88.

Digital Library

[20]

Damien Octeau, Patrick D. McDaniel, Somesh Jha, Alexandre Bartel, Eric Bodden, Jacques Klein, and Yves Le Traon. 2013. Effective Inter-Component Communication Mapping in Android: An Essential Step Towards Holistic Security Analysis. In USENIX Security Symposium, 2013. 543--558.

Cited By

Nirumand AZamani BLadani B(2024)A comprehensive framework for inter-app ICC security analysis of Android appsAutomated Software Engineering10.1007/s10515-024-00439-831:2Online publication date: 4-Jun-2024
https://dl.acm.org/doi/10.1007/s10515-024-00439-8
Tran AYskout KJoosen W(2023)AndrAS: Automated Attack Surface Extraction for Android Applications2023 IEEE 23rd International Conference on Software Quality, Reliability, and Security (QRS)10.1109/QRS60937.2023.00047(406-417)Online publication date: 22-Oct-2023
https://doi.org/10.1109/QRS60937.2023.00047
Guo HSu TLiu XGu SSun J(2023)Effectively Finding ICC-related Bugs in Android Apps via Reinforcement Learning2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE59848.2023.00032(403-414)Online publication date: 9-Oct-2023
https://doi.org/10.1109/ISSRE59848.2023.00032
Show More Cited By

Index Terms

ICCBot: fragment-aware and context-sensitive ICC resolution for Android applications
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging

Recommendations

CrashSafe: a formal model for proving crash-safety of Android applications

Each software application running on Android powered devices consists of application components that communicate with each other to support application's functionality for enhanced user experience of mobile computing. Application components inside ...
RoppDroid

Android is designed such that Android applications (Apps) can provide functions to each other by providing a complex inter-component communication (ICC) model. While app interactions make it convenient and easy for one app to delegate functionality to ...
ICTDroid: Parameter-Aware Combinatorial Testing for Components of Android Apps
ASE '23: Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering

Components are the fundamental building blocks of Android applications. Different functional modules represented by components often rely on inter-component communication mechanisms to achieve cross-module data transfer and method invocation. It is ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ICSE '22: Proceedings of the ACM/IEEE 44th International Conference on Software Engineering: Companion Proceedings

May 2022

394 pages

ISBN:9781450392235

DOI:10.1145/3510454

General Chair:
Matthew B Dwyer
University of Virginia

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

In-Cooperation

IEEE CS

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 October 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICSE '22

Sponsor:

SIGSOFT

ICSE '22: 44th International Conference on Software Engineering

May 21 - 29, 2022

Pennsylvania, Pittsburgh

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
217
Total Downloads

Downloads (Last 12 months)146
Downloads (Last 6 weeks)16

Reflects downloads up to 22 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Nirumand AZamani BLadani B(2024)A comprehensive framework for inter-app ICC security analysis of Android appsAutomated Software Engineering10.1007/s10515-024-00439-831:2Online publication date: 4-Jun-2024
https://dl.acm.org/doi/10.1007/s10515-024-00439-8
Tran AYskout KJoosen W(2023)AndrAS: Automated Attack Surface Extraction for Android Applications2023 IEEE 23rd International Conference on Software Quality, Reliability, and Security (QRS)10.1109/QRS60937.2023.00047(406-417)Online publication date: 22-Oct-2023
https://doi.org/10.1109/QRS60937.2023.00047
Guo HSu TLiu XGu SSun J(2023)Effectively Finding ICC-related Bugs in Android Apps via Reinforcement Learning2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE59848.2023.00032(403-414)Online publication date: 9-Oct-2023
https://doi.org/10.1109/ISSRE59848.2023.00032
Zhang YChen SFan LGrundy J(2023)A Web-Based Tool for Using Storyboard of Android AppsProceedings of the 45th International Conference on Software Engineering: Companion Proceedings10.1109/ICSE-Companion58688.2023.00037(117-121)Online publication date: 14-May-2023
https://dl.acm.org/doi/10.1109/ICSE-Companion58688.2023.00037
Zhang XFan LChen SSu YLi BBissyandé TKlein JBird CSarro F(2023)Scene-Driven Exploration and GUI Modeling for Android AppsProceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering10.1109/ASE56229.2023.00179(1251-1262)Online publication date: 11-Nov-2023
https://dl.acm.org/doi/10.1109/ASE56229.2023.00179
Zhang SLi SDeng XYan JYan J(2023)ICTDroid: Parameter-Aware Combinatorial Testing for Components of Android Apps2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE)10.1109/ASE56229.2023.00071(2070-2073)Online publication date: 11-Sep-2023
https://doi.org/10.1109/ASE56229.2023.00071
Deng XYan JZhang SYan JZhang J(2023)Variable-strength combinatorial testing of exported activities based on misexposure predictionJournal of Systems and Software10.1016/j.jss.2023.111773204:COnline publication date: 1-Oct-2023
https://dl.acm.org/doi/10.1016/j.jss.2023.111773
Yan JZhang SLiu YDeng XYan JZhang J(2022)A Comprehensive Evaluation of Android ICC Resolution TechniquesProceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering10.1145/3551349.3560420(1-13)Online publication date: 10-Oct-2022
https://dl.acm.org/doi/10.1145/3551349.3560420

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents