research-article

Public Access

ProMal: precise window transition graphs for android via synergy of program analysis and machine learning

Authors:

Xusheng XiaoAuthors Info & Claims

ICSE '22: Proceedings of the 44th International Conference on Software Engineering

Pages 1755 - 1767

https://doi.org/10.1145/3510003.3510037

Published: 05 July 2022 Publication History

Abstract

Mobile apps have been an integral part in our daily life. As these apps become more complex, it is critical to provide automated analysis techniques to ensure the correctness, security, and performance of these apps. A key component for these automated analysis techniques is to create a graphical user interface (GUI) model of an app, i.e., a window transition graph (WTG), that models windows and transitions among the windows. While existing work has provided both static and dynamic analysis to build the WTG for an app, the constructed WTG misses many transitions or contains many infeasible transitions due to the coverage issues of dynamic analysis and over-approximation of the static analysis. We propose ProMal, a "tribrid" analysis that synergistically combines static analysis, dynamic analysis, and machine learning to construct a precise WTG. Specifically, ProMal first applies static analysis to build a static WTG, and then applies dynamic analysis to verify the transitions in the static WTG. For the unverified transitions, ProMal further provides machine learning techniques that leverage runtime information (i.e., screenshots, UI layouts, and text information) to predict whether they are feasible transitions. Our evaluations on 40 real-world apps demonstrate the superiority of ProMal in building WTGs over static analysis, dynamic analysis, and machine learning techniques when they are applied separately.

References

[1]

1999. XML Path Language (XPath). https://www.w3.org/TR/1999/REC-xpath-19991116/.

[2]

2017. Xposed. http://repo.xposed.info/module/de.robv.android.xposed.installer

[3]

2019. Android Development Tools (ADT). https://marketplace.eclipse.org/content/android-development-tools-eclipse.

[4]

2021. Promal Project Website. https://github.com/promal-android/Promal.

[5]

2021. UI/Application Exerciser Monkey. https://developer.android.com/studio/test/monkey. Accessed: 2021-01-30.

[6]

Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. 2014. FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI).

Digital Library

[7]

Tanzirul Azim and Iulian Neamtiu. 2013. Targeted and depth-first exploration for systematic testing of Android apps. In Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages & Applications (OOPSLA).

Digital Library

[8]

Domagoj Babić, Lorenzo Martignoni, Stephen McCamant, and Dawn Song. 2011. Statically-directed dynamic automated test generation. In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA).

[9]

Abhijeet Banerjee, Lee Kee Chong, Clément Ballabriga, and Abhik Roychoudhury. 2018. EnergyPatch: Repairing resource leaks to improve energy-efficiency of Android apps. IEEE Transactions on Software Engineering (TSE) 44, 5 (2018), 470--490.

[10]

Abhijeet Banerjee, Lee Kee Chong, Sudipta Chattopadhyay, and Abhik Roychoudhury. 2014. Detecting energy bugs and hotspots in mobile apps. In Proceedings of the ACM International Symposium on Foundations of Software Engineering (FSE).

Digital Library

[11]

Farnaz Behrang and Alessandro Orso. 2019. Test migration between mobile apps with similar functionality. In Proceedings of the IEEE/ACM International Conference on Automated Software Engineering (ASE).

Digital Library

[12]

buildfire. 2020. Mobile App Download and Usage Statistics (2020). https://buildfire.com/app-statistics/. Accessed: 2021-01-30.

[13]

François Chollet et al. 2015. Keras. https://keras.io.

[14]

Shauvik Roy Choudhary, Alessandra Gorla, and Alessandro Orso. 2015. Automated test input generation for Android: Are we there yet?. In Proceedings of IEEE/ACM International Conference on Automated Software Engineering (ASE).

Digital Library

[15]

Christoph Csallner and Yannis Smaragdakis. 2005. Check 'N' Crash: Combining static checking and testing. In Proceedings of the International Conference on Software Engineering (ICSE).

Digital Library

[16]

Christoph Csallner, Yannis Smaragdakis, and Tao Xie. 2008. DSD-Crasher: A hybrid analysis tool for bug finding. ACM Transactions on Software Engineering and Methodology (TOSEM) 17, 2 (2008), 8:1--8:37.

