Proactive libraries: enforcing correct behaviors in Android apps
Authors: 
Oliviero Riganelli, Ionut Daniel Fagadau, Daniela Micucci, 
Leonardo MarianiAuthors Info & Claims
Oliviero Riganelli, Ionut Daniel Fagadau, Daniela Micucci, Leonardo MarianiAuthors Info & ClaimsPages 159 - 163
Abstract
The Android framework provides a rich set of APIs that can be exploited by developers to build their apps. However, the rapid evolution of these APIs jointly with the specific characteristics of the lifecycle of the Android components challenge developers, who may release apps that use APIs incorrectly.
In this demo, we present Proactive Libraries, a tool that can be used to decorate regular libraries with the capability of proactively detecting and healing API misuses at runtime. Proactive Libraries blend libraries with multiple proactive modules that collect data, check the compliance of API usages with correctness policies, and heal executions as soon as the possible violation of a policy is detected. The results of our evaluation with 27 possible API misuses show the effectiveness of Proactive Libraries in correcting API misuses with negligible runtime overhead.
Video: https://youtu.be/rkfZ38mPgV0
Repo: https://gitlab.com/learnERC/proactivelibrary
References
[1]
S. Amani, S. Nadi, H. A. Nguyen, T. N. Nguyen, and M. Mezini. 2016. MUBench: A Benchmark for API-misuse Detectors. In Proceedings of the International Conference on Mining Software Repositories (MSR).
[2]
S. Amann, H. Nguyen, S. Nadi, T. N. Nguyen, and M. Mezini. 2019. A Systematic Evaluation of Static API-Misuse Detectors. IEEE Transactions on Software Engineering 45, 12 (2019), 1170--1188.
[3]
Android. 2021. The Activity Lifecycle. https://developer.android.com/guide/components/activities/activity-lifecycle.html. [Online; accessed November 2021].
[4]
Android. 2021. Android API. https://developer.android.com/guide/index.html. [Online; accessed November 2021].
[5]
M. T. Azim, I. Neamtiu, and L. M. Marvel. 2014. Towards Self-healing Smartphone Software via Automated Patching. In Proceedings of the International Conference on Automated Software Engineering (ASE).
[6]
A. Banerjee, L. Kee Chong, S. Chattopadhyay, and A. Roychoudhury. 2014. Detecting Energy Bugs and Hotspots in Mobile Apps. In Proceedings of the ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE).
[7]
Y. Dai, Y. Xiang, and G. Zhang. 2009. Self-healing and Hybrid Diagnosis in Cloud Computing. In Proceedings of the International Conference on Cloud Computing (CloudCom).
[8]
Eclipse Foundation. 2021. Acceleo. https://www.eclipse.org/acceleo/. [Online; accessed November 2021].
[9]
Eclipse Foundation. 2021. Eclipse. http://www.eclipse.org/. [Online; accessed November 2021.
[10]
Eclipse Foundation. 2021. Eclipse Modeling Framework. https://www.eclipse.org/modeling/emf/. [Online; accessed November 2021.
[11]
Eclipse Foundation. 2021. Graphical Modeling Project. http://www.eclipse.org/modeling/gmp/. [Online; accessed November 2021].
[12]
L. Gazzola, D. Micucci, and L. Mariani. 2019. Automatic Software Repair: A Survey. IEEE Transactions on Software Engineering (TSE) 45, 1 (2019), 34--67.
[13]
D. Ginelli, O. Riganelli, D. Micucci, and L. Mariani. 2021. Exception-Driven Fault Localization for Automated Program Repair. In Proceedings of the International Conference on Software Quality, Reliability and Security (QRS).
[14]
D. Li and W. G. J. Halfond. 2014. An Investigation into Energy-saving Programming Practices for Android Smartphone App Development. In Proceedings of the International Workshop on Green and Sustainable Software (GREENS).
[15]
Z. Li and Y. Zhou. 2005. PR-Miner: Automatically Extracting Implicit Programming Rules and Detecting Violations in Large Software Code. In Proceedings of the European Software Engineering Conference held jointly with the ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE).
[16]
J. Ligatti, L. Bauer, and D. Walker. 2005. Edit automata: enforcement mechanisms for run-time security policies. International Journal of Information Security 4, 1 (2005), 2--16.
[17]
J. Liu, T. Wu, J. Yan, and J. Zhang. 2016. Fixing Resource Leaks in Android Apps with Light-Weight Static Analysis and Low-Overhead Instrumentation. In Proceedings of the International Symposium on Software Reliability Engineering (ISSRE).
[18]
J. P. Magalhães and L. M. Silva. 2015. SHÕWA: A Self-Healing Framework for Web-Based Applications. ACM Transactions on Autonomous and Adaptive Systems 10, 1 (2015), 4:1--4:28.
[19]
L. Mariani, F. Pastore, and M. Pezzè. 2011. Dynamic Analysis for Diagnosing Integration Faults. IEEE Transactions on Software Engineering (TSE) 37, 4 (2011), 486--508.
[20]
M. Mobilio, O. Riganelli, D. Micucci, and L. Mariani. 2019. FILO: FIx-LOcus Localization for Backward Incompatibilities Caused by Android Framework Upgrades. In Proceedings of the International Symposium on Software Reliability Engineering (ISSRE).
