Towards black box testing of android apps

Proceedings - 10th International Conference on Availability, Reliability and Security, ARES 2015

Volumn , Issue , 2015, Pages 501-510

  Zhauniarovich, Yury ^a   Philippov, Anton ^a   Gadyatskaya, Olga ^b   Crispo, Bruno ^a   Massacci, Fabio ^a  

^a UNIVERSITY OF TRENTO   (Italy)

^b UNIVERSITY OF LUXEMBOURG   (Luxembourg)

Author keywords

[No Author keywords available]

Indexed keywords

ANDROID (OPERATING SYSTEM); CODES (SYMBOLS); COMPUTER PROGRAMMING LANGUAGES; MOBILE COMPUTING; MOBILE SECURITY; MOBILE TELECOMMUNICATION SYSTEMS; SOFTWARE TESTING;

AUTOMATED TEST GENERATIONS; COARSE-GRAINED; DESIGN AND IMPLEMENTATIONS; ITS EFFICIENCIES; MOBILE APPLICATION TESTING; MOBILE APPLICATIONS; SECURITY-CRITICAL CODES; UNIFORM COVERAGE;

BLACK-BOX TESTING;

EID: 84961639115     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2015.70     Document Type: Conference Paper

References (50)

1. A. Machiry, R. Tahiliani, and M. Naik, "Dynodroid: An input Generation System for Android Apps, " in Proceedings of ESEC/FSE'2013.
2. R. Mahmood, N. Mirzaei, and S. Malek, "EvoDroid: Segmented Evolutionary Testing of Android Apps, " in Proceedings of FSE'2014, 2014.
3. EMMA: A free Java code coverage tool. http://emma. sourceforge. net/.
4. Google Play Launch Checklist. http://developer. android. com/distribute/tools/launch-checklist. html.
5. App Store Publishing Guidelines. https: //developer. apple. com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/SubmittingYourApp/SubmittingYourApp. html.
6. J. Voas, S. Quirolgico, C. Michael, and K. Scarfone, "Technical Considerations for Vetting 3rd Party Mobile Applications (Draft), " NIST, NIST Special Publication 800-163 (Draft), 2014.
7. Robotium. https: //code. google. com/p/robotium/.
8. Espresso at android-test-kit. https: //code. google. com/p/android-test-kit/wiki/Espresso.
9. UI/Application Exerciser Monkey. http://developer. android. com/tools/help/monkey. html.
10. S. Hao, B. Liu, S. Nath, W. Halfond, and R. Govindan, "PUMA: Programmable UI-Automation for Large Scale Dynamic Analysis of Mobile Apps, " in Proceedings of Mobisys'2014, 2014.
11. R. Bhoraskar, S. Han, J. Jeon, T. Azim, S. Chen, J. Jung, S. Nath, R. Wang, and D. Wetherall, "Brahmastra: Driving Apps to Test the Security of Third-Party Components, " in Proceedings of Usenix Security' 2014, 2014.
12. T. Azim and I. Neamtiu, "Targeted and Depth-first Exploration for Systematic Testing of Android Apps, " in Proceedings of OOPSLA'2013, 2013, pp. 641-660.
13. L. Inozemtseva and R. Holmes, "Coverage is not Strongly Correlated with Test Suite Effectiveness, " in Proceedings of ICSE'2014, 2014, pp. 435-444.
14. A. Gianazza, F. Maggi, A. Fattori, L. Cavallaro, and S. Zanero, "PuppetDroid: A User-Centric UI Exerciser for Automatic Dynamic Analysis of Similar Android Applications, " arXiv: 1402. 4826, 2014.
15. Y. Zhauniarovich, M. Ahmad, O. Gadyatskaya, B. Crispo, and F. Massacci, "StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications, " in Proceedings of CODASPY '15, 2015.
16. A. Reina, A. Fattori, and L. Cavallaro, "A System Call-Centric Analysis and Stimulation Technique to Automatically Reconstruct Android Malware Behaviors, " in Proceedings of EuroSys'2013, 2013.
17. B. Davis, B. Sanders, A. Khodaverdian, and H. Chen, "I-ARM-Droid: A Rewriting Framework for In-App Reference Monitors for Android Applications, " in IEEE Mobile Security Technologies (MoST), 2012.
18. R. Mahmood, N. Esfahani, T. Kacem, N. Mirzaei, S. Malek, and A. Stavrou, "A Whitebox Approach for Automated Security Testing of Android Applications on the Cloud, " in Proceedings of AST'2012.
19. L. Ravindranath, S. Nath, J. Padhye, and H. Balakrishnan, "Automatic and Scalable Fault Detection for Mobile Applications, " in Proceedings of MobiSys'2014, 2014.
20. G. Hu, X. Yuan, Y. Tang, and J. Yang, "Efficiently, Effectively Detecting Mobile App Bugs with AppDoctor, " in Proceedings of EuroSys'2014.
21. D. Amalfitano, N. Amatucci, A. Fasolino, U. Gentile, G. Mele, R. Nardone, V. Vittorini, and S. Marrone, "Improving Code Coverage in Android Apps Testing by Exploiting Patterns and Automated Test Case Generation, " in Proceedings of WISE'2014, 2014.
22. C. Jensen, M. Prasad, and A. Moller, "Automated Testing with Targeted Event Sequence Generation, " in Proceedings of ISSTA'2013, 2013.
23. Y. Zhauniarovich, O. Gadyatskaya, and B. Crispo, "Demo: Enabling trusted stores for Android, " in Proc. of CCS. ACM, 2013, pp. 1345-1348.
24. Y. Zhauniarovich, O. Gadyatskaya, B. Crispo, F. L. Spina, and E. Moser, "FSquaDRA: Fast detection of repackaged applications, " in Proc. of DBSec, ser. LNCS, vol. 8566. Springer, 2014, pp. 130-145.
25. Tools Help: Platform tools. https: //developer. android. com/tools/help/index. html.
26. ApkTool: A tool for reverse engineering Android apk files. https: //code. google. com/p/android-apktool/.
27. Dex2Jar: Tools to work with android. dex and java. class files. https: //code. google. com/p/dex2jar/.
28. Zipalign. https: //developer. android. com/tools/help/zipalign. html.
29. Android Debug Bridge. http://developer. android. com/tools/help/adb. html.
30. JaCoCo Java Code Coverage Library. http://www. eclemma. org/jacoco/.
31. D. Octeau, S. Jha, and P. McDaniel, "Retargeting Android Applications to Java Bytecode, " in Proceedings of FSE'2012, 2012, pp. 6: 1-6: 11.
32. Android API Reference: Instrumentation. http://developer. android. com/reference/android/app/Instrumentation. html.
33. W. Choi, G. NEcula, and K. Sen, "Guided GUI Testing of Android Apps with Minimal Restart and Approximate Learning, " in Proceedings of OOPSLA'2013, 2013.
34. Intents and Intent Filters. http://developer. android. com/guide/components/intents-filters. html.
35. A. Bartel, J. Klein, M. Monperrus, K. Allix, and Y. Le Traon, "Improving Privacy on Android Smartphones through In-vivo Bytecode Instrumentation, " arXiv preprint arXiv: 1208. 4536, 2012.
36. A. Apvrille. (2013, December) Sophisticated DEX obfuscation or Proguard configuration issue? http://bit. ly/1vosShb.
37. E. Lafortune. (2014, November) The upcoming Jack & Jill compilers in Android. https: //www. saikoa. com/blog/the upcoming jack and jill compilers in android.
38. A. Avancini and M. Ceccato, "Security Testing of the Communication among Android Applications, " in Proceedings of AST'2013, 2013.
39. S. Anand, M. Naik, M. J. Harrold, and H. Yang, "Automated Concolic Testing of Smartphone Apps, " in Proceedings of FSE'2012, 2012.
40. N. Mirzaei, S. Malek, C. Pasareanu, N. Esfahani, and R. Mahmood, "Testing Android Apps Through Symbolic Execution, " ACM SIGSOFT Software Engineering Notes, vol. 37, no. 6, 2012.
41. J. Jeon and J. S. Foster, "Troyd: Integration Testing for Android, " University of Maryland, Tech. Rep. CS-TR-5013, 2012.
42. C.-J. Liang, N. Lane, N. Brouwers, L. Zhang, B. Karlsson, H. Liu, Y. Liu, J. Tang, X. Shan, R. Chandra, and F. Zhao, "Caiipa: Automated Large-scale Mobil App Testing through Contextual Fuzzing, " in Proceedings of MobiCom'2014, 2014, pp. 519-530.
43. H. Ye, S. Cheng, L. Zhang, and F. Jiang, "DroidFuzzer: Fuzzing the Android Apps with Intent-Filter Tag, " in Proceedings of MoMM'2013.
44. W. Yang, M. Prasad, and T. Xie, "A Grey-Box Approach for Automated GUI-Model Generation of Mobile Applications, " in Proceedings of FASE'2013, 2013.
45. P. Maiya, A. Kanade, and R. Majumdar, "Race Detection for Android Applications, " in Proceedings of PLDI'2014, 2014.
46. V. Rastogi, Y. Chen, and W. Enck, "AppsPlayground: Automatic Security Analysis of Smartphone Applications, " in Proceedings of CODASPY'2013, 2013.
47. B. Liu, S. Nath, R. Govindan, and J. Liu, "DECAF: Detecting and Characterizing Ad Fraud in Mobile Apps, " in Proceedings of Usenix NSDI'2014, 2014.
48. C. Zheng, S. Zhu, S. Dai, G. Gu, X. Gong, X. Han, and W. Zou, "SmartDroid: an Automatic System for Revealing UI-based Trigger Conditions in Android Applications, " in Proceedings of SPSM'2012.
49. C. Hu and I. Neamtiu, "Automating GUI Testing for Android Applications, " in Proceedings of AST'2011, 2011.
50. A. Fuchs, A. Chaudhuri, and J. S. Foster, "SCanDroid: Automated Security Certification of Android, " University of Maryland, Tech. Rep. CS-TR-4991, 2009.