Blogs (1) >>
ASE 2019
Sun 10 - Fri 15 November 2019 San Diego, California, United States
ASE 2019 (series) / Research Papers /

DaPanda: Detecting Aggressive Push Notification in Android Apps

Tianming Liu, Haoyu Wang, Li Li, Guangdong Bai, Yao Guo, Guoai Xu
ASE 2019 Research Papers
Tue 12 Nov 2019 11:20 - 11:40 at Hillcrest - Mobile 1 Chair(s): Marouane Kessentini

Mobile push notification is widely used in mobile platforms to deliver all sorts of information to app users. Although it offers great convenience for both app developers and mobile users, this feature was recurrently reported to serve malicious and aggressive purposes, such as delivering annoying push notification advertisement. However, to the best of our knowledge, our research community has not touched the problem yet, neither providing techniques to detect/prevent them, nor characterizing this issue in the mobile app ecosystem at large-scale. This paper presents the first study to detect aggressive push notifications and further characterize them in large-scale. To this end, we first provide a taxonomy of mobile push notifications and pick out the aggressive ones using a crowdsourcing-based method. Then we propose DaPANDA, a novel hybrid approach, aiming at automatically detecting aggressive push notifications in Android apps. DaPANDA leverages a guided testing approach to systematically trigger and consume push notifications. By instrumenting the Android framework, DaPANDA further collects all the notification-relevant runtime information for flagging aggressive ones. Our experimental results show that DaPANDA is capable of detecting aggressive push notifications across the spectrum of aggressive types. By applying DaPANDA to 20,000 Android apps, it yields over 1,000 aggressive notifications that are further confirmed to be true positives and are shared with our community to promote advanced approaches for detecting aggressive mobile push notifications.

small-avatar
Tianming Liu
Beijing University of Posts and Telecommunications, China
China
small-avatar
Haoyu Wang
Beijing University of Posts and Telecommunications, China
China
Li Li
Li Li
Monash University, Australia
Australia
small-avatar
Guangdong Bai
Griffith University
small-avatar
Yao Guo
Peking University
China
small-avatar
Guoai Xu
Beijing University of Posts and Telecommunications

Tue 12 Nov

ase-2019-paper-presentations
10:40 - 12:20: Papers - Mobile 1 at Hillcrest
Chair(s): Marouane KessentiniUniversity of Michigan
ase-2019-papers10:40 - 11:00
Talk		Test Transfer Across Mobile Apps Through Semantic Mapping
Jun-Wei LinUniversity of California, Irvine, Reyhaneh JabbarvandUniversity of California, Irvine, Sam MalekUniversity of California, Irvine
ase-2019-papers11:00 - 11:20
Talk		Test Migration Between Mobile Apps with Similar Functionality
Farnaz BehrangGeorgia Tech, Alessandro OrsoGeorgia Tech
ase-2019-papers11:20 - 11:40
Talk		DaPanda: Detecting Aggressive Push Notification in Android Apps
Tianming LiuBeijing University of Posts and Telecommunications, China, Haoyu WangBeijing University of Posts and Telecommunications, China, Li LiMonash University, Australia, Guangdong BaiGriffith University, Yao GuoPeking University, Guoai Xu Beijing University of Posts and Telecommunications
ase-2019-Journal-First-Presentations11:40 - 12:00
Talk		Automatic, highly accurate app permission recommendation
Zhongxin LiuZhejiang University, Xin XiaMonash University, David LoSingapore Management University, John GrundyMonash University
Link to publication
ase-2019-Demonstrations12:00 - 12:10
Demonstration		LIRAT: Layout and Image Recognition Driving Automated Mobile Testing of Cross-Platform
Shengcheng YuNanjing University, China, Chunrong FangNanjing University, Yang FengUniversity of California, Irvine, Wenyuan ZhaoNanjing University, Zhenyu ChenNanjing University
ase-2019-Demonstrations12:10 - 12:20
Demonstration		Humanoid: A Deep Learning-based Approach to Automated Black-box Android App Testing
Yuanchun LiPeking University, Ziyue YangPeking University, Yao GuoPeking University, Xiangqun ChenPeking University

