AndroLog: Android Instrumentation and Code Coverage Analysis

SAMHI, Jordan; Zeller, Andreas

doi:10.1145/3663529.3663806

Download

Paper published in a book (Scientific congresses, symposiums and conference proceedings)

AndroLog: Android Instrumentation and Code Coverage Analysis

SAMHI, Jordan; Zeller, Andreas

2024 • In d�Amorim, Marcelo (Ed.) FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering

Peer reviewed

Permalink
https://hdl.handle.net/10993/62396

DOI
10.1145/3663529.3663806

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

paper.pdf

Author postprint (1.22 MB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Android Instrumentation; Code Coverage; Dynamic Analysis; Android apps; Android instrumentation; Black boxes; Code coverage; Coverage analysis; Dynamics analysis; Malicious codes; Plantings; Runtimes; Source codes; Software

Abstract :

[en] Dynamic analysis has emerged as a pivotal technique for testing Android apps, enabling the detection of bugs, malicious code, and vulnerabilities. A key metric in evaluating the efficacy of tools employed by both research and practitioner communities for this purpose is code coverage. Obtaining code coverage typically requires planting probes within apps to gather coverage data during runtime. Due to the general unavailability of source code to analysts, there is a necessity for instrumenting apps to insert these probes in black-box environments. However, the tools available for such instrumentation are limited in their reliability and require intrusive changes interfering with apps’ functionalities. This paper introduces AndroLog, a novel tool developed on top of the Soot framework, designed to provide fine-grained coverage information at multiple levels, including class, methods, statements, and Android components. In contrast to existing tools, AndroLog leaves the responsibility to test apps to analysts, and its motto is simplicity. As demonstrated in this paper, AndroLog can instrument up to 98% of recent Android apps compared to existing tools with 79% and 48% respectively for COSMO and ACVTool. AndroLog also stands out for its potential for future enhancements to increase granularity on demand. We make AndroLog available to the community and provide a video demonstration of AndroLog.

Research center :

CISPA Helmholtz Center for Information Security

Disciplines :

Computer science

Author, co-author :

SAMHI, Jordan ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX ; CISPA Helmholtz Center for Information Security, Saarbrücken, Germany

Zeller, Andreas ; CISPA Helmholtz Center for Information Security, Saarbrücken, Germany

External co-authors :

yes

Language :

English

Title :

AndroLog: Android Instrumentation and Code Coverage Analysis

Publication date :

10 July 2024

Event name :

Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering

Event place :

Porto de Galinhas, Bra

Event date :

15-07-2024 => 19-07-2024

Main work title :

FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering

Editor :

d�Amorim, Marcelo

Publisher :

Association for Computing Machinery, Inc

ISBN/EAN :

9798400706585

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

Additional URL :

https://dl.acm.org/doi/pdf/10.1145/3663529.3663806

Funders :

ACM SIGSOFT

Available on ORBilu :

since 05 November 2024

Statistics

Number of views

108 (0 by Unilu)

