Androlic: an extensible flow, context, object, field, and path-sensitive static analysis framework for Android

Pan, Linjie; Cui, Baoquan; Yan, Jiwei; Ma, Xutong; Yan, Jun; Zhang, Jian

doi:10.1145/3293882.3339001

Cited by 7 publications

(4 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We have implemented the approach of misuse detection on Async-Task into a tool named AsyncChecker. It is written in Java based on Androlic [44], a flow, context, object, field-sensitive static analysis framework. As figure 2 shows, AsyncChecker generates the class hierarchy relation and dummy main method for subsequent analysis.…”

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

Static asynchronous component misuse detection for Android applications

Pan

Cui

Líu

et al. 2020

Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Softw

Self Cite

View full text Add to dashboard Cite

Facing the limited resource of smartphones, asynchronous programming significantly improves the performance of Android applications. Android provides several packaged components to ease the development of asynchronous programming. Among them, the AsyncTask component is widely used by developers since it is easy to implement. However, the abuse of AsyncTask component can decrease responsiveness and even lead to crashes. By investigating the Android Developer Documentation and technical forums, we summarize five misuse patterns about AsyncTask. To detect them, we propose a flow, context, object and field-sensitive interprocedural static analysis approach. Specifically, the static analysis includes typestate analysis, reference analysis and loop analysis. Based on the AsyncTask-related information obtained during static analysis, we check the misuse according to predefined detection rules. The proposed approach is implemented into a tool called AsyncChecker. We evaluate AsyncChecker on a self-designed benchmark suite called AsyncBench and 1,759 real-world apps.

show abstract

Section: Methodsmentioning

confidence: 99%

“…More specifically, the state of AsyncTask changes in accordance with operations, which can be processed with typestate analysis [56]. Based on Androlic [44], the analysis approach can be easily extended for similar problems.…”

Section: Android Static Analysismentioning

confidence: 99%

Static asynchronous component misuse detection for Android applications

Pan

Cui

Líu

et al. 2020

Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Softw

Self Cite

View full text Add to dashboard Cite

show abstract

“…The drawback to building the model directly into the analysis is that adding or updating behaviors [Huang et al 2018] requires modifying the analysis itself. The most common approach to model callback orders is by generating an artificial main method [Arzt and Bodden 2016;Arzt et al 2014;Gordon et al 2015;Hu and Neamtiu 2018;Pan et al 2019]. An artificial main method has the advantage that modeling can be decoupled from the program analysis by generating code that enforces a callback order to link with the application.…”

Section: Related Workmentioning

confidence: 99%

Historia: Refuting Callback Reachability with Message-History Logics

Meier,

Mover,

Kaki

et al. 2023

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

This paper considers the callback reachability problem --- determining if a callback can be called by an event-driven framework in an unexpected state. Event-driven programming frameworks are pervasive for creating user-interactive applications (apps) on just about every modern platform. Control flow between callbacks is determined by the framework and largely opaque to the programmer. This opacity of the callback control flow not only causes difficulty for the programmer but is also difficult for those developing static analysis. Previous static analysis techniques address this opacity either by assuming an arbitrary framework implementation or attempting to eagerly specify all possible callback control flow, but this is either too coarse to prove properties requiring callback-ordering constraints or too burdensome and tricky to get right. Instead, we present a middle way where the callback control flow can be gradually refined in a targeted manner to prove assertions of interest. The key insight to get this middle way is by reasoning about the history of method invocations at the boundary between app and framework code --- enabling a decoupling of the specification of callback control flow from the analysis of app code. We call the sequence of such boundary-method invocations message histories and develop message-history logics to do this reasoning. In particular, we define the notion of an application-only transition system with boundary transitions, a message-history program logic for programs with such transitions, and a temporal specification logic for capturing callback control flow in a targeted and compositional manner. Then to utilize the logics in a goal-directed verifier, we define a way to combine after-the-fact an assertion about message histories with a specification of callback control flow. We implemented a prototype message history-based verifier called Historia and provide evidence that our approach is uniquely capable of distinguishing between buggy and fixed versions on challenging examples drawn from real-world issues and that our targeted specification approach enables proving the absence of multi-callback bug patterns in real-world open-source Android apps.

show abstract

“…The technologies of malware detection are divided into three categories: static analysis, dynamic analysis, and hybrid analysis [5]. Static analysis decomposes Android Application Package (APK) files by reverse engineering and extracts various features from the disassembly code without running source code [6][7][8]. It has high accuracy and efficiency in detecting known malicious code, but has high false negative in detecting unknown malicious code because it cannot deal with code confusion and dynamic code loading.…”

Section: Introductionmentioning

confidence: 99%

A Formal Method for Description and Decision of Android Apps Behavior Based on Process Algebra

et al. 2022

View full text Add to dashboard Cite

Android is the most popular mobile platform, and it has become a primary malware target. Existing behavior-based Android malware detection methods suffer from false positive and false negative problems, which lead to low detection accuracy. Formal theory is crucial in studying the behaviors of Android applications characterized by high concurrency, interaction, and mobility. However, existing formal methods mainly focus on specific issues and lack the essential abstraction and high-level description of application behavior. In this study, we propose a formal method for the description and decision of application behavior based on process algebra. First, we propose a formal method for describing application behavior at a component level using process algebra. By extending π-calculus theory, we establish the mapping relationship from the Android application to process algebra, and present the semantics and evolution rules of behavior based on process algebra. Second, we describe the behavior of four types of components in applications and characterize concurrent interactions of components using process algebra expressions. Third, we define the behavior equivalence and simulation mechanism for application behavior analysis and propose the decision rules based on weak simulation. Finally, we discuss a demonstration case, which includes malicious behavior, to demonstrate the feasibility and effectiveness of the proposed method. The results show that our method can accurately describe and analyze application behavior, which provides theoretical support for technologies and methods of behavior-based detection.

show abstract

Androlic: an extensible flow, context, object, field, and path-sensitive static analysis framework for Android

Cited by 7 publications

References 11 publications

Static asynchronous component misuse detection for Android applications

Static asynchronous component misuse detection for Android applications

Historia: Refuting Callback Reachability with Message-History Logics

A Formal Method for Description and Decision of Android Apps Behavior Based on Process Algebra

Contact Info

Product

Resources

About