Digital Library

[17]

Zhen Dong, Marcel Böhme, Lucia Cojocaru, and Abhik Roychoudhury. 2020. Time-travel testing of Android apps. In Proceedings of the ACM/IEEE International Conference on Software Engineering (ICSE).

Digital Library

[18]

Bruno Dufour, Barbara G. Ryder, and Gary Sevitsky. 2007. Blended analysis for performance understanding of framework-based applications. In Proceedings of the ACM International Symposium on Software Testing and Analysis (ISSTA).

Digital Library

[19]

Michael D. Ernst, René Just, Suzanne Millstein, Werner Dietl, Stuart Pernsteiner, Franziska Roesner, Karl Koscher, Paulo Barros, Ravi Bhoraskar, Seungyeop Han, Paul Vines, and Edward XueJun Wu. 2014. Collaborative verification of information flow for a high-assurance app store. In Proceedings of the ACM Conference on Computer and Communications Security (CCS).

Digital Library

[20]

F-Droid. 2021. FOSS Apps for Android. https://f-droid.org/

[21]

Patrice Godefroid, Nils Klarlund, and Koushik Sen. 2005. DART: Directed automated random testing. In Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI).

Digital Library

[22]

Ian J. Goodfellow, Yoshua Bengio, and Aaron C. Courville. 2016. Deep Learning. MIT Press. http://www.deeplearningbook.org/

Digital Library

[23]

Google. 2017. Android View System. https://developer.android.com/guide/topics/ui/declaring-layout.html.

[24]

Google. 2017. Google Play Store. https://play.google.com/store?hl=en.

[25]

Google. 2020. UI Automator. https://developer.android.com/training/testing/ui-automator.

[26]

Tianxiao Gu, Chengnian Sun, Xiaoxing Ma, Chun Cao, Chang Xu, Yuan Yao, Qirun Zhang, Jian Lu, and Zhendong Su. 2019. Practical GUI testing of Android applications via model abstraction and refinement. In Proceedings of the International Conference on Software Engineering (ICSE).

Digital Library

[27]

Shuai Hao, Bin Liu, Suman Nath, William G. J. Halfond, and Ramesh Govindan. 2014. PUMA: Programmable UI-automation for large-scale dynamic analysis of mobile apps. In Proceedings of the Annual International Conference on Mobile Systems, Applications, and Services (MobiSys).

Digital Library

[28]

Mohammad Al Hasan, Vineet Chaoji, Saeed Salem, and Mohammed Zaki. 2006. Link prediction using supervised learning. In Proceedings of SDM workshop on Link Analysis, Counterterrorism and Security.

[29]

Geoffrey E. Hinton, Simon Osindero, and Yee-Whye Teh. 2006. A fast learning algorithm for deep belief nets. Neural Computing 18, 7 (2006), 1527--1554.

Digital Library

[30]

Geoffrey E Hinton and Ruslan R Salakhutdinov. 2006. Reducing the dimensionality of data with neural networks. Science 313, 5786 (2006), 504--507.

[31]

Gao Huang, Zhuang Liu, Laurens Van Der Maaten, and Kilian Q Weinberger. 2017. Densely connected convolutional networks. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[32]

Jianjun Huang, Zhichun Li, Xusheng Xiao, Zhenyu Wu, Kangjie Lu, Xiangyu Zhang, and Guofei Jiang. 2015. SUPOR: Precise and scalable sensitive user input detection for Android apps. In Proceedings of the USENIX Security Symposium (USENIX Security).

[33]

Rodolphe Jenatton, Nicolas Le Roux, Antoine Bordes, and Guillaume Obozinski. 2012. A latent factor model for highly multi-relational data. In Proceedings of the Advances in Neural Information Processing Systems (NIPS).

[34]

Jinseong Jeon, Kristopher K. Micinski, and Jeffrey S. Foster. 2012. SymDroid: Symbolic execution for dalvik bytecode. Technical Report. CS-TR-5022, Department of Computer Science, University of Maryland, College Park.