Number of downloads

27 (0 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

WoS citations^™

Bibliography

A. Abraham, R. Andriatsimandefitra, A. Brunelat, J.-F. Lalande, and V. Viet Triem Tong. 2015. GroddDroid: a gorilla for triggering malicious behaviors. In 2015 10th International Conference on Malicious and Unwanted Software (MALWARE). 119–127. https://doi.org/10.1109/MALWARE.2015.7413692
Kevin Allix, Tegawendé F. Bissyandé, Jacques Klein, and Yves Le Traon. 2016. AndroZoo: Collecting Millions of Android Apps for the Research Community. In Proceedings of the 13th International Conference on Mining Software Repositories (Austin, Texas) (MSR’16). ACM, New York, NY, USA, 468–471. https://doi.org/10.1145/2901739.2903508
Nataniel P. Borges Jr., Jenny Hotzkow, and Andreas Zeller. 2018. DroidMate-2: a platform for Android test generation. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering (Montpellier, France) (ASE’18). Association for Computing Machinery, New York, NY, USA, 916–919. https://doi.org/10.1145/3238147.3240479
Yuning Cui, Yi Sun, and Zhaowen Lin. 2023. DroidHook: a novel API-hook based Android malware dynamic analysis sandbox. Automated Software Engineering 30, 1 (24 Feb 2023), 10. https://doi.org/10.1007/s10515-023-00378-w
Nadia Daoudi, Jordan Samhi, Abdoul Kader Kabore, Kevin Allix, Tegawendé F. Bissyandé, and Jacques Klein. 2021. DexRay: A Simple, yet Effective Deep Learning Approach to Android Malware Detection Based on Image Representation of Bytecode. In Deployable Machine Learning for Security Defense, Gang Wang, Arridhana Ciptadi, and Ali Ahmadzadeh (Eds.). Springer International Publishing, Cham, 81–106.
Emma. 2024. Emma: a free Java code coverage tool.http://emma.sourceforge.net. Accessed January 2024.
H. Fereidooni, M. Conti, D. Yao, and A. Sperduti. 2016. ANASTASIA: ANdroid mAlware detection using STatic analySIs of Applications. In 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS). 1–5. https://doi.org/10.1109/NTMS.2016.7792435
Google. 2023. Google Play Protectionhttps://developers.google.com/android/playprotect/cloud-based-protections. Accessed November 2023.
Ben Gruver. 2024. Smali.https://github.com/JesusFreke/smali. Accessed May 2024.
Shuai Hao, Bin Liu, Suman Nath, William G.J. Halfond, and Ramesh Govindan. 2014. PUMA: Programmable UI-Automation for Large-Scale Dynamic Analysis of Mobile Apps. In Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services (Bretton Woods, New Hampshire, USA) (MobiSys’14). Association for Computing Machinery, New York, NY, USA, 204–217. https://doi.org/10.1145/2594368.2594390
Chun-Ying Huang, Ching-Hsiang Chiu, Chih-Hung Lin, and Han-Wei Tzeng. 2015. Code Coverage Measurement for Android Dynamic Analysis Tools. In 2015 IEEE International Conference on Mobile Services. 209–216. https://doi.org/10.1109/MobServ.2015.38
JaCoCO. 2024. JaCoCo repositoryhttps://www.eclemma.org/jacoco/. Accessed January 2024.
Hyunjae Kang, Jae wook Jang, Aziz Mohaisen, and Huy Kang Kim. 2015. Detecting and Classifying Android Malware Using Static Analysis along with Creator Information. International Journal of Distributed Sensor Networks 11, 6 (2015), 479174. https://doi.org/10.1155/2015/479174 arXiv:https://doi.org/10.1155/2015/479174
Jierui Liu, Tianyong Wu, Xi Deng, Jun Yan, and Jian Zhang. 2017. InsDal: A safe and extensible instrumentation tool on Dalvik byte-code for Android applications. In 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER). 502–506. https://doi.org/10.1109/SANER.2017.7884662
Aravind Machiry, Rohan Tahiliani, and Mayur Naik. 2013. Dynodroid: An Input Generation System for Android Apps. In Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering (Saint Petersburg, Russia) (ESEC/FSE 2013). Association for Computing Machinery, New York, NY, USA, 224–234. https://doi.org/10.1145/2491411.2491450
