Don't Trust Me, Test Me: 100% Code Coverage for a 3rd-party Android App

Pilgun, Aleksandr

doi:10.1109/APSEC51365.2020.00046

Reference : Don't Trust Me, Test Me: 100% Code Coverage for a 3rd-party Android App


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a book
	Discipline(s) :	Engineering, computing & technology : Computer science
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/44480

Title :	Don't Trust Me, Test Me: 100% Code Coverage for a 3rd-party Android App
Language :	English
Author, co-author :	Pilgun, Aleksandr [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > PI Mauw >]
Publication date :	2020
Main document title :	2020 27th Asia-Pacific Software Engineering Conference (APSEC)
Author, co-author :	Pilgun, Aleksandr
Pages :	375-384
Peer reviewed :	Yes
Audience :	International
Event name :	2020 27th Asia-Pacific Software Engineering Conference (APSEC)
Event date :	01-12-2020 to 04-12-2020
Event place (city) :	Singapore
Event country :	Singapore
Keywords :	[en] Android ; Debloating ; Software Testing ; Shrinking ; Code Coverage ; Instrumentation
Abstract :	[en] The incompleteness of 3rd-party app testing is an accepted fact in Software Engineering. This issue makes it impossible to verify the app functionality and to confirm its safety to the end-user. To solve this problem, enterprises developed strict policies. A company, willing to use modern apps, may perform an expensive security analysis, rely on trust or forbid the app. These strategies may lead companies to high direct and indirect spending with no guarantee of safety. In this work, we present a novel approach, called Dynamic Binary Shrinking, that allows a user to review app functionality and leave only tested code. The shrunk app produces 100% instruction coverage on observed behaviors and in this way guarantees the absence of unexplored, and therefore, potentially malicious code. On our running examples, we demonstrate that apps use less than 20% of the codebase. We developed an approach and the ACVCut tool to shrink Android apps towards the executed code. Repository — http://github.com/pilgun/acvcut.
Name of the research project :	FNR11289380 > Aleksandr Pilgun > > Systematically Exploring Semantic App Models for Android > 15/11/2016 > 14/11/2020 > 2016
Permalink :	http://hdl.handle.net/10993/44480
DOI :	10.1109/APSEC51365.2020.00046
FnR project :	FnR ; FNR11289380 > Aleksandr Pilgun > > Systematically Exploring Semantic App Models for Android > 15/11/2016 > 14/11/2020 > 2016

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	APSEC20_preprint.pdf		Author preprint	314.97 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices