Don't Trust Me, Test Me: 100% Code Coverage for a 3rd-party Android App

Pilgun, Aleksandr

doi:10.1109/apsec51365.2020.00046

Cited by 4 publications

(4 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Examples of instrumentation tools that measure code coverage are Ella [3], CovDroid [36], the tools described in [16] and [14], ACVTool [23], and COSMO [25]. ACVTool appears to be the most mature tool of this group, and [22,23] describe many more tools, alternative approaches and uses for code coverage measurements.…”

Section: Taxonomy Of Instrumentation Toolsmentioning

confidence: 99%

“…ACVTool is written in Python and its source code is publicly available [21]. We refer the interested reader to [22] for the detailed explanation of the ACVTool instrumentation process. The tool uses a modified version of Apkil, a bytecode instrumentation library that was originally created for APIMonitor [34].…”

Section: Generation Of Instrumentation Blueprints For Acvtoolmentioning

confidence: 99%

“…Register Management Approach. To manage registers, applybp uses the same method as ACVTool [22] and the tool described by Will [32], because Pilgun has shown that this method is very robust [22]. We increment the number of local registers by the amount of instrumentation registers, then copy the values of the parameters to the v-registers corresponding to their original positions, and then replace all p-and i-register references with their v-equivalents.…”

Section: Blueprint Applicatormentioning

confidence: 99%

“…5.2). The challenges of register management and an alternative solution are discussed in detail in [22,28].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Instrumentation Blueprints: Towards Combining Several Android Instrumentation Tools

Staaij

Gadyatskaya

2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The explosive growth of the amount of Android apps has given rise to a pressing need to analyse these apps, most importantly for security purposes. Many Android app analysis and hardening tools rely on bytecode instrumentation: the modification of the compiled app code. App instrumentation tools have all kinds of purposes, ranging from the measurement of code coverage to placing probes for malware detection. Given this variety, it may be useful to work with multiple tools that rely on instrumentation at the same time. The composition of such tools can however lead to issues, since their changes to the applications under analysis may conflict with each other. To facilitate the composition of multiple instrumentation tools, we propose a two-step approach involving instrumentation blueprints, reports of the instrumentation changes a tool needs to apply. We have designed a prototype syntax for these blueprints, adapted a modern instrumentation tool to emit them and implemented a prototype blueprint application program. Our evaluation shows that the proposed approach is viable.

show abstract

Section: Taxonomy Of Instrumentation Toolsmentioning

confidence: 99%

Section: Generation Of Instrumentation Blueprints For Acvtoolmentioning

confidence: 99%

Section: Blueprint Applicatormentioning

confidence: 99%

“…5.2). The challenges of register management and an alternative solution are discussed in detail in [22,28].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Instrumentation Blueprints: Towards Combining Several Android Instrumentation Tools

Staaij

Gadyatskaya

2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

Madusa: mobile application demo generation based on usage scenarios

2023

View full text Add to dashboard Cite

Mobile applications have grown rapidly in size. This dramatic increases in size and complexity make mobile applications less accessible to a broader scope of users. The prevailing approach for better accessibility of mobile applications is to manually reimplement slimmed versions with a small but representative portion of a regular original app. Unfortunately, this approach imposes significant burden on developers. We propose a system called Madusa to enable developers to effectively customize and reduce their mobile applications for Android. Madusa takes as input an original app, an upper bound on the size of a reduced version, and usage scenarios as a high-level specification of its desired core functionality. The output is a reduced version of the app that is still correct with respect to the specification while not exceeding the size limit. Madusa constructs a graph representing dependencies among methods and resources and identifies a sub-part of the graph using integer linear programming to generate a reduced version that exhibits behaviors as similar as possible to the original app. Our experimental evaluation on a suite of 19 Android apps available on Google Play Store. Madusa effectively converges to the desired simplified apps by reducing the app size by 40% on average (maximally by 60%). We conclude our approach effectively removes redundant code and resources with respect to given usage scenarios.

show abstract