ABSTRACT
We present a system Dynodroid for generating relevant inputs to unmodified Android apps. Dynodroid views an app as an event-driven program that interacts with its environment by means of a sequence of events through the Android framework. By instrumenting the framework once and for all, Dynodroid monitors the reaction of an app upon each event in a lightweight manner, using it to guide the generation of the next event to the app. Dynodroid also allows interleaving events from machines, which are better at generating a large number of simple inputs, with events from humans, who are better at providing intelligent inputs.
We evaluated Dynodroid on 50 open-source Android apps, and compared it with two prevalent approaches: users manually exercising apps, and Monkey, a popular fuzzing tool. Dynodroid, humans, and Monkey covered 55%, 60%, and 53%, respectively, of each app's Java source code on average. Monkey took 20X more events on average than Dynodroid. Dynodroid also found 9 bugs in 7 of the 50 apps, and 6 bugs in 5 of the top 1,000 free apps on Google Play.
- DroidBox: Android application sandbox. http://code.google.com/p/droidbox/.Google Scholar
- EMMA: a free Java code coverage tool. http://emma.sourceforge.net/.Google Scholar
- Free and Open Source App Repository. https://f-droid.org/.Google Scholar
- GUITAR: A model-based system for automated GUI testing. http://guitar.sourceforge.net/.Google Scholar
- Hierarchy Viewer. http://developer.android.com/ tools/help/hierarchy-viewer.html.Google Scholar
- Historical distribution of Android versions in use. http://developer.android.com/about/dashboards/ index.html.Google Scholar
- UI/Application Exerciser Monkey. http: //developer.android.com/tools/help/monkey.html.Google Scholar
- D. Amalfitano, A. Fasolino, S. Carmine, A. Memon, and P. Tramontana. Using GUI ripping for automated testing of Android applications. In Proceedings of 27th Intl. Conf. on Automated Software Engineering (ASE), 2012. Google ScholarDigital Library
- S. Anand, M. Naik, H. Yang, and M. Harrold. Automated concolic testing of smartphone apps. In Proceedings of ACM Conf. on Foundations of Software Engineering (FSE), 2012. Google ScholarDigital Library
- R. Bryce, S. Sampath, and A. Memon. Developing a single model and test prioritization strategies for event-driven software. Trans. on Soft. Engr., 37(1), 2011. Google ScholarDigital Library
- C. Cadar, D. Dunbar, and D. Engler. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of 8th USENIX Symp. on Operating Systems Design and Implementation (OSDI), 2008. Google ScholarDigital Library
- W. Enck, P. Gilbert, B.-G. Chun, L. Cox, J. Jung, P. McDaniel, and A. Sheth. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of 9th USENIX Symp. on Operating Systems Design and Implementation (OSDI), 2010. Google ScholarDigital Library
- P. Gilbert, B.-G. Chun, L. Cox, and J. Jung. Vision: automated security validation of mobile apps at app markets. In Proceedings of 2nd Intl. Workshop on Mobile Cloud Computing and Services (MCS), 2011. Google ScholarDigital Library
- P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In Proceedings of ACM Conf. on Programming Language Design and Implementation (PLDI), 2005. Google ScholarDigital Library
- F. Gross, G. Fraser, and A. Zeller. Search-based system testing: high coverage, no false alarms. In Proceedings of the 2012 International Symposium on Software Testing and Analysis (ISSTA), 2012. Google ScholarDigital Library
- C. Hu and I. Neamtiu. Automating GUI testing for Android applications. In Proceedings of 6th IEEE/ACM Workshop on Automation of Software Test (AST), 2011. Google ScholarDigital Library
- J. Jeon, K. Micinski, and J. Foster. Symdroid: Symbolic execution for dalvik bytecode, 2012. http: //www.cs.umd.edu/~jfoster/papers/symdroid.pdf.Google Scholar
- J. King. Symbolic execution and program testing. CACM, 19(7):385–394, 1976. Google ScholarDigital Library
- R. Mahmood, N. Esfahani, T. Kacem, N. Mirzaei, S. Malek, and A. Stavrou. A whitebox approach for automated security testing of Android applications on the cloud. In Proceedings of 7th IEEE/ACM Workshop on Automation of Software Test (AST), 2012.Google ScholarDigital Library
- A. Memon, M. Pollack, and M. Soffa. Automated test oracles for GUIs. In Proceedings of ACM Conf. on Foundations of Software Engineering (FSE), 2000. Google ScholarDigital Library
- A. Memon and M. Soffa. Regression testing of GUIs. In Proceedings of ACM Conf. on Foundations of Software Engineering (FSE), 2003. Google ScholarDigital Library
- N. Mirzaei, S. Malek, C. Pasareanu, N. Esfahani, and R. Mahmood. Testing Android apps through symbolic execution. In Java Pathfinder Workshop (JPF), 2012.Google ScholarDigital Library
- T. Takala, M. Katara, and J. Harty. Experiences of system-level model-based GUI testing of an Android app. In Proceedings of 4th Intl. Conf. on Software Testing, Verification and Validation (ICST), 2011. Google ScholarDigital Library
- L. White and H. Almezen. Generating test cases for GUI responsibilities using complete interaction sequences. In Proceedings of 11th IEEE Intl. Symp. on Software Reliability Engineering (ISSRE), 2000. Google ScholarDigital Library
- L. Yan and H. Yin. DroidScope: Seamlessly reconstructing the OS and Dalvik semantic views for dynamic Android malware analysis. In Proceedings of 21st USENIX Security Symposium, 2012. Google ScholarDigital Library
- X. Yuan, M. Cohen, and A. Memon. GUI interaction testing: Incorporating event context. Trans. on Soft. Engr., 37(4), 2011. Google ScholarDigital Library
- X. Yuan and A. Memon. Generating event sequence-based test cases using GUI runtime state feedback. Trans. on Soft. Engr., 36(1), 2010. Google ScholarDigital Library
Index Terms
- Dynodroid: an input generation system for Android apps
Recommendations
Automated concolic testing of smartphone apps
FSE '12: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software EngineeringWe present an algorithm and a system for generating input events to exercise smartphone apps. Our approach is based on concolic testing and generates sequences of events automatically and systematically. It alleviates the path-explosion problem by ...
Inter-app communication between Android apps developed in app-inventor and Android studio
MOBILESoft '16: Proceedings of the International Conference on Mobile Software Engineering and SystemsCommunications between mobile apps are an important aspect of mobile platforms. Android is specifically designed with inter-app communication in mind and depends on this to provide different platform specific functionalities. Android Apps can either be ...
Analyzing GUI running fluency for Android apps
MSCC '16: Proceedings of the 3rd ACM Workshop on Mobile Sensing, Computing and CommunicationAndroid as a free open platform has become increasingly popular and been widespread adopted in mobile, tablet, and other devices. However, a great number of issues, such as inadequate quality and the fragmentation phenomenon, have emerged, enhancing the ...
Comments