Write a Blog >>
ICSE 2022
Sun 8 - Fri 27 May 2022
Mon 9 May 2022 21:00 - 21:05 at ICSE room 1-odd hours - Apps and App Store Analysis 1 Chair(s): John Grundy
Thu 12 May 2022 13:10 - 13:15 at ICSE room 3-odd hours - Apps and App Store Analysis 2 Chair(s): Julian Dolby
Wed 25 May 2022 13:55 - 14:00 at Room 301+302 - Papers 9: Requirements, Design and App Analysis Chair(s): Rick Kazman

Native code is now commonplace within Android app packages where it co-exists and interacts with Dex bytecode through the Java Native Interface to deliver rich app functionalities. Yet, state-of-the-art static analysis approaches have mostly overlooked the presence of such native code, which, however, may implement some key sensitive, or even malicious, parts of the app behavior. This limitation of the state of the art is a severe threat to validity in a large range of static analyses that do not have a complete view of the executable code in apps. To address this issue, we propose a new advance in the ambitious research direction of building a unified model of all code in Android apps. The JuCify approach presented in this paper is a significant step towards such a model, where we extract and merge call graphs of native code and bytecode to make the final model readily-usable by a common Android analysis framework: in our implementation, JuCify builds on the Soot internal intermediate representation. We performed empirical investigations to highlight how, without the unified model, a significant amount of Java methods called from the native code are ``unreachable'' in apps’ call-graphs, both in goodware and malware. Using JuCify, we were able to enable static analyzers to reveal cases where malware relied on native code to hide invocation of payment library code or of other sensitive code in the Android framework. Additionally, JuCify’s model enables state-of-the-art tools to achieve better precision and recall in detecting data leaks through native code. Finally, we show that by using JuCify we can find sensitive data leaks that pass through native code.

Mon 9 May

Displayed time zone: Eastern Time (US & Canada) change

21:00 - 22:00
Apps and App Store Analysis 1Technical Track at ICSE room 1-odd hours
Chair(s): John Grundy Monash University
21:00
5m
Talk
JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis
Technical Track
Jordan Samhi University of Luxembourg, Jun Gao University of Luxembourg, Luxembourg, Nadia Daoudi SnT, University of Luxembourg, Pierre Graux University of Luxembourg, Henri Hoyez , Xiaoyu Sun Monash University, Kevin Allix University of Luxembourg, Tegawendé F. Bissyandé SnT, University of Luxembourg, Jacques Klein University of Luxembourg
DOI Pre-print Media Attached
21:05
5m
Talk
Where is Your App Frustrating Users?
Technical Track
Yawen Wang Institute of Software, Chinese Academy of Sciences, Junjie Wang Institute of Software at Chinese Academy of Sciences, Hongyu Zhang University of Newcastle, Xuran Ming Institute of Software, Chinese Academy of Sciences, Lin Shi ISCAS, Qing Wang Institute of Software at Chinese Academy of Sciences
DOI Pre-print Media Attached
21:10
5m
Talk
Towards Automatically Repairing Compatibility Issues in Published Android Apps
Technical Track
Yanjie Zhao Monash University, Li Li Monash University, Kui Liu Nanjing University of Aeronautics and Astronautics, China, John Grundy Monash University
Pre-print Media Attached
21:15
5m
Talk
Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps
Technical Track
Jordan Samhi University of Luxembourg, Li Li Monash University, Tegawendé F. Bissyandé SnT, University of Luxembourg, Jacques Klein University of Luxembourg
DOI Pre-print Media Attached

Thu 12 May

Displayed time zone: Eastern Time (US & Canada) change

13:00 - 14:00
Apps and App Store Analysis 2Technical Track at ICSE room 3-odd hours
Chair(s): Julian Dolby IBM Research, USA
13:00
5m
Talk
DescribeCtx: Context-Aware Description Synthesis for Sensitive Behaviors in Mobile Apps
Technical Track
Shao Yang Case Western Reserve University, Yuehan Wang Nanjing University, Yuan Yao Nanjing University, Haoyu Wang Huazhong University of Science and Technology, China, Yanfang Ye Case Western Reserve University, Xusheng Xiao Case Western Reserve University
DOI Pre-print Media Attached
13:05
5m
Talk
Promal: Precise Window Transition Graphs for Android via Synergy of Program Analysis and Machine Learning
Technical Track
Changlin Liu Case Western Reserve University, Hanlin Wang Case Western Reserve University, Tianming Liu Monash Univerisity, Diandian Gu Peking University, Yun Ma Peking University, Haoyu Wang Huazhong University of Science and Technology, China, Xusheng Xiao Case Western Reserve University
DOI Pre-print Media Attached
13:10
5m
Talk
JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis
Technical Track
Jordan Samhi University of Luxembourg, Jun Gao University of Luxembourg, Luxembourg, Nadia Daoudi SnT, University of Luxembourg, Pierre Graux University of Luxembourg, Henri Hoyez , Xiaoyu Sun Monash University, Kevin Allix University of Luxembourg, Tegawendé F. Bissyandé SnT, University of Luxembourg, Jacques Klein University of Luxembourg
DOI Pre-print Media Attached
13:15
5m
Talk
Domain-Specific Analysis of Mobile App Reviews Using Keyword-Assisted Topic Models
Technical Track
Miroslav Tushev Amazon, Fahimeh Ebrahimi Louisiana State University, Anas "Nash" Mahmoud Louisiana State University
Pre-print Media Attached
13:20
5m
Talk
Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps
Technical Track
Jordan Samhi University of Luxembourg, Li Li Monash University, Tegawendé F. Bissyandé SnT, University of Luxembourg, Jacques Klein University of Luxembourg
DOI Pre-print Media Attached

