Write a Blog >>
Tue 11 Oct 2022 12:10 - 12:30 at Gold A - Technical Session 4 - Mobile Apps I Chair(s): Jacques Klein

Inter-component communication (ICC) is a widely used mechanism in mobile apps, which enables message-based control flow transferring and data passing between Android components. Effective ICC resolution requires precisely identifying entry points, analyzing data values of ICC fields, modeling related framework APIs, etc. Due to various control-flow- and data-flow-related characteristics involved and the lack of oracles for real-world apps, the comprehensive evaluation of ICC resolution techniques is challenging.

To fill this gap, we collect multiple-type benchmark suites with 4,104 apps, covering hand-made apps, open-source, and commercial ones. Considering their differences, various evaluation metrics, e.g., number count, graph structure, and reliable oracle based metrics, are adopted on-demand. As the oracle for real-world apps is unavailable, we design a dynamic analysis approach to extract the real ICC links triggered during GUI exploration. By auditing the code implementations, we carefully check the extracted ICCs and confirm 1,680 ones to form a reliable oracle set, in which each ICC is labeled with 25 code characteristic tags. The evaluation performed on six state-of-the-art ICC resolution tools shows that 1) the completeness of static ICC resolution results on real-world apps is not satisfactory, as up to 39%-85% ICCs are missed by tools; 2) many wrongly reported ICCs are sent from or received by only a few components and the graph structure information can help the identification; 3) the efficiency of fundamental tools, like ICC resolution ones, should be optimized in both engineering and research aspects, as users may set time limits when invoking them. By investigating both the missed and wrongly reported ICCs, we discuss the strengths of different tools for users and summarize eight common FN/FP patterns in ICC resolution for tool developers.

Tue 11 Oct

Displayed time zone: Eastern Time (US & Canada) change

10:30 - 12:30
Technical Session 4 - Mobile Apps IResearch Papers / NIER Track / Industry Showcase / Journal-first Papers / Tool Demonstrations at Gold A
Chair(s): Jacques Klein University of Luxembourg
Research paper
Mining Android API Usage to Generate Unit Test Cases for Pinpointing Compatibility Issues
Research Papers
Xiaoyu Sun Monash University, Xiao Chen Monash University, Yanjie Zhao Monash University, Pei Liu Monash University, John Grundy Monash University, Li Li Monash University
DOI Pre-print
Automated, Cost-effective, and Update-driven App TestingVirtual
Journal-first Papers
Chanh-Duc Ngo University of Luxembourg, Fabrizio Pastore University of Luxembourg, Lionel Briand University of Luxembourg; University of Ottawa
Link to publication
Industry talk
Fastbot2: Reusable Automated Model-based GUI Testing for Android Enhanced by Reinforcement LearningVirtual
Industry Showcase
Zhengwei Lv ByteDance, Chao Peng ByteDance, China, Zhao Zhang Bytedance Network Technology, Ting Su East China Normal University, Kai Liu Bytedance, Ping Yang Bytedance Network Technology
Vision and Emerging Results
Right to Know, Right to Refuse: Towards UI Perception-Based Automated Fine-Grained Permission Controls for Android AppsVirtual
NIER Track
Vikas K. Malviya Singapore Management University, Chee Wei Leow Singapore Management University, Ashok Kasthuri Singapore Management University, Yan Naing Tun Singapore Management University, Lwin Khin Shar Singapore Management University, Lingxiao Jiang Singapore Management University
Pre-print Media Attached
Research paper
MalWhiteout: Reducing Label Errors in Android Malware DetectionVirtual
Research Papers
Liu Wang Beijing University of Posts and Telecommunications, Haoyu Wang Huazhong University of Science and Technology, China, Xiapu Luo Hong Kong Polytechnic University, Yulei Sui University of Technology Sydney
AUSERA: Automated Security Vulnerability Detection for Android AppsVirtual
Tool Demonstrations
Sen Chen Tianjin University, Yuxin Zhang Tianjin University, Lingling Fan Nankai University, Jiaming Li Tianjin University, Yang Liu Nanyang Technological University
Research paper
A Comprehensive Evaluation of Android ICC Resolution TechniquesVirtual
Research Papers
Jiwei Yan Institute of Software at Chinese Academy of Sciences, China, Shixin Zhang Beijing Jiaotong University, China, Yepang Liu Southern University of Science and Technology, Xi Deng Institute of Software, Chinese Academy of Sciences, Jun Yan Institute of Software at Chinese Academy of Sciences, China, Jian Zhang Institute of Software at Chinese Academy of Sciences, China
DOI Pre-print