GUI-based testing has been primarily used to examine the functionality and usability of mobile apps. Despite the numerous GUI-based test input generation techniques proposed in the literature, these techniques are still limited by (1) lack of context-aware text inputs; (2) failing to generate expressive tests; and (3) absence of test oracles. To address these limitations, we propose CraftDroid, a framework that leverages information retrieval, along with static and dynamic analysis techniques, to extract the human knowledge from an existing test suite for one app and transfer the test cases and oracles to be used for testing other apps with the similar functionalities. Evaluation of CraftDroid on real-world commercial Android apps corroborates its effectiveness by achieving 73% precision and 90% recall on average for transferring both the GUI events and oracles. In addition, 75% of the attempted transfers successfully generated valid and feature-based tests for popular features among apps in the same category.

Jun-Wei Lin

University of California, Irvine

United States

Reyhaneh Jabbarvand

University of California, Irvine

United States

Sam Malek

University of California, Irvine

United States

The use of mobile apps is increasingly widespread, and much effort is put into testing these apps to make sure they behave as intended. To reduce this effort, and thus the overall cost of mobile app testing, we propose AppTestMigrator, a technique for migrating test cases between apps in the same category (e.g., banking apps). The intuition behind AppTestMigrator is that many apps share similarities in their functionality, and these similarities often result in conceptually similar user interfaces (through which that functionality is accessed). AppTestMigrator leverages these commonalities between user interfaces to migrate existing tests written for an app to another similar app. Specifically, given (1) a test case for an app (source app) and (2) a second app (target app), AppTestMigrator attempts to automatically transform the sequence of events and oracles in the test for the source app to events and oracles for the target app. We implemented AppTestMigrator for Android mobile apps and evaluated it on a set of randomly selected apps from the Google Play Store in four different categories. Our initial results are promising, support our intuition that test migration is possible, and motivate further research in this direction.

Farnaz Behrang

Georgia Tech

Alessandro Orso

Georgia Tech

United States

Mobile push notification is widely used in mobile platforms to deliver all sorts of information to app users. Although it offers great convenience for both app developers and mobile users, this feature was recurrently reported to serve malicious and aggressive purposes, such as delivering annoying push notification advertisement. However, to the best of our knowledge, our research community has not touched the problem yet, neither providing techniques to detect/prevent them, nor characterizing this issue in the mobile app ecosystem at large-scale. This paper presents the first study to detect aggressive push notifications and further characterize them in large-scale. To this end, we first provide a taxonomy of mobile push notifications and pick out the aggressive ones using a crowdsourcing-based method. Then we propose DaPANDA, a novel hybrid approach, aiming at automatically detecting aggressive push notifications in Android apps. DaPANDA leverages a guided testing approach to systematically trigger and consume push notifications. By instrumenting the Android framework, DaPANDA further collects all the notification-relevant runtime information for flagging aggressive ones. Our experimental results show that DaPANDA is capable of detecting aggressive push notifications across the spectrum of aggressive types. By applying DaPANDA to 20,000 Android apps, it yields over 1,000 aggressive notifications that are further confirmed to be true positives and are shared with our community to promote advanced approaches for detecting aggressive mobile push notifications.

Tianming Liu

Beijing University of Posts and Telecommunications, China

China

Haoyu Wang

Beijing University of Posts and Telecommunications, China

China

Li Li

Monash University, Australia

Australia

Guangdong Bai

Griffith University

Yao Guo

Peking University

China

Guoai Xu

Beijing University of Posts and Telecommunications

To ensure security and privacy, Android employs a permission mechanism which requires developers to explicitly declare the permissions needed by their applications (apps). Users must grant those permissions before they install apps or during runtime. This mechanism protects users’ private data, but also imposes additional requirements on developers. For permission declaration, developers need knowledge about what permissions are necessary to implement various features of their apps, which is difficult to acquire due to the incompleteness of Android documentation. To address this problem, we present a novel permission recommendation system named PerRec for Android apps. PerRec leverages mining-based techniques and data fusion methods to recommend permissions for given apps according to their used APIs and API descriptions. The recommendation scores of potential permissions are calculated by a composition of two techniques which are implemented as two components of PerRec: a collaborative filtering component which measures similarities between apps based on semantic similarities between APIs; and a content-based recommendation component which automatically constructs profiles for potential permissions from existing apps. The two components are combined in PerRec for better performance. We have evaluated PerRec on 730 apps collected from Google Play and F-Droid, a repository of free and open source Android apps. Experimental results show that our approach significantly improves the state-of-the-art approaches APRec_CF_correlation , APRec_TEXT and Axplorer.

Link to Publication: https://xin-xia.github.io/publication/AUSE19.pdf

Zhongxin Liu

Zhejiang University

China

Xin Xia

Monash University

Australia

David Lo

Singapore Management University

Singapore

John Grundy

Monash University

Australia

The fragmentation issue spreads over multiple mobile platforms such as Android, iOS, mobile web and even WeChat, which hinders test scripts from running across platforms. To reduce the cost of adapting scripts for various platforms, some existing tools apply conventional computer vision techniques to replay the same script on multiple platforms automatically. However, because these solutions can hardly identify dynamic or similar widgets, it becomes difficult for engineers to apply them in practice. In this paper, we present an image-driven tool, namely LIRAT, to record and replay test scripts cross platforms, solving the problem of test script cross-platform replay for the first time. LIRAT records screenshots and layouts of the widgets, and leverages image understanding techniques to locate them in the replay process. Based on accurate widget localization, LIRAT supports replaying test scripts across devices and platforms. We employed LIRAT to replay 25 scripts from 5 application across 8 Android devices and 2 iOS devices. The results show that LIRAT can replay 88% scripts on Android platforms and 60% on iOS platforms.

Shengcheng Yu

Nanjing University, China

China

Chunrong Fang

Nanjing University

Yang Feng

University of California, Irvine

United States

Wenyuan Zhao

Nanjing University

Zhenyu Chen

Nanjing University

China

Automated input generators must constantly choose which UI element to interact with and how to interact with it, in order to achieve high coverage with a limited time budget. Currently, most black-box input generators adopt pseudo-random or brute-force searching strategies, which may take very long to find the correct combination of inputs that can drive the app into new and important states. We propose Humanoid, a deep learning-based approach to automated black-box Android app testing, which can explore the app more efficiently. The key technique behind Humanoid is a deep neural network model that can learn how human users choose actions based on an app’s GUI from human interaction traces . The learned model can be used to guide test input generation to achieve higher coverage. Experiments on both open-source apps and market apps demonstrate that Humanoid is able to reach higher coverage, and faster as well, than the state-of-the-art test input generators. Humanoid is open-sourced at https://github.com/yzygitzh/Humanoid and a demo video can be found at https://youtu.be/PDRxDrkyORs.

Yuanchun Li

Peking University

Ziyue Yang

Peking University

Yao Guo

Peking University

China

Xiangqun Chen

Peking University