ReuNify: A Step Towards Whole Program Analysis for React Native Android App
React Native is a widely-used open-source framework that facilitates the development of cross-platform mobile apps. The framework enables JavaScript code to interact with native-side code, such as Objective-C/Swift for iOS and Java/Kotlin for Android, via a communication mechanism provided by React Native. However, previous research and tools have overlooked this mechanism, resulting in incomplete analysis of React Native app code. To address this limitation, we have developed REUNIFY, a prototype tool that integrates the JavaScript and native-side code of React Native apps into an intermediate language that can be processed by the Soot static analysis framework. By doing so, REUNIFY enables the generation of a comprehensive model of the app’s behavior. Our evaluation indicates that, by leveraging REUNIFY, the Soot-based framework can improve its coverage of static analysis for the 1,007 most popular React Native Android apps, augmenting the number of lines of Jimple code by 70%. Additionally, we observed an average increase of 84% in new nodes reached in the callgraph for these apps, after integrating REUNIFY. When REUNIFY is used for taint flow analysis, an average of two additional privacy leaks were identified. Overall, our results demonstrate that REUNIFY significantly enhances the Soot-based framework’s capability to analyze React Native Android apps.
Thu 14 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
13:30 - 15:00 | Mobile Development 2Research Papers / Industry Showcase (Papers) / Journal-first Papers / Tool Demonstrations at Room D Chair(s): Jordan Samhi CISPA Helmholtz Center for Information Security | ||
13:30 12mTalk | Enhancing Mobile App Bug Reporting via Real-Time Understanding of Reproduction Steps Journal-first Papers Mattia Fazzini University of Minnesota, Kevin Moran George Mason University, Carlos Bernal-Cárdenas Microsoft, Tyler Wendland University of Minnesota, Alessandro Orso Georgia Institute of Technology, Denys Poshyvanyk William & Mary | ||
13:42 12mTalk | AutoDebloater: Automated Android App Debloating Tool Demonstrations Jiakun Liu Singapore Management University, Xing Hu Zhejiang University, Ferdian Thung Singapore Management University, Shahar Maoz Tel Aviv University, Eran Toch Tel Aviv University, Debin Gao Singapore Management University, David Lo Singapore Management University | ||
13:54 12mTalk | ReuNify: A Step Towards Whole Program Analysis for React Native Android App Research Papers Yonghui Liu Monash University, Xiao Chen Monash University, Pei Liu Data61 at CSIRO, Australia, John Grundy Monash University, Chunyang Chen Monash University, Li Li Beihang University Pre-print | ||
14:06 12mTalk | WeMinT: Tainting Sensitive Data Leaks in WeChat Mini-Programs Research Papers Shi Meng Beijing University of Posts and Telecommunications, Liu Wang Beijing University of Posts and Telecommunications, Shenao Wang Xidian University, Kailong Wang Huazhong University of Science and Technology, Xusheng Xiao Arizona State University, Guangdong Bai University of Queensland, Haoyu Wang Huazhong University of Science and Technology | ||
14:18 12mTalk | Vision-based Widget Mapping for Test Migration across Mobile Platforms: Are We There Yet? Research Papers Ruihua Ji Nanjing University, Tingwei Zhu Nanjing University, Xiaoqing Zhu Nanjing University, Chunyang Chen Monash University, Minxue Pan Nanjing University, Tian Zhang Nanjing University | ||
14:30 12mTalk | Government Mobile Apps: Analysing Citizen Feedback via App Reviews Industry Showcase (Papers) Tooba Aamir Data61 at CSIRO, Australia, Mohan Baruwal Chhetri CSIRO’s Data61, M.A.P. Chamikara Data61 CSIRO Australia, Marthie Grobler CSIRO's Data61 | ||