[21]
M. Monperrus and M. Mezini. 2013. Detecting Missing Method Calls as Violations of the Majority Rule. ACM Trans. Softw. Eng. Methodol. 22, 1 (2013), 1--25.
[22]
C. Mulliner, J. Oberheide, W. Robertson, and E. Kirda. 2013. PatchDroid: Scalable Third-party Security Patches for Android Devices. In Proceedings of the Annual Computer Security Applications Conference (ACSAC).
[23]
S. Nadi, S. Krüger, M. Mezini, and E. Bodden. 2016. Jumping through Hoops: Why Do Java Developers Struggle with Cryptography APIs?. In Proceedings of the 38th International Conference on Software Engineering (ICSE).
[24]
O. Riganelli, D. Micucci, and L. Mariani. 2016. Healing Data Loss Problems in Android Apps. In Proceedings of the International Workshop on Software Faults (IWSF), co-located with the International Symposium on Software Reliability Engineering (ISSRE).
[25]
O. Riganelli, D. Micucci, and L. Mariani. 2017. Policy enforcement with proactive libraries. In Proceedings of the International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS).
[26]
O. Riganelli, D. Micucci, and L. Mariani. 2019. Controlling Interactions with Libraries in Android Apps Through Runtime Enforcement. ACM Trans. Auton. Adapt. Syst. 14, 2 (2019), 1--29.
[27]
O. Riganelli, D. Micucci, and L. Mariani. 2019. From source code to test cases: A comprehensive benchmark for resource leak detection in Android apps. Software: Practice and Experience 49, 3 (2019), 540--548.
[28]
O. Riganelli, M. Mobilio, D. Micucci, and L. Mariani. 2019. A Benchmark of Data Loss Bugs for Android Apps. In Proceedings of the International Conference on Mining Software Repositories (MSR).
[29]
R. Seiger, S. Huber, and T. Schlegel. 2018. Toward an execution system for self-healing workflows in cyber-physical systems. Software & Systems Modeling 17, 2 (2018), 551--572.
[30]
Z. Shan, T. Azim, and I. Neamtiu. 2016. Finding Resume and Restart Errors in Android Applications. In Proceedings of the ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA).
[31]
Ti. Su, L. Fan, S. Chen, Y. Liu, L. Xu, G. Pu, and Z. Su. 2020. Why My App Crashes Understanding and Benchmarking Framework-specific Exceptions of Android apps. IEEE Transactions on Software Engineering (2020).
[32]
W. Wang and M. W. Godfrey. 2013. Detecting API usage obstacles: A study of iOS and Android developer questions. In Proceedings of the International Conference on Mining Software Repositories (MSR).
[33]
A. Wasylkowski and A. Zeller. 2009. Mining Temporal Specifications from Object Usage. In Proceedings of the IEEE/ACM International Conference on Automated Software Engineering (ASE).
[34]
L. Wei, Y. Liu, and S.-C. Cheung. 2016. Taming Android Fragmentation: Characterizing and Detecting Compatibility Issues for Android Apps. In Proceedings of the IEEE/ACM International Conference on Automated Software Engineering (ASE).
[35]
T. Wu, J. Liu, Z. Xu, C. Guo, Y. Zhang, J. Yan, and J. Zhang. 2016. Light-Weight, Inter-Procedural and Callback-Aware Resource Leak Detection for Android Apps. IEEE Transactions on Software Engineering (TSE) 42, 11 (2016), 1054--1076.
[36]
XDA. 2021. Xposed. http://repo.xposed.info/. [Online; accessed November 2021.
[37]
M. Zhang and H. Yin. 2014. AppSealer: Automatic Generation of Vulnerability-Specific Patches for Preventing Component Hijacking Attacks in Android Applications. In Proceedings of the Annual Network and Distributed System Security Symposium (NDSS).
Index Terms
- Proactive libraries: enforcing correct behaviors in Android apps
Index terms have been assigned to the content through auto-classification.
Recommendations
Policy enforcement with proactive libraries
SEAMS '17: Proceedings of the 12th International Symposium on Software Engineering for Adaptive and Self-Managing SystemsSoftware libraries implement APIs that deliver reusable functionalities. To correctly use these functionalities, software applications must satisfy certain correctness policies, for instance policies about the order some API methods can be invoked and ...
Controlling Interactions with Libraries in Android Apps Through Runtime Enforcement
Android applications are executed on smartphones equipped with a variety of resources that must be properly accessed and controlled, otherwise the correctness of the executions and the stability of the entire environment might be negatively affected. ...
How do Mobile Apps Violate the Behavioral Policy of Advertisement Libraries?
HotMobile '18: Proceedings of the 19th International Workshop on Mobile Computing Systems & ApplicationsAdvertisement libraries are used in almost two-thirds of apps in Google Play. To increase economic revenue, some app developers tend to entice mobile users to unexpectedly click ad views during their interaction with the app, resulting in kinds of ad ...
Comments
Information & Contributors
Information
Published In
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
- IEEE CS
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 19 October 2022
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
ICSE '22
Sponsor:
ICSE '22: 44th International Conference on Software Engineering
May 21 - 29, 2022
Pennsylvania, Pittsburgh
Acceptance Rates
Overall Acceptance Rate 276 of 1,856 submissions, 15%
Upcoming Conference
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 134Total Downloads
- Downloads (Last 12 months)67
- Downloads (Last 6 weeks)6
Reflects downloads up to 28 Dec 2024
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in