N. Peiravian and X. Zhu. 2013. Machine Learning for Android Malware Detection Using Permission and API Calls. In 2013 IEEE 25th International Conference on Tools with Artificial Intelligence. 300–305. https://doi.org/10.1109/ICTAI.2013.53
Thanasis Petsas, Giannis Voyatzis, Elias Athanasopoulos, Michalis Polychronakis, and Sotiris Ioannidis. 2014. Rage against the Virtual Machine: Hindering Dynamic Analysis of Android Malware. In Proceedings of the Seventh European Workshop on System Security (Amsterdam, The Netherlands) (EuroSec’14). Association for Computing Machinery, New York, NY, USA, Article 5, 6 pages. https://doi.org/10.1145/2592791.2592796
Aleksandr Pilgun, Olga Gadyatskaya, Yury Zhauniarovich, Stanislav Dashevskyi, Artsiom Kushniarou, and Sjouke Mauw. 2020. Fine-Grained Code Coverage Measurement in Automated Black-Box Android Testing. ACM Trans. Softw. Eng. Methodol. 29, 4, Article 23 (jul 2020), 35 pages. https://doi.org/10.1145/3395042
Andrea Romdhana, Mariano Ceccato, Gabriel Claudiu Georgiu, Alessio Merlo, and Paolo Tonella. 2021. COSMO: Code Coverage Made Easier for Android. In 2021 14th IEEE Conference on Software Testing, Verification and Validation (ICST). 417–423. https://doi.org/10.1109/ICST49551.2021.00053
J. Sahs and L. Khan. 2012. A Machine Learning Approach to Android Malware Detection. In 2012 European Intelligence and Security Informatics Conference. 141–147. https://doi.org/10.1109/EISIC.2012.34
Jordan Samhi, Jun Gao, Nadia Daoudi, Pierre Graux, Henri Hoyez, Xiaoyu Sun, Kevin Allix, Tegawendé F Bissyandé, and Jacques Klein. 2022. JuCify: A Step Towards Android Code Unification for Enhanced Static Analysis. In 2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE). IEEE Computer Society, Los Alamitos, CA, USA, 1232–1244. https://doi.org/10.1145/3510003.3512766
Xiaoyu Sun, Xiao Chen, Li Li, Haipeng Cai, John Grundy, Jordan Samhi, Tegawendé F. Bissyandé, and Jacques Klein. 2022. Demystifying Hidden Sensitive Operations in Android apps. In ACM Transactions on Software Engineering and Methodology.
Mustafa M Tikir and Jeffrey K Hollingsworth. 2002. Efficient instrumentation for code coverage testing. ACM SIGSOFT Software Engineering Notes 27, 4 (2002), 86–96.
Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. 1999. Soot - a Java Bytecode Optimization Framework. In Proceedings of the 1999 Conference of the Centre for Advanced Studies on Collaborative Research (Mississauga, Ontario, Canada) (CASCON’99). IBM Press, 13.
Raja Vallee-Rai and Laurie J Hendren. 1998. Jimple: Simplifying Java bytecode for analyses and transformations. no (1998).
Victor Van Der Veen, Herbert Bos, and Christian Rossow. 2013. Dynamic analysis of android malware. Internet & Web Technology Master thesis, VU University Amsterdam (2013).
Tanapuch Wanwarang, Nataniel P. Borges, Leon Bettscheider, and Andreas Zeller. 2020. Testing Apps With Real-World Inputs. In Proceedings of the IEEE/ACM 1st International Conference on Automation of Software Test (Seoul, Republic of Korea) (AST’20). Association for Computing Machinery, New York, NY, USA, 1–10. https://doi.org/10.1145/3387903.3389310
Wei Yang, Mukul R Prasad, and Tao Xie. 2013. A grey-box approach for automated GUI-model generation of mobile applications. In International Conference on Fundamental Approaches to Software Engineering. Springer, 250–265.
Chao-Chun Yeh and Shih-Kun Huang. 2015. CovDroid: A Black-Box Testing Coverage System for Android. In 2015 IEEE 39th Annual Computer Software and Applications Conference, Vol. 3. 447–452. https://doi.org/10.1109/COMPSAC.2015.125
Yury Zhauniarovich, Anton Philippov, Olga Gadyatskaya, Bruno Crispo, and Fabio Massacci. 2015. Towards Black Box Testing of Android Apps. In 2015 10th International Conference on Availability, Reliability and Security. 501–510. https://doi.org/10.1109/ARES.2015.70