Boosting static analysis of Android apps through code instrumentation

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

6 Citations (Scopus)

Abstract

Static analysis has been applied to dissect Android apps for many years. The main advantage of using static analysis is its efficiency and entire code coverage characteristics. However, the community has not yet produced complete tools to perform in-depth static analysis, putting users at risk to malicious apps. Because of the diverse challenges caused by Android apps, it is hard for a single tool to efficiently address all of them. Thus, in this work, we propose to boost static analysis of Android apps through code instrumentation, in which the knotty code can be reduced or simplified into an equivalent but analyzable code. Consequently, existing static analyzers, without any modification, can be leveraged to perform extensive analysis, although originally they cannot. Previously, we have successfully applied instrumentation for two challenges of static analysis of Android apps: Inter-Component Communication (ICC) and Reflection. However, these two case studies are implemented separately and the implementation is not reusable, letting some functionality, that could be reused from one to another, be reinvented and thus lots of resources are wasted. To this end, in this work, we aim at providing a generic and non-invasive approach for existing static analyzers, enabling them to perform more broad analysis.

Original languageEnglish
Title of host publicationProceedings - 5th International Workshop on Green and Sustainable Software, GREENS 2016
PublisherIEEE Computer Society
Pages819-822
Number of pages4
ISBN (Electronic)9781450341615, 9781450342056
DOIs
Publication statusPublished - 14 May 2016
Externally publishedYes
EventInternational Conference on Software Engineering 2016 - Renaissance Austin Hotel, Austin, United States of America
Duration: 14 May 201622 May 2016
Conference number: 38th
http://2016.icse.cs.txstate.edu/

Conference

ConferenceInternational Conference on Software Engineering 2016
Abbreviated titleICSE 2016
CountryUnited States of America
CityAustin
Period14/05/1622/05/16
Internet address

Cite this

Li, L. (2016). Boosting static analysis of Android apps through code instrumentation. In Proceedings - 5th International Workshop on Green and Sustainable Software, GREENS 2016 (pp. 819-822). IEEE Computer Society. https://doi.org/10.1145/2889160.2889258
Li, Li. / Boosting static analysis of Android apps through code instrumentation. Proceedings - 5th International Workshop on Green and Sustainable Software, GREENS 2016. IEEE Computer Society, 2016. pp. 819-822
@inproceedings{632855c9e4df4435854a51d3ac59a0de,
title = "Boosting static analysis of Android apps through code instrumentation",
abstract = "Static analysis has been applied to dissect Android apps for many years. The main advantage of using static analysis is its efficiency and entire code coverage characteristics. However, the community has not yet produced complete tools to perform in-depth static analysis, putting users at risk to malicious apps. Because of the diverse challenges caused by Android apps, it is hard for a single tool to efficiently address all of them. Thus, in this work, we propose to boost static analysis of Android apps through code instrumentation, in which the knotty code can be reduced or simplified into an equivalent but analyzable code. Consequently, existing static analyzers, without any modification, can be leveraged to perform extensive analysis, although originally they cannot. Previously, we have successfully applied instrumentation for two challenges of static analysis of Android apps: Inter-Component Communication (ICC) and Reflection. However, these two case studies are implemented separately and the implementation is not reusable, letting some functionality, that could be reused from one to another, be reinvented and thus lots of resources are wasted. To this end, in this work, we aim at providing a generic and non-invasive approach for existing static analyzers, enabling them to perform more broad analysis.",
author = "Li Li",
year = "2016",
month = "5",
day = "14",
doi = "10.1145/2889160.2889258",
language = "English",
pages = "819--822",
booktitle = "Proceedings - 5th International Workshop on Green and Sustainable Software, GREENS 2016",
publisher = "IEEE Computer Society",
address = "United States of America",

}

Li, L 2016, Boosting static analysis of Android apps through code instrumentation. in Proceedings - 5th International Workshop on Green and Sustainable Software, GREENS 2016. IEEE Computer Society, pp. 819-822, International Conference on Software Engineering 2016, Austin, United States of America, 14/05/16. https://doi.org/10.1145/2889160.2889258

Boosting static analysis of Android apps through code instrumentation. / Li, Li.

Proceedings - 5th International Workshop on Green and Sustainable Software, GREENS 2016. IEEE Computer Society, 2016. p. 819-822.

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

TY - GEN

T1 - Boosting static analysis of Android apps through code instrumentation

AU - Li, Li

PY - 2016/5/14

Y1 - 2016/5/14

N2 - Static analysis has been applied to dissect Android apps for many years. The main advantage of using static analysis is its efficiency and entire code coverage characteristics. However, the community has not yet produced complete tools to perform in-depth static analysis, putting users at risk to malicious apps. Because of the diverse challenges caused by Android apps, it is hard for a single tool to efficiently address all of them. Thus, in this work, we propose to boost static analysis of Android apps through code instrumentation, in which the knotty code can be reduced or simplified into an equivalent but analyzable code. Consequently, existing static analyzers, without any modification, can be leveraged to perform extensive analysis, although originally they cannot. Previously, we have successfully applied instrumentation for two challenges of static analysis of Android apps: Inter-Component Communication (ICC) and Reflection. However, these two case studies are implemented separately and the implementation is not reusable, letting some functionality, that could be reused from one to another, be reinvented and thus lots of resources are wasted. To this end, in this work, we aim at providing a generic and non-invasive approach for existing static analyzers, enabling them to perform more broad analysis.

AB - Static analysis has been applied to dissect Android apps for many years. The main advantage of using static analysis is its efficiency and entire code coverage characteristics. However, the community has not yet produced complete tools to perform in-depth static analysis, putting users at risk to malicious apps. Because of the diverse challenges caused by Android apps, it is hard for a single tool to efficiently address all of them. Thus, in this work, we propose to boost static analysis of Android apps through code instrumentation, in which the knotty code can be reduced or simplified into an equivalent but analyzable code. Consequently, existing static analyzers, without any modification, can be leveraged to perform extensive analysis, although originally they cannot. Previously, we have successfully applied instrumentation for two challenges of static analysis of Android apps: Inter-Component Communication (ICC) and Reflection. However, these two case studies are implemented separately and the implementation is not reusable, letting some functionality, that could be reused from one to another, be reinvented and thus lots of resources are wasted. To this end, in this work, we aim at providing a generic and non-invasive approach for existing static analyzers, enabling them to perform more broad analysis.

UR - http://www.scopus.com/inward/record.url?scp=85018428932&partnerID=8YFLogxK

U2 - 10.1145/2889160.2889258

DO - 10.1145/2889160.2889258

M3 - Conference Paper

SP - 819

EP - 822

BT - Proceedings - 5th International Workshop on Green and Sustainable Software, GREENS 2016

PB - IEEE Computer Society

ER -

Li L. Boosting static analysis of Android apps through code instrumentation. In Proceedings - 5th International Workshop on Green and Sustainable Software, GREENS 2016. IEEE Computer Society. 2016. p. 819-822 https://doi.org/10.1145/2889160.2889258