Wed 25 May

Displayed time zone: Eastern Time (US & Canada) change

13:30 - 15:00
Papers 9: Requirements, Design and App AnalysisSEIS - Software Engineering in Society / Technical Track / Journal-First Papers / NIER - New Ideas and Emerging Results at Room 301+302
Chair(s): Rick Kazman University of Hawai‘i at Mānoa
13:30
5m
Talk
How Templated Requirements Specifications Inhibit Creativity in Software Engineering
Journal-First Papers
Rahul Mohanani University of Jyväskylä, Paul Ralph Dalhousie University, Burak Turhan University of Oulu, Vladimir Mandić Faculty of Technical Sciences, University of Novi Sad
Link to publication DOI Pre-print Media Attached
13:35
5m
Talk
How to Debug Inclusivity Bugs? A Debugging Process with Information Architecture
SEIS - Software Engineering in Society
Mariam Guizani Oregon State University, Igor Steinmacher Northern Arizona University, Jillian Emard Oregon State University, Abrar Fallatah Oregon State University, Margaret Burnett Oregon State University, Anita Sarma Oregon State University
Pre-print Media Attached
13:40
5m
Talk
Towards a Reference Software Architecture for Human-AI Teaming in Smart Manufacturing
NIER - New Ideas and Emerging Results
Philipp Haindl Software Competence Center Hagenberg, Georg Buchgeher Software Competence Center Hagenberg, Maqbool Khan Software Competence Center Hagenberg, Bernhard Moser Software Competence Center Hagenberg
Pre-print Media Attached
13:45
5m
Talk
The Art and Practice of Data Science Pipelines: A Comprehensive Study of Data Science Pipelines In Theory, In-The-Small, and In-The-Large
Technical Track
Sumon Biswas Carnegie Mellon University, Mohammad Wardat Dept. of Computer Science, Iowa State University, Hridesh Rajan Iowa State University
Pre-print Media Attached
13:50
5m
Talk
DescribeCtx: Context-Aware Description Synthesis for Sensitive Behaviors in Mobile Apps
Technical Track
Shao Yang Case Western Reserve University, Yuehan Wang Nanjing University, Yuan Yao Nanjing University, Haoyu Wang Huazhong University of Science and Technology, China, Yanfang Ye Case Western Reserve University, Xusheng Xiao Case Western Reserve University
DOI Pre-print Media Attached
13:55
5m
Talk
JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis
Technical Track
Jordan Samhi University of Luxembourg, Jun Gao University of Luxembourg, Luxembourg, Nadia Daoudi SnT, University of Luxembourg, Pierre Graux University of Luxembourg, Henri Hoyez , Xiaoyu Sun Monash University, Kevin Allix University of Luxembourg, Tegawendé F. Bissyandé SnT, University of Luxembourg, Jacques Klein University of Luxembourg
DOI Pre-print Media Attached
14:00
5m
Talk
Difuzer: Uncovering Suspicious Hidden Sensitive Operations in Android Apps
Technical Track
Jordan Samhi University of Luxembourg, Li Li Monash University, Tegawendé F. Bissyandé SnT, University of Luxembourg, Jacques Klein University of Luxembourg
DOI Pre-print Media Attached
14:05
5m
Talk
FeatCompare: Feature Comparison for Competing Mobile Apps Leveraging User Reviews
Journal-First Papers
Maram Assi Queen's University, Safwat Hassan Thompson Rivers University, Yuan Tian Queens University, Kingston, Canada, Ying Zou Queen's University, Kingston, Ontario
Link to publication Pre-print Media Attached

Information for Participants
Mon 9 May 2022 21:00 - 22:00 at ICSE room 1-odd hours - Apps and App Store Analysis 1 Chair(s): John Grundy
Info for room ICSE room 1-odd hours:

Click here to go to the room on Midspace

Thu 12 May 2022 13:00 - 14:00 at ICSE room 3-odd hours - Apps and App Store Analysis 2 Chair(s): Julian Dolby
Info for room ICSE room 3-odd hours:

Click here to go to the room on Midspace