Write a Blog >>
ASE 2020
Mon 21 - Fri 25 September 2020 Melbourne, Australia
ASE 2020 (series) / Research Papers /

UI Obfuscation and Its Effects on Automated UI Analysis for Android Apps

Hao Zhou, Ting Chen, Haoyu Wang, Le Yu, Xiapu Luo, Ting Wang, Wei Zhang
ASE 2020 Research Papers
Tue 22 Sep 2020 09:30 - 09:50 at Koala - Mobile App (1) Chair(s): Jacques Klein

The UI driven nature of Android apps has motivated the development of automated UI analysis for various purposes, such as app analysis, malicious app detection, and app testing. Although existing automated UI analysis methods have demonstrated their capability in dissecting apps’ UI, little is known about their effectiveness in the face of app protection techniques, which have been adopted by more and more apps. In this paper, we take a first step to systematically investigate UI obfuscation for Android apps and its effects on automated UI analysis. In particular, we point out the weaknesses in existing automated UI analysis methods and design 9 UI obfuscation approaches. We implement these approaches in a new tool named UIObfuscator after tackling several technical challenges. Moreover, we feed 3 kinds of tools that rely on automated UI analysis with the apps protected by UIObfuscator, and find that their performances severely drop. This work reveals limitations of automated UI analysis and sheds light on app protection techniques.

small-avatar
Hao Zhou
The Hong Kong Polytechnic University
China
small-avatar
Ting Chen
University of Electronic Science and Technology of China
small-avatar
Haoyu Wang
Beijing University of Posts and Telecommunications, China
China
small-avatar
Le Yu
The Hong Kong Polytechnic University
small-avatar
Xiapu Luo
The Hong Kong Polytechnic University
small-avatar
Ting Wang
Penn State University
small-avatar
Wei Zhang
Nanjing University of Posts and Telecommunications

Tue 22 Sep
Times are displayed in time zone: (UTC) Coordinated Universal Time

09:10 - 10:10: Mobile App (1)Research Papers / Tool Demonstrations at Koala
Chair(s): Jacques KleinUniversity of Luxembourg, Luxembourg
09:10 - 09:30
Talk		Demystifying Diehard Android Apps
Research Papers
Hao ZhouThe Hong Kong Polytechnic University, Haoyu WangBeijing University of Posts and Telecommunications, China, Yajin ZhouZhejiang University, Xiapu LuoThe Hong Kong Polytechnic University, Yutian TangShanghaiTech University, Lei XueThe Hong Kong Polytechnic University, Ting WangPenn State University
09:30 - 09:50
Talk		UI Obfuscation and Its Effects on Automated UI Analysis for Android Apps
Research Papers
Hao ZhouThe Hong Kong Polytechnic University, Ting ChenUniversity of Electronic Science and Technology of China, Haoyu WangBeijing University of Posts and Telecommunications, China, Le YuThe Hong Kong Polytechnic University, Xiapu LuoThe Hong Kong Polytechnic University, Ting WangPenn State University, Wei ZhangNanjing University of Posts and Telecommunications
09:50 - 10:00
Talk		FILO: FIx-LOcus Localization for Backward Incompatibilities Caused by Android Framework Upgrades
Tool Demonstrations
Marco MobilioUniversity of Milano Bicocca, Oliviero RiganelliUniversity of Milano-Bicocca, Italy, Daniela MicucciUniversity of Milano-Bicocca, Italy, Leonardo MarianiUniversity of Milano Bicocca

Demystifying Diehard Android Apps Research Papers

Session: Mobile App (1) Tue 22 Sep 2020 09:10 - 10:10 Chair(s): Jacques KleinUniversity of Luxembourg, Luxembourg

Smartphone vendors are using multiple methods to kill processes of Android apps to reduce the battery consumption. This motivates developers to find ways to extend the liveness time of their apps, hence the name diehard apps in this paper. Although there are blogs and articles illustrating methods to achieve this purpose, there is no systematic research about them. What’s more important, little is known about the prevalence of diehard apps in the wild. In this paper, we take a first step to systematically investigate diehard apps by answering the following research questions. First, why and how can they circumvent the resource-saving mechanisms of Android? Second, how prevalent are they in the wild? In particular, we conduct a semi-automated analysis to illustrate insights why existing methods to kill app processes could be evaded, and then systematically present 12 diehard methods. After that, we develop a system named DiehardDetector to detect diehard apps in a large scale. The experimental result of applying DiehardDetector to more than 80k Android apps downloaded from Google Play showed that around 21% of apps adopt various diehard methods. Moreover, our system can achieve high precision and recall.