[35]

Mohammad Mehdi Keikha, Maseud Rahgozar, and Masoud Asadpour. 2021. DeepLink: A novel link prediction framework based on deep learning. Journal of Information Science 47, 5 (2021), 642--657.

Digital Library

[36]

James C. King. 1976. Symbolic execution and program testing. Communications of ACM (CACM) 19, 7 (1976), 385--394.

Digital Library

[37]

Yann LeCun, Yoshua Bengio, et al. 1995. Convolutional networks for images, speech, and time series. The handbook of brain theory and neural networks 3361, 10 (1995), 1995.

[38]

Xin Li and Hsinchun Chen. 2009. Recommendation as link prediction in bipartite graphs: A graph kernel-based machine learning approach. Decision Support Systems 54, 2 (2009), 213--216.

[39]

David Liben-nowell and Jon Kleinberg. 2010. The link prediction problem for social networks. Journal of the American Society for Information Science and Technology (JASIST) 58, 7 (2010), 1019--1031.

[40]

Bin Liu, Suman Nath, Ramesh Govindan, and Jie Liu. 2014. DECAF: Detecting and characterizing Ad fraud in mobile apps. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI).

[41]

Yun Ma, Yangyang Huang, Ziniu Hu, Xusheng Xiao, and Xuanzhe Liu. 2019. Paladin: Automated generation of reproducible test cases for Android apps. In Proceedings of the International Workshop on Mobile Computing Systems and Applications (HotMobile).

Digital Library

[42]

Ke Mao, Mark Harman, and Yue Jia. 2016. Sapienz: Multi-objective automated testing for android applications. In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA).

Digital Library

[43]

Tomas Mikolov, Kai Chen, Greg Corrado, and Jeffrey Dean. 2013. Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781 (2013).

[44]

Nariman Mirzaei, Sam Malek, Corina S. Pasareanu, Naeem Esfahani, and Riyadh Mahmood. 2012. Testing Android apps through symbolic execution. ACM Software Engineering Notes (SEN) 37, 6 (2012), 1--5.

Digital Library

[45]

Minxue Pan, An Huang, Guoxin Wang, Tian Zhang, and Xuandong Li. 2020. Reinforcement learning based curiosity-driven testing of Android applications. In Proceedings of the ACM International Symposium on Software Testing and Analysis (ISSTA).

Digital Library

[46]

A Popescul. 2003. Statistical relational learning for link prediction. In Proceedings of the IJCAI Workshop on Learning Statistical MODELS From Relational Data.

[47]

Atanas Rountev and Dacong Yan. 2014. Static reference analysis for GUI objects in Android software. In Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization (CGO).

Digital Library

[48]

Salvatore Scellato, Anastasios Noulas, and Cecilia Mascolo. 2011. Exploiting place features in link prediction on location-based social networks. In Proceedings of the ACM International Conference on Knowledge Discovery and Data Mining (KDD).

Digital Library

[49]

Koushik Sen, Darko Marinov, and Gul Agha. 2005. CUTE: A concolic unit testing engine for C. In Proceedings of the ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE).

Digital Library

[50]

Chuan Shi, Yitong Li, Jiawei Zhang, Yizhou Sun, and Philip S. Yu. 2016. A survey of heterogeneous information network analysis. IEEE Transactions on Knowledge and Data Engineering (TKDE) 29, 1 (2016), 17--37.

Digital Library

[51]

skylot. 2020. JADX - Dex to Java decompiler. https://github.com/skylot/jadx.

[52]

R. Socher, D. Chen, C. D. Manning, and A. Y. Ng. 2013. Reasoning with neural tensor networks for knowledge base completion. In Proceedings of the International Conference on Neural Information Processing Systems (NIPS).

[53]

Statista. 2020. Global mobile OS market share. https://www.statista.com/statistics/266136/global-market-share-held-by-smartphone-operating-systems/.

[54]

Ting Su, Guozhu Meng, Yuting Chen, Ke Wu, Weiming Yang, Yao Yao, Geguang Pu, Yang Liu, and Zhendong Su. 2017. Guided, stochastic model-based GUI testing of Android apps. In Proceedings of the ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE).

