research-article

NetDroid: summarizing network behavior of Android apps for network code maintenance

Authors:

Shaikh Mostafa,

Rodney Rodriguez,

Xiaoyin WangAuthors Info & Claims

ICPC '17: Proceedings of the 25th International Conference on Program Comprehension

Pages 165 - 175

https://doi.org/10.1109/ICPC.2017.3

Published: 20 May 2017 Publication History

Abstract

Network access is one of the most common features of Android applications. Statistics show that almost 80% of Android apps ask for network permission and thus may have some network-related features. Android apps may access multiple servers to retrieve or post various types of data, and the code to handle such network features often needs to change as a result of server API evolution or the content change of data transferred. Since various network code is used by multiple features, maintenance of network-related code is often difficult because the code may scatter in different places in the code base, and it may not be easy to predict the impact of a code change to the network behavior of an Android app. In this paper, we present an approach to statically summarize network behavior from the byte code of Android apps. Our approach is based on string taint analysis, and generates a summary of network requests by statically estimating the possible values of network API arguments. To evaluate our technique, we applied our technique to top 500 android apps from the official Google Play market, and the result shows that our approach is able to summarize network behavior for most apps efficiently (averagely less than 50 second for an app). Furthermore, we performed an empirical evaluation on 8 real-world maintenance tasks extracted from bug reports of open-source Android projects on Github. The empirical evaluation shows that our technique is effective in locating relevant network code.

References

[1]

Dex2jar, http://developer.android.com/design/patterns/app-structure.html.

[2]

U. Bayer, P. M. Comparetti, C. Hlauschek, C. Krügel, and E. Kirda. Scalable, behavior-based malware clustering. In NDSS, 2009.

[3]

L. Bernaille, R. Teixeira, I. Akodkenou, A. Soule, and K. Salamatian. Traffic classification on the fly. SIGCOMM Comput. Commun. Rev., 36:23--26, April 2006.

Digital Library

[4]

A. Bose, X. Hu, K. G. Shin, and T. Park. Behavioral detection of malware on mobile handsets. In Proceedings of the 6th international conference on Mobile systems, applications, and services, MobiSys '08, pages 225--238, New York, NY, USA, 2008. ACM.

Digital Library

[5]

A. Christensen, A. Møller, and M. Schwartzbach. Precise analysis of string expressions. In Proc. SAS, pages 1--18, 2003.

Digital Library

[6]

S. Dai, A. Tongaonkar, X. Wang, A. Nucci, and D. Song. Networkprofiler: Towards automatic fingerprinting of android apps. In INFOCOM, 2013 Proceedings IEEE, pages 809--817, April 2013.

[7]

M. Egele, C. Kruegel, E. Kirda, and G. Vigna. Pios: Detecting privacy leaks in ios applications. In NDSS, 2011.

[8]

W. Enck, P. Gilbert, B. gon Chun, L. P. Cox, J. Jung, P. McDaniel, and A. Sheth. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In OSDI, pages 393--407, 2010.

Digital Library

[9]

W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri. A study of android application security. In Proceedings of the 20th USENIX Security Symposium, 2011.

Digital Library

[10]

W. Enck, M. Ongtang, and P. D. McDaniel. On lightweight mobile phone application certification. In ACM Conference on Computer and Communications Security, pages 235--245, 2009.

Digital Library

[11]

A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android permissions demystified. In Proceedings of the 18th ACM conference on Computer and communications security, CCS '11, pages 627--638, New York, NY, USA, 2011. ACM.

Digital Library

[12]

P. Haffner, S. Sen, O. Spatscheck, and D. Wang. Acas: automated construction of application signatures. In Proceedings of the 2005 ACM SIGCOMM workshop on Mining network data, MineNet '05, pages 197--202, New York, NY, USA, 2005. ACM.

Digital Library

[13]

W. G. J. Halfond and A. Orso. Amnesia: Analysis and monitoring for neutralizing SQL-injection attacks. In Proc. ASE, pages 174--183, 2005.

