Nataniel P. Borges scite author profile

Nataniel P. Borges

5Publications

93Citation Statements Received

51Citation Statements Given

How they've been cited

136

How they cite others

127

Affiliations

Saarland University, Helmholtz Center for Information Security

Publications

Order By: Most citations

AccessiLeaks: Investigating Privacy Leaks Exposed by the Android Accessibility Service

Naseri

Borges

Zeller

et al. 2019

View full text Add to dashboard Cite

To support users with disabilities, Android provides the accessibility services, which implement means of navigating through an app. According to the Android developer’s guide: “Accessibility services should only be used to assist users with disabilities in using Android devices and apps”. However, developers are free to use this service without any restrictions, giving them critical privileges such as monitoring user input or screen content to capture sensitive information. In this paper, we show that simply enabling the accessibility service leaves 72 % of the top finance a nd 80 % of the top social media apps vulnerable to eavesdropping attacks, leaking sensitive information such as logins and passwords. A combination of several tools and recommendations could mitigate the privacy risks: We introduce an analysis technique that detects most of these issues automatically, e.g. in an app store. We also found that these issues can be automatically fixed in almost all cases; our fixes have b een accepted by 70 % of the surveyed developers. Finally, we designed a notification mechanism which would warn users against possible misuses of the accessibility services; 50 % of users would follow these notifications.

show abstract

Learning user interface element interactions

Degott

Borges

Zeller

2019

View full text Add to dashboard Cite

When generating tests for graphical user interfaces, one central problem is to identify how individual UI elements can be interacted with-clicking, long-or right-clicking, swiping, dragging, typing, or more. We present an approach based on reinforcement learning that automatically learns which interactions can be used for which elements, and uses this information to guide test generation. We model the problem as an instance of the multi-armed bandit problem (MAB problem) from probability theory, and show how its traditional solutions work on test generation, with and without relying on previous knowledge. The resulting guidance yields higher coverage. In our evaluation, our approach shows improvements in statement coverage between 18% (when not using any previous knowledge) and 20% (when reusing previously generated models). CCS CONCEPTS• Software and its engineering → Software testing and debugging; Dynamic analysis; • Human-centered computing → Graphical user interfaces; Smartphones;

show abstract

Up-To-Crash: Evaluating Third-Party Library Updatability on Android

Huang

Borges

Bugiel

et al. 2019

View full text Add to dashboard Cite

Buggy and flawed third-party libraries increase their host app's attack surface and put the users' privacy at risk. To avert this risk, libraries have to be kept updated to their newest versions by the app developers that integrate them into their projects. Recent researches revealed that the prevalence of outdated third-party libraries in Android apps is indeed a rampant problem, but also suggested that there is a great opportunity for drop-in replacements of outdated libraries, which would not even require cooperation by the app developers to update the libraries. However, all those conclusions are based on static app analysis, which can only provide an abstract view.In this work, we extend the updatability analysis to the runtime of apps. We implement a solution to update third-party libraries with drop-in replacements by their newer versions. To verify the feasibility of this developer-independent update mechanism, we dynamically test 3,000 real world apps for 3 popular libraries (78 library versions) for runtime failures stemming from incompatible library updates. To investigate the updatability of libraries in-depth, exploration enhanced dynamic testing is adopted to monitor the runtime behaviors of 15 apps before and after library updating. From our test, we find that the prior reported updatability rate is under real conditions overestimated by a factor of 1.57-2.06. Through root cause analysis, we find that the underlying problems prohibiting easy updates are intricate, such as deprecated functions, changed data structures, or entangled dependencies between different libraries and even the host app. We think our results not only put a more realistic light on the library updatability problem in Android, but also provide valuable insights for future solutions that provide automatic library updates or that try to support the app developers in better maintaining their external dependencies.

show abstract

Guiding app testing with mined interaction models

Borges

Gomez

Zeller

2018

View full text Add to dashboard Cite

Testing Apps With Real-World Inputs

Wanwarang

Borges

Bettscheider

et al. 2020

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.