Digital Library

[55]

Ilya Sutskever, Joshua Tenenbaum, and Russ R Salakhutdinov. 2009. Modelling relational data using bayesian clustered tensor factorization. Advances in neural information processing systems 22 (2009).

[56]

Yutian Tang, Yulei Sui, Haoyu Wang, Xiapu Luo, Hao Zhou, and Zhou Xu. 2020. All your app links are belong to us: understanding the threats of instant apps based attacks. In Proceedings of the ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE).

Digital Library

[57]

Nikolai Tillmann and Jonathan de Halleux. 2008. Pex - White box test generation for .NET. In Proceedings of the International Conference on Tests and Proofs (TAP).

[58]

wandoujia. 2017. WanDouJia App Store. http://www.wandoujia.com/apps. Accessed: 2021-01-30.

[59]

Jue Wang, Yanyan Jiang, Chang Xu, Chun Cao, Xiaoxing Ma, and Jian Lu. 2020. ComboDroid: generating high-quality test inputs for Android apps via use case combinations. In Proceedings of the ACM/IEEE International Conference on Software Engineering (ICSE).

Digital Library

[60]

Yan Wang and Atanas Rountev. 2016. Profiling the responsiveness of android applications via automated resource amplification. In Proceedings of the IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILE-Soft).

Digital Library

[61]

Shiyi Wei and Barbara G. Ryder. 2013. Practical blended taint analysis for JavaScript. In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA).

[62]

Haowei Wu, Yan Wang, and Atanas Rountev. 2018. Sentinel: generating GUI tests for Android sensor leaks. In Proceedings of the IEEE/ACM International Workshop on Automation of Software Test (AST).

[63]

Shengqu Xi, Shao Yang, Xusheng Xiao, Yuan Yao, Yayuan Xiong, Fengyuan Xu, Haoyu Wang, Peng Gao, Zhuotao Liu, Feng Xu, and Jian Lu. 2019. DeepIntent : Deep icon-behavior learning for detecting intention-behavior discrepancy in mobile apps. In Proceedings of the ACM Conference on Computer and Communications Security (CCS).

Digital Library

[64]

Xusheng Xiao, Sihan Li, Tao Xie, and Nikolai Tillmann. 2013. Characteristic studies of loop problems for structural test generation via symbolic execution. In Proceedings of the International Conference on Automated Software Engineering (ASE).

Digital Library

[65]

Xusheng Xiao, Xiaoyin Wang, Zhihao Cao, Hanlin Wang, and Peng Gao. 2019. IconIntent: Automatic identification of sensitive UI widgets based on icon classification for Android apps. In Proceedings of the International Conference on Software Engineering (ICSE).

Digital Library

[66]

Xusheng Xiao, Tao Xie, Nikolai Tillmann, and Jonathan de Halleux. 2011. Precise identification of problems for structural test generation. In Proceedings of the International Conference on Software Engineering (ICSE).

Digital Library

[67]

Tao Xie, Nikolai Tillmann, Peli de Halleux, and Wolfram Schulte. 2009. Fitness-guided path exploration in dynamic symbolic execution. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[68]

Jiwei Yan, Hao Liu, Linjie Pan, Jun Yan, Jian Zhang, and Bin Liang. 2020. Multiple-entry testing of android applications by constructing activity launching contexts. In Proceedings of the IEEE/ACM International Conference on Software Engineering (ICSE).

Digital Library

[69]

Shengqian Yang, Dacong Yan, Haowei Wu, Yan Wang, and Atanas Rountev. 2015. Static control-flow analysis of user-driven callbacks in Android applications. In Proceedings of the International Conference on Software Engineering (ICSE).

[70]

Shengqian Yang, Hailong Zhang, Haowei Wu, Yan Wang, Dacong Yan, and Atanas Rountev. 2015. Static window transition graphs for Android. In Proceedings of the IEEE/ACM International Conference on Automated Software Engineering (ASE).