Test Transfer Across Mobile Apps Through Semantic Mapping Research Papers

Session: Mobile 1 Chair(s): Marouane KessentiniUniversity of Michigan

GUI-based testing has been primarily used to examine the functionality and usability of mobile apps. Despite the numerous GUI-based test input generation techniques proposed in the literature, these techniques are still limited by (1) lack of context-aware text inputs; (2) failing to generate expressive tests; and (3) absence of test oracles. To address these limitations, we propose CraftDroid, a framework that leverages information retrieval, along with static and dynamic analysis techniques, to extract the human knowledge from an existing test suite for one app and transfer the test cases and oracles to be used for testing other apps with the similar functionalities. Evaluation of CraftDroid on real-world commercial Android apps corroborates its effectiveness by achieving 73% precision and 90% recall on average for transferring both the GUI events and oracles. In addition, 75% of the attempted transfers successfully generated valid and feature-based tests for popular features among apps in the same category.

Jun-Wei Lin
Jun-Wei Lin
University of California, Irvine
United States
Reyhaneh Jabbarvand
Reyhaneh Jabbarvand
University of California, Irvine
United States
Sam Malek
Sam Malek
University of California, Irvine
United States
All Details Close

Test Migration Between Mobile Apps with Similar Functionality Research Papers

Session: Mobile 1 Chair(s): Marouane KessentiniUniversity of Michigan

The use of mobile apps is increasingly widespread, and much effort is put into testing these apps to make sure they behave as intended. To reduce this effort, and thus the overall cost of mobile app testing, we propose AppTestMigrator, a technique for migrating test cases between apps in the same category (e.g., banking apps). The intuition behind AppTestMigrator is that many apps share similarities in their functionality, and these similarities often result in conceptually similar user interfaces (through which that functionality is accessed). AppTestMigrator leverages these commonalities between user interfaces to migrate existing tests written for an app to another similar app. Specifically, given (1) a test case for an app (source app) and (2) a second app (target app), AppTestMigrator attempts to automatically transform the sequence of events and oracles in the test for the source app to events and oracles for the target app. We implemented AppTestMigrator for Android mobile apps and evaluated it on a set of randomly selected apps from the Google Play Store in four different categories. Our initial results are promising, support our intuition that test migration is possible, and motivate further research in this direction.

Farnaz Behrang
Farnaz Behrang
Georgia Tech
Alessandro Orso
Alessandro Orso
Georgia Tech
United States
All Details Close

DaPanda: Detecting Aggressive Push Notification in Android Apps Research Papers

Session: Mobile 1 Chair(s): Marouane KessentiniUniversity of Michigan

Mobile push notification is widely used in mobile platforms to deliver all sorts of information to app users. Although it offers great convenience for both app developers and mobile users, this feature was recurrently reported to serve malicious and aggressive purposes, such as delivering annoying push notification advertisement. However, to the best of our knowledge, our research community has not touched the problem yet, neither providing techniques to detect/prevent them, nor characterizing this issue in the mobile app ecosystem at large-scale. This paper presents the first study to detect aggressive push notifications and further characterize them in large-scale. To this end, we first provide a taxonomy of mobile push notifications and pick out the aggressive ones using a crowdsourcing-based method. Then we propose DaPANDA, a novel hybrid approach, aiming at automatically detecting aggressive push notifications in Android apps. DaPANDA leverages a guided testing approach to systematically trigger and consume push notifications. By instrumenting the Android framework, DaPANDA further collects all the notification-relevant runtime information for flagging aggressive ones. Our experimental results show that DaPANDA is capable of detecting aggressive push notifications across the spectrum of aggressive types. By applying DaPANDA to 20,000 Android apps, it yields over 1,000 aggressive notifications that are further confirmed to be true positives and are shared with our community to promote advanced approaches for detecting aggressive mobile push notifications.

small-avatar
Tianming Liu
Beijing University of Posts and Telecommunications, China
China
small-avatar
Haoyu Wang
Beijing University of Posts and Telecommunications, China
China
Li Li
Li Li
Monash University, Australia
Australia
small-avatar
Guangdong Bai
Griffith University
small-avatar
Yao Guo
Peking University
China
small-avatar
Guoai Xu
Beijing University of Posts and Telecommunications
All Details Close

Automatic, highly accurate app permission recommendation Journal First Presentations

