no description available

Jacques Klein

University of Luxembourg

Sam Malek

University of California at Irvine, USA

United States

Guozhu Meng

Institute of Information Engineering, Chinese Academy of Sciences

China

Xiao Chen

Monash University

Australia

Ting Su

East China Normal University

China

Mobile apps, an essential technology in today’s world, should provide equal access to all, including 15% of the world population with disabilities. Assistive Technologies (AT), with the help of Accessibility APIs, provide alternative ways of interaction with apps for disabled users who cannot see or touch the screen. Prior studies have shown that mobile apps are prone to the \textit{under-access} problem, i.e., a condition in which functionalities in an app are not accessible to disabled users, even with the use of ATs. We study the dual of this problem, called the \textit{over-access} problem, and defined as a condition in which an AT can be used to gain access to functionalities in an app that are inaccessible otherwise. Over-access has severe security and privacy implications, allowing one to bypass protected functionalities using ATs, e.g., using VoiceOver to read notes on a locked phone. Over-access also degrades the accessibility of apps by presenting to disabled users information that is actually not intended to be available on a screen, thereby confusing and hindering their ability to effectively navigate. In this work, we first empirically study overly accessible elements in Android apps and define a set of conditions that can result in over-access problem. We then present OverSight, an automated framework that leverages these conditions to detect overly accessible elements and verifies their accessibility dynamically using an AT. Our empirical evaluation of OverSight on real-world apps demonstrates OverSight’s effectiveness in detecting previously unknown security threats, workflow violations, and accessibility issues.

Forough Mehralian

University of California at Irvine

United States

Navid Salehnamadi

University of California at Irvine

United States

Syed Fatiul Huq

University of California, Irvine

Sam Malek

University of California at Irvine, USA

United States

Accessibility is a critical software quality affecting more than 15% of the world’s population with some form of disabilities. Modern mobile platforms, i.e., iOS and Android, provide guidelines and testing tools for developers to assess the accessibility of their apps. The main focus of the testing tools is on examining a particular screen’s compliance with some predefined rules derived from accessibility guidelines. Unfortunately, these tools cannot detect accessibility issues that manifest themselves in interactions with apps using assistive services, e.g., screen readers. A few recent studies have proposed assistive-service driven testing; however, they require manually constructed inputs from developers to evaluate a specific screen or presume availability of UI test cases. In this work, we propose an automated accessibility crawler for mobile apps, Groundhog, that explores an app with the purpose of finding accessibility issues without any manual effort from developers. \textit{Groundhog} assesses the functionality of UI elements in an app with and without assistive services and pinpoints accessibility issues with an intuitive video of how to replicate them. Our experiments show \textit{Groundhog} is highly effective in detecting accessibility barriers that existing techniques cannot discover. Powered by \textit{Groundhog}, we conducted an empirical study on a large set of real-world apps and found new classes of critical accessibility issues that should be the focus of future work in this area.

Navid Salehnamadi

University of California at Irvine

United States

Forough Mehralian

University of California at Irvine

United States

Sam Malek

University of California at Irvine, USA

United States

no description available

Jacques Klein

University of Luxembourg

Sam Malek

University of California at Irvine, USA

United States

Guozhu Meng

Institute of Information Engineering, Chinese Academy of Sciences

China

Xiao Chen

Monash University

Australia

Ting Su

East China Normal University

China