Digital Library

[71]

X. Yuan and A. M. Memon. 2007. Using GUI run-time state as feedback to generate test cases. In Proceedings of the International Conference on Software Engineering (ICSE).

[72]

Yujie Yuan, Lihua Xu, Xusheng Xiao, Andy Podgurski, and Huibiao Zhu. 2017. RunDroid: recovering execution call graphs for Android applications. In Proceedings of the ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE).

Digital Library

Cited By

Zhang ZTawsif FRyu KYu THalfond W(2024)Mobile Bug Report Reproduction via Global Search on the App UI ModelProceedings of the ACM on Software Engineering10.1145/36608241:FSE(2656-2676)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660824
Chen ZLiu JHu YWu LZhou YHe YLiao XWang KLi JQin ZJust RFraser G(2023)DeUEDroid: Detecting Underground Economy Apps Based on UTG SimilarityProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598051(223-235)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598051
Liu ZChen CWang JSu YHuang YHu JWang QGrundy JPollock LPenta M(2023)Ex Pede Herculem: Augmenting Activity Transition Graph for Apps via Graph Convolution NetworkProceedings of the 45th International Conference on Software Engineering10.1109/ICSE48619.2023.00168(1983-1995)Online publication date: 14-May-2023
https://dl.acm.org/doi/10.1109/ICSE48619.2023.00168

Index Terms

ProMal: precise window transition graphs for android via synergy of program analysis and machine learning

Recommendations

ProMal: precise window transition graphs for Android via synergy of program analysis and machine learning
ICSE '21: Proceedings of the 43rd International Conference on Software Engineering: Companion Proceedings

Mobile apps have been an integral part in our daily life. As these apps become more complex, it is critical to provide automated analysis techniques to ensure the correctness, security, and performance of these apps. A key component for these automated ...
An Explorative Study of the Mobile App Ecosystem from App Developers' Perspective
WWW '17: Proceedings of the 26th International Conference on World Wide Web

With the prevalence of smartphones, app markets such as Apple App Store and Google Play has become the center stage in the mobile app ecosystem, with millions of apps developed by tens of thousands of app developers in each major market. This paper ...
DeepIntent: Deep Icon-Behavior Learning for Detecting Intention-Behavior Discrepancy in Mobile Apps
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Mobile apps have been an indispensable part in our daily life. However, there exist many potentially harmful apps that may exploit users' privacy data, e.g., collecting the user's information or sending messages in the background. Keeping these ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ICSE '22: Proceedings of the 44th International Conference on Software Engineering

May 2022

2508 pages

ISBN:9781450392211

DOI:10.1145/3510003

General Chair:
Matthew B Dwyer
University of Virginia
,
Program Chairs:
Daniela Damian
University of Victoria, Canada
,
Andreas Zeller
CISPA, Germany

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

In-Cooperation

IEEE CS

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 July 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

NSF (National Science Foundation)

Conference

ICSE '22

Sponsor:

SIGSOFT

ICSE '22: 44th International Conference on Software Engineering

May 21 - 29, 2022

Pennsylvania, Pittsburgh

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
251
Total Downloads

Downloads (Last 12 months)140
Downloads (Last 6 weeks)9

Reflects downloads up to

Other Metrics

View Author Metrics

Citations

Cited By

Zhang ZTawsif FRyu KYu THalfond W(2024)Mobile Bug Report Reproduction via Global Search on the App UI ModelProceedings of the ACM on Software Engineering10.1145/36608241:FSE(2656-2676)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660824
Chen ZLiu JHu YWu LZhou YHe YLiao XWang KLi JQin ZJust RFraser G(2023)DeUEDroid: Detecting Underground Economy Apps Based on UTG SimilarityProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598051(223-235)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598051
Liu ZChen CWang JSu YHuang YHu JWang QGrundy JPollock LPenta M(2023)Ex Pede Herculem: Augmenting Activity Transition Graph for Apps via Graph Convolution NetworkProceedings of the 45th International Conference on Software Engineering10.1109/ICSE48619.2023.00168(1983-1995)Online publication date: 14-May-2023
https://dl.acm.org/doi/10.1109/ICSE48619.2023.00168

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents