MoonlightBox

mining Android API histories for uncovering release-time inconsistencies

Li Li, Tegawende Bissyande, Jacques Klein

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

2 Citations (Scopus)

Abstract

In most of the approaches aiming at investigating Android apps, the release time of apps is not appropriately taken into account. Through three empirical studies, we demonstrate that the app release time is key for guaranteeing performance. Indeed, not considering time may result in serious threats to the validity of proposed approaches. Unfortunately, even approaches considering time could present some threats to validity when release times are erroneous. Symptoms of such erroneous release times appear in the form of inconsistencies with the APIs leveraged by the app. We present a tool called MoonlightBox for uncovering time inconsistencies by inferring the lower bound assembly time of a given app based on the used API lifetime information: any assembly time below this lower bound is considered as manipulated. We further perform several experiments and confirm that 1) over 7% of Android apps are subject to time inconsistency, 2) malicious apps are more likely to be targeted by time inconsistency, compared to benign apps, 3) time inconsistencies are favoured by some specific app lineages. We eventually revisit the three motivating empirical studies, leveraging MoonlightBox to compute a more realistic timeline of apps. The experimental results confirm that time indeed matters. The accuracy of release time is even crucial to achieve precise results.

Original languageEnglish
Title of host publicationProceedings - 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018
Subtitle of host publication15–18 October 2018 Memphis, Tennessee, USA
EditorsSudipto Ghosh, Roberto Natella, Bojan Cukic, Robin Poston, Nuno Laranjeiro
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages212-223
Number of pages12
ISBN (Electronic)9781538683217
ISBN (Print)9781538683224
DOIs
Publication statusPublished - 2018
EventInternational Symposium on Software Reliability Engineering 2018 - Memphis, United States of America
Duration: 15 Oct 201818 Oct 2018
Conference number: 29th
http://2018.issre.net/

Conference

ConferenceInternational Symposium on Software Reliability Engineering 2018
Abbreviated titleISSRE 2018
CountryUnited States of America
CityMemphis
Period15/10/1818/10/18
Internet address

Keywords

  • Android
  • API History
  • MoonlightBox
  • Release time Inconsistency

Cite this

Li, L., Bissyande, T., & Klein, J. (2018). MoonlightBox: mining Android API histories for uncovering release-time inconsistencies. In S. Ghosh, R. Natella, B. Cukic, R. Poston, & N. Laranjeiro (Eds.), Proceedings - 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018: 15–18 October 2018 Memphis, Tennessee, USA (pp. 212-223). [8539083] Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/ISSRE.2018.00031
Li, Li ; Bissyande, Tegawende ; Klein, Jacques. / MoonlightBox : mining Android API histories for uncovering release-time inconsistencies. Proceedings - 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018: 15–18 October 2018 Memphis, Tennessee, USA. editor / Sudipto Ghosh ; Roberto Natella ; Bojan Cukic ; Robin Poston ; Nuno Laranjeiro. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2018. pp. 212-223
@inproceedings{9665dab86e194f30a1d017991ba3daba,
title = "MoonlightBox: mining Android API histories for uncovering release-time inconsistencies",
abstract = "In most of the approaches aiming at investigating Android apps, the release time of apps is not appropriately taken into account. Through three empirical studies, we demonstrate that the app release time is key for guaranteeing performance. Indeed, not considering time may result in serious threats to the validity of proposed approaches. Unfortunately, even approaches considering time could present some threats to validity when release times are erroneous. Symptoms of such erroneous release times appear in the form of inconsistencies with the APIs leveraged by the app. We present a tool called MoonlightBox for uncovering time inconsistencies by inferring the lower bound assembly time of a given app based on the used API lifetime information: any assembly time below this lower bound is considered as manipulated. We further perform several experiments and confirm that 1) over 7{\%} of Android apps are subject to time inconsistency, 2) malicious apps are more likely to be targeted by time inconsistency, compared to benign apps, 3) time inconsistencies are favoured by some specific app lineages. We eventually revisit the three motivating empirical studies, leveraging MoonlightBox to compute a more realistic timeline of apps. The experimental results confirm that time indeed matters. The accuracy of release time is even crucial to achieve precise results.",
keywords = "Android, API History, MoonlightBox, Release time Inconsistency",
author = "Li Li and Tegawende Bissyande and Jacques Klein",
year = "2018",
doi = "10.1109/ISSRE.2018.00031",
language = "English",
isbn = "9781538683224",
pages = "212--223",
editor = "Sudipto Ghosh and Roberto Natella and Bojan Cukic and Robin Poston and Nuno Laranjeiro",
booktitle = "Proceedings - 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018",
publisher = "IEEE, Institute of Electrical and Electronics Engineers",
address = "United States of America",

}

Li, L, Bissyande, T & Klein, J 2018, MoonlightBox: mining Android API histories for uncovering release-time inconsistencies. in S Ghosh, R Natella, B Cukic, R Poston & N Laranjeiro (eds), Proceedings - 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018: 15–18 October 2018 Memphis, Tennessee, USA., 8539083, IEEE, Institute of Electrical and Electronics Engineers, Piscataway NJ USA, pp. 212-223, International Symposium on Software Reliability Engineering 2018, Memphis, United States of America, 15/10/18. https://doi.org/10.1109/ISSRE.2018.00031

MoonlightBox : mining Android API histories for uncovering release-time inconsistencies. / Li, Li; Bissyande, Tegawende; Klein, Jacques.

Proceedings - 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018: 15–18 October 2018 Memphis, Tennessee, USA. ed. / