DaPanda: Detecting Aggressive Push Notification in Android Apps
Mobile push notification is widely used in mobile platforms to deliver all sorts of information to app users. Although it offers great convenience for both app developers and mobile users, this feature was recurrently reported to serve malicious and aggressive purposes, such as delivering annoying push notification advertisement. However, to the best of our knowledge, our research community has not touched the problem yet, neither providing techniques to detect/prevent them, nor characterizing this issue in the mobile app ecosystem at large-scale. This paper presents the first study to detect aggressive push notifications and further characterize them in large-scale. To this end, we first provide a taxonomy of mobile push notifications and pick out the aggressive ones using a crowdsourcing-based method. Then we propose DaPANDA, a novel hybrid approach, aiming at automatically detecting aggressive push notifications in Android apps. DaPANDA leverages a guided testing approach to systematically trigger and consume push notifications. By instrumenting the Android framework, DaPANDA further collects all the notification-relevant runtime information for flagging aggressive ones. Our experimental results show that DaPANDA is capable of detecting aggressive push notifications across the spectrum of aggressive types. By applying DaPANDA to 20,000 Android apps, it yields over 1,000 aggressive notifications that are further confirmed to be true positives and are shared with our community to promote advanced approaches for detecting aggressive mobile push notifications.
Tue 12 Nov
10:40 - 11:00 Talk | Test Transfer Across Mobile Apps Through Semantic Mapping Jun-Wei LinUniversity of California, Irvine, Reyhaneh JabbarvandUniversity of California, Irvine, Sam MalekUniversity of California, Irvine | |||||||||||||||||||||||||||||||||||||||||
11:00 - 11:20 Talk | Test Migration Between Mobile Apps with Similar Functionality | |||||||||||||||||||||||||||||||||||||||||
11:20 - 11:40 Talk | DaPanda: Detecting Aggressive Push Notification in Android Apps Tianming LiuBeijing University of Posts and Telecommunications, China, Haoyu WangBeijing University of Posts and Telecommunications, China, Li LiMonash University, Australia, Guangdong BaiGriffith University, Yao GuoPeking University, Guoai Xu Beijing University of Posts and Telecommunications | |||||||||||||||||||||||||||||||||||||||||
11:40 - 12:00 Talk | Automatic, highly accurate app permission recommendation Zhongxin LiuZhejiang University, Xin XiaMonash University, David LoSingapore Management University, John GrundyMonash University Link to publication | |||||||||||||||||||||||||||||||||||||||||
12:00 - 12:10 Demonstration | LIRAT: Layout and Image Recognition Driving Automated Mobile Testing of Cross-Platform Shengcheng YuNanjing University, China, Chunrong FangNanjing University, Yang FengUniversity of California, Irvine, Wenyuan ZhaoNanjing University, Zhenyu ChenNanjing University | |||||||||||||||||||||||||||||||||||||||||
12:10 - 12:20 Demonstration | Humanoid: A Deep Learning-based Approach to Automated Black-box Android App Testing Yuanchun LiPeking University, Ziyue YangPeking University, Yao GuoPeking University, Xiangqun ChenPeking University |