Session: Mobile 1 Chair(s): Marouane KessentiniUniversity of Michigan

To ensure security and privacy, Android employs a permission mechanism which requires developers to explicitly declare the permissions needed by their applications (apps). Users must grant those permissions before they install apps or during runtime. This mechanism protects users’ private data, but also imposes additional requirements on developers. For permission declaration, developers need knowledge about what permissions are necessary to implement various features of their apps, which is difficult to acquire due to the incompleteness of Android documentation. To address this problem, we present a novel permission recommendation system named PerRec for Android apps. PerRec leverages mining-based techniques and data fusion methods to recommend permissions for given apps according to their used APIs and API descriptions. The recommendation scores of potential permissions are calculated by a composition of two techniques which are implemented as two components of PerRec: a collaborative filtering component which measures similarities between apps based on semantic similarities between APIs; and a content-based recommendation component which automatically constructs profiles for potential permissions from existing apps. The two components are combined in PerRec for better performance. We have evaluated PerRec on 730 apps collected from Google Play and F-Droid, a repository of free and open source Android apps. Experimental results show that our approach significantly improves the state-of-the-art approaches APRec_CF_correlation , APRec_TEXT and Axplorer.

Link to Publication: https://xin-xia.github.io/publication/AUSE19.pdf

small-avatar
Zhongxin Liu
Zhejiang University
China
Xin Xia
Xin Xia
Monash University
Australia
David Lo
David Lo
Singapore Management University
Singapore
John Grundy
John Grundy
Monash University
Australia
All Details Close

LIRAT: Layout and Image Recognition Driving Automated Mobile Testing of Cross-Platform Demonstrations

Session: Poster Session: Tool Demonstrations 1, Mobile 1 Chair(s): Marouane KessentiniUniversity of Michigan

The fragmentation issue spreads over multiple mobile platforms such as Android, iOS, mobile web and even WeChat, which hinders test scripts from running across platforms. To reduce the cost of adapting scripts for various platforms, some existing tools apply conventional computer vision techniques to replay the same script on multiple platforms automatically. However, because these solutions can hardly identify dynamic or similar widgets, it becomes difficult for engineers to apply them in practice. In this paper, we present an image-driven tool, namely LIRAT, to record and replay test scripts cross platforms, solving the problem of test script cross-platform replay for the first time. LIRAT records screenshots and layouts of the widgets, and leverages image understanding techniques to locate them in the replay process. Based on accurate widget localization, LIRAT supports replaying test scripts across devices and platforms. We employed LIRAT to replay 25 scripts from 5 application across 8 Android devices and 2 iOS devices. The results show that LIRAT can replay 88% scripts on Android platforms and 60% on iOS platforms.

Shengcheng Yu
Shengcheng Yu
Nanjing University, China
China
small-avatar
Chunrong Fang
Nanjing University
Yang Feng
Yang Feng
University of California, Irvine
United States
small-avatar
Wenyuan Zhao
Nanjing University
Zhenyu Chen
Zhenyu Chen
Nanjing University
China
All Details Close

Humanoid: A Deep Learning-based Approach to Automated Black-box Android App Testing Demonstrations

Session: Poster Session: Tool Demonstrations 3, Mobile 1 Chair(s): Marouane KessentiniUniversity of Michigan

Automated input generators must constantly choose which UI element to interact with and how to interact with it, in order to achieve high coverage with a limited time budget. Currently, most black-box input generators adopt pseudo-random or brute-force searching strategies, which may take very long to find the correct combination of inputs that can drive the app into new and important states. We propose Humanoid, a deep learning-based approach to automated black-box Android app testing, which can explore the app more efficiently. The key technique behind Humanoid is a deep neural network model that can learn how human users choose actions based on an app’s GUI from human interaction traces . The learned model can be used to guide test input generation to achieve higher coverage. Experiments on both open-source apps and market apps demonstrate that Humanoid is able to reach higher coverage, and faster as well, than the state-of-the-art test input generators. Humanoid is open-sourced at https://github.com/yzygitzh/Humanoid and a demo video can be found at https://youtu.be/PDRxDrkyORs.

small-avatar
Yuanchun Li
Peking University
small-avatar
Ziyue Yang
Peking University
small-avatar
Yao Guo
Peking University
China
small-avatar
Xiangqun Chen
Peking University
All Details Close