Dynodroid: An Input Generation System for

Android AppsFSE’13

Presented by Haocheng Huang

huanghc@emnets.org

Introduction

Static analyses are hindered by features commonly used by mobile apps such as code obfuscation, native libraries, and a complex SDK framework

Key challenge of dynamic analyses is obtaining program inputs that adequately exercise the program's functionality

Contribution

Propose an effective system for generating inputs to mobile apps

Show how to observe, select, and execute system events for Android in a mobile device emulator without modifying the app

Present extensive empirical evaluation of the system

System Architecture

observe-select-execute cycle

Executor

Combine the benefits of automated and manual input generation

Observer

The goal of the observer is to efficiently compute as small a set of relevant events as possible without missing any

Observer computes relevant UI events and relevant system events

ObserverUI Events

Supports two input mechanisms: touchscreen and navigation buttons

First, it deems clicking each navigation button as a relevant UI event

Second, it inspects the view hierarchy

ObserverUI Events

ObserverSystem Events

Broadcast Receiver Events

Choose 25 intents to be considered

The executor serializes the appropriate intent along with a Bundle object that has a key named “pdus” mapped to a byte array denoting an array of SmsMessage objects

ObserverSystem Events

System Service Events

Can be divided into internally and externally

We considered externally

If the selector selects this event, then the executor triggers it by sending telnet command

Selector

The selector selects an event for the executor to execute from the set of relevant events E computed by the observer

Implemented three different selection strategies in the selector

Frequency, UniformRandom, and BiasedRandom

The Frequency strategy selects an event from E that has been selected least frequently by it so far

The UniformRandom strategy selects an event from E uniformly at random(like monkey)

Selector

The final and default selection strategy BiasedRandom

Evaluation

Experiment environment

64-bit Linux machines with 128GB memory and dual-socket 16-core AMD Opteron 3.0GHz processors

Emulator configuration

EvaluationApp Source Code Coverage

Evaluate 5 approaches on 50 apps

EvaluationApp Source Code Coverage

Dynodroid & Human4-91%(51%)

Dynodroid can be used to automate to a significant degree the tedious testing done by humans

Dynodroid & Monkey4-81%(47%)

Dynodroid and Monkey get comparable coverage

EvaluationApp Source Code Coverage

Monkey requires 20X more events than BiasedRandom on average

Of the three selection strategies in Dynodroid, BiasedRandom performs the best, with each of the other two strategies requiring 2X more events than it on average

EvaluationBugs Found in Apps

Bugs found by Dynodroid in the 50 open-source apps from F-Droid and the 1,000 top free apps from Google Play

Limitation

5X slower than Monkey due to heavy use of reflection

Use DUMPQ can make ViewServer run 20X-40X faster

Dynodroid currently supports only the Gingerbread version of Android

Conclusion

Presented a practical system Dynodroid for generating relevant inputs to mobile apps on the dominant Android platform

Dynodroid can generate both UI inputs and system inputs, and it allows combining inputs from human and machine