small-avatar
Hao Zhou
The Hong Kong Polytechnic University
China
small-avatar
Haoyu Wang
Beijing University of Posts and Telecommunications, China
China
small-avatar
Yajin Zhou
Zhejiang University
small-avatar
Xiapu Luo
The Hong Kong Polytechnic University
Yutian Tang
Yutian Tang
ShanghaiTech University
China
small-avatar
Lei Xue
The Hong Kong Polytechnic University
small-avatar
Ting Wang
Penn State University
All Details Close

UI Obfuscation and Its Effects on Automated UI Analysis for Android Apps Research Papers

Session: Mobile App (1) Tue 22 Sep 2020 09:10 - 10:10 Chair(s): Jacques KleinUniversity of Luxembourg, Luxembourg

The UI driven nature of Android apps has motivated the development of automated UI analysis for various purposes, such as app analysis, malicious app detection, and app testing. Although existing automated UI analysis methods have demonstrated their capability in dissecting apps’ UI, little is known about their effectiveness in the face of app protection techniques, which have been adopted by more and more apps. In this paper, we take a first step to systematically investigate UI obfuscation for Android apps and its effects on automated UI analysis. In particular, we point out the weaknesses in existing automated UI analysis methods and design 9 UI obfuscation approaches. We implement these approaches in a new tool named UIObfuscator after tackling several technical challenges. Moreover, we feed 3 kinds of tools that rely on automated UI analysis with the apps protected by UIObfuscator, and find that their performances severely drop. This work reveals limitations of automated UI analysis and sheds light on app protection techniques.

small-avatar
Hao Zhou
The Hong Kong Polytechnic University
China
small-avatar
Ting Chen
University of Electronic Science and Technology of China
small-avatar
Haoyu Wang
Beijing University of Posts and Telecommunications, China
China
small-avatar
Le Yu
The Hong Kong Polytechnic University
small-avatar
Xiapu Luo
The Hong Kong Polytechnic University
small-avatar
Ting Wang
Penn State University
small-avatar
Wei Zhang
Nanjing University of Posts and Telecommunications
All Details Close

FILO: FIx-LOcus Localization for Backward Incompatibilities Caused by Android Framework Upgrades Tool Demonstrations

Session: Mobile App (1) Tue 22 Sep 2020 09:10 - 10:10 Chair(s): Jacques KleinUniversity of Luxembourg, Luxembourg
Session: Tool Demo Showcase (3) Thu 24 Sep 2020 10:20 - 11:20 Chair(s): Csaba NagySoftware Institute - USI, Lugano, Switzerland

Mobile operating systems evolve quickly, frequently updating the APIs that app developers use to build their apps. Unfortunately, API updates do not always guarantee backward compatibility, causing apps to not longer work properly or even crash when running with an updated system. This paper presents FILO, a tool that assists Android developers in resolving backward compatibility issues introduced by API upgrades. FILO both suggests the method that needs to be modified in the app in order to adapt the app to an upgraded API, and reports key symptoms observed in the failed execution to facilitate the fixing activity. Results obtained with the analysis of 12 actual upgrade problems and the feedback produced by early tool adopters show that FILO can practically support Android developers. FILO can be downloaded from https://gitlab.com/learnERC/filo, and its video demonstration is available at https://youtu.be/WDvkKj-wnlQ.

Marco Mobilio
Marco Mobilio
University of Milano Bicocca
Italy
Oliviero Riganelli
Oliviero Riganelli
University of Milano-Bicocca, Italy
Daniela Micucci
Daniela Micucci
University of Milano-Bicocca, Italy
Italy
Leonardo Mariani
Leonardo Mariani
University of Milano Bicocca
Italy
All Details Close