Dynodroid: An Input Generation System for Android Apps FSE’13 Presented by Haocheng Huang huanghc@emnets.org
Introduction Static analyses are hindered by features commonly used by mobile apps such as code obfuscation, native libraries, and a complex SDK framework Key challenge of dynamic analyses is obtaining program inputs that adequately exercise the program's functionality
Contribution Propose an effective system for generating inputs to mobile apps Show how to observe, select, and execute system events for Android in a mobile device emulator without modifying the app Present extensive empirical evaluation of the system
System Architecture observe-select-execute cycle
Executor Combine the benefits of automated and manual input generation
Observer The goal of the observer is to efficiently compute as small a set of relevant events as possible without missing any Observer computes relevant UI events and relevant system events
Observer UI Events Supports two input mechanisms: touchscreen and navigation buttons First, it deems clicking each navigation button as a relevant UI event Second, it inspects the view hierarchy
Observer UI Events
Observer System Events Broadcast Receiver Events Choose 25 intents to be considered The executor serializes the appropriate intent along with a Bundle object that has a key named “pdus” mapped to a byte array denoting an array of SmsMessage objects
Observer System Events System Service Events Can be divided into internally and externally We considered externally If the selector selects this event, then the executor triggers it by sending telnet command
Selector The selector selects an event for the executor to execute from the set of relevant events E computed by the observer Implemented three different selection strategies in the selector Frequency, UniformRandom, and BiasedRandom The Frequency strategy selects an event from E that has been selected least frequently by it so far The UniformRandom strategy selects an event from E uniformly at random(like monkey)
Selector The final and default selection strategy BiasedRandom
Evaluation Experiment environment Emulator configuration 64-bit Linux machines with 128GB memory and dual-socket 16-core AMD Opteron 3.0GHz processors Emulator configuration
Evaluation App Source Code Coverage Evaluate 5 approaches on 50 apps
Evaluation App Source Code Coverage Dynodroid & Human 4-91%(51%) Dynodroid can be used to automate to a significant degree the tedious testing done by humans Dynodroid & Monkey 4-81%(47%) Dynodroid and Monkey get comparable coverage
Evaluation App Source Code Coverage Monkey requires 20X more events than BiasedRandom on average Of the three selection strategies in Dynodroid, BiasedRandom performs the best, with each of the other two strategies requiring 2X more events than it on average
Evaluation Bugs Found in Apps Bugs found by Dynodroid in the 50 open-source apps from F-Droid and the 1,000 top free apps from Google Play
Limitation 5X slower than Monkey due to heavy use of reflection Use DUMPQ can make ViewServer run 20X-40X faster Dynodroid currently supports only the Gingerbread version of Android
Conclusion Presented a practical system Dynodroid for generating relevant inputs to mobile apps on the dominant Android platform Dynodroid can generate both UI inputs and system inputs, and it allows combining inputs from human and machine