Digital Library

[14]

N. James, B. Karp, and D. Song. Polygraph: Automatically generating signatures for polymorphic worms. In Proceedings of the 2005 IEEE Symposium on Security and Privacy, pages 226--241, Washington, DC, USA, 2005. IEEE Computer Society.

Digital Library

[15]

J. Kam and J. Ullman. Global data flow analysis and iterative algorithms. Journal of the ACM (JACM), 23(1):158--171, January 1976.

Digital Library

[16]

A. Kieyzun, P. J. Guo, K. Jayaraman, and M. D. Ernst. Automatic creation of SQL injection and cross-site scripting attacks. In Proc. ICSE, pages 199--209, 2009.

Digital Library

[17]

H.-A. Kim and B. Karp. Autograph: toward automated, distributed worm signature detection. In Proceedings of the 13th conference on USENIX Security Symposium - Volume 13, SSYM'04, pages 19--19, Berkeley, CA, USA, 2004. USENIX Association.

Digital Library

[18]

Y. Minamide. Static approximation of dynamically generated web pages. In Proc. WWW, pages 432--441, 2005.

Digital Library

[19]

A. W. Moore and D. Zuev. Internet traffic classification using bayesian analysis techniques. In Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, SIGMETRICS '05, pages 50--60, New York, NY, USA, 2005. ACM.

Digital Library

[20]

S. Mostafa and X. Wang. An empirical study on the usage of mocking frameworks in software testing. In Quality Software (QSIC), 2014 14th International Conference on, pages 127--132. IEEE, 2014.

Digital Library

[21]

M. Nauman, S. Khan, and X. Zhang. Apex: extending android permission model and enforcement with user-defined runtime constraints. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, ASIACCS '10, pages 328--332, New York, NY, USA, 2010. ACM.

Digital Library

[22]

B.-C. Park, Y. J. Won, M.-S. Kim, and J. W. Hong. Towards automated application signature generation for traffic identification. In NOMS, pages 160--167, 2008.

[23]

R. Perdisci, W. Lee, and N. Feamster. Behavioral clustering of http-based malware and signature generation using malicious network traces. In Proceedings of the 7th USENIX conference on Networked systems design and implementation, NSDI'10, pages 26--26, Berkeley, CA, USA, 2010. USENIX Association.

Digital Library

[24]

T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In Proceedings of the 22Nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 49--61, 1995.

Digital Library

[25]

K. Rieck, T. Holz, C. Willems, P. Düssel, and P. Laskov. Learning and classification of malware behavior. In DIMVA, pages 108--125, 2008.

Digital Library

[26]

S. Sen, O. Spatscheck, and D. Wang. Accurate, Scalable In-Network Identification of P2P Traffic Using Application Signatures. In WWW2004, May 2004.

Digital Library

[27]

S. Singh, C. Estan, G. Varghese, and S. Savage. Automated worm fingerprinting. In Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6, pages 4--4, Berkeley, CA, USA, 2004. USENIX Association.

Digital Library

[28]

R. Vallée-Rai, P. Co, E. Gagnon, L. Hendren, P. Lam, and V. Sundaresan. Soot - a java bytecode optimization framework. In Proceedings of the 1999 Conference of the Centre for Advanced Studies on Collaborative Research, pages 13--, 1999.

Digital Library

[29]

X. Wang, L. Zhang, T. Xie, H. Mei, and J. Sun. Locating need-to-translate constant strings in web applications. In Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering, pages 87--96. ACM, 2010.

Digital Library

[30]

X. Wang, L. Zhang, T. Xie, H. Mei, and J. Sun. Locating need-to-externalize constant strings for software internationalization with generalized string-taint analysis. IEEE Transactions on Software Engineering, 39(4):516--536, 2013.

Digital Library

[31]

X. Wang, L. Zhang, T. Xie, Y. Xiong, and H. Mei. Automating presentation changes in dynamic web applications via collaborative hybrid analysis. In Proc. FSE, 2012.

Digital Library

[32]

G. Wassermann and Z. Su. Sound and precise analysis of web applications for injection vulnerabilities. In Proc. PLDI, pages 32--41, 2007.

Digital Library

[33]

G. Wassermann and Z. Su. Static detection of cross-site scripting vulnerabilities. In Proc. ICSE, pages 171--180, 2008.

Digital Library

[34]

G. Wassermann, D. Yu, A. Chander, D. Dhurjati, H. Inamura, and Z. Su. Dynamic test input generation for web applications. In Proc. ISSTA, pages 249--260, 2008.

Digital Library

[35]

K.-K. Yap, T.-Y. Huang, M. Kobayashi, Y. Yiakoumis, N. McKeown, S. Katti, and G. Parulkar. Making use of all the networks around us: A case study in android. In Proceedings of the 2012 ACM SIGCOMM Workshop on Cellular Networks: Operations, Challenges, and Future Design, pages 19--24, 2012.

Digital Library

[36]

Y. Zhou, X. Zhang, X. Jiang, and V. W. Freeh. Taming information-stealing smartphone applications (on android). In Proceedings of the 4th international conference on Trust and trustworthy computing, TRUST'11, pages 93--107, Berlin, Heidelberg, 2011. Springer-Verlag.

Digital Library

Cited By

Mazuera-Rozo AEscobar-Velásquez CEspitia-Acero JLinares-Vásquez MBavota GChandra SBlincoe KTonella P(2023)CONAN: Statically Detecting Connectivity Issues in Android ApplicationsProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3613097(2182-2186)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3613097
Ruiz EAvelar RWang XChaudron MCrnkovic IChechik MHarman M(2018)Protecting remote controlling apps of smart-home-oriented IOT devicesProceedings of the 40th International Conference on Software Engineering: Companion Proceeedings10.1145/3183440.3195101(212-213)Online publication date: 27-May-2018
https://dl.acm.org/doi/10.1145/3183440.3195101

Recommendations

An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide Web

With the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...
A Measurement-based Study on Application Popularity in Android and iOS App Stores
Mobidata '15: Proceedings of the 2015 Workshop on Mobile Big Data

Mobile application stores (appstores) are emerging digital distribution platforms with explosive growth. Although there have been some observations on the mobile application (app) popularity in Android appstores, there is no report on the app popularity ...
RubyMotion iOS Development Essentials

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ICPC '17: Proceedings of the 25th International Conference on Program Comprehension

May 2017

399 pages

ISBN:9781538605356

General Chair:
Giuseppe Scanniello
University of Basilicata, Italy
,
Program Chairs:
David Lo
Singapore Management University, Singapore
,
Alexander Serebrenik
Eindhoven University of Technology, The Netherlands

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering
IEEE-CS: Computer Society
SADIO: SADIO

Publisher

IEEE Press

Publication History

Published: 20 May 2017

Check for updates

Qualifiers

Research-article

Conference

ICSE '17

Sponsor:

SIGSOFT
IEEE-CS
SADIO

ICSE '17: 39th International Conference on Software Engineering

May 20 - 28, 2017

Buenos Aires, Argentina

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
56
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Mazuera-Rozo AEscobar-Velásquez CEspitia-Acero JLinares-Vásquez MBavota GChandra SBlincoe KTonella P(2023)CONAN: Statically Detecting Connectivity Issues in Android ApplicationsProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3613097(2182-2186)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3613097
Ruiz EAvelar RWang XChaudron MCrnkovic IChechik MHarman M(2018)Protecting remote controlling apps of smart-home-oriented IOT devicesProceedings of the 40th International Conference on Software Engineering: Companion Proceeedings10.1145/3183440.3195101(212-213)Online publication date: 27-May-2018
https://dl.acm.org/doi/10.1145/3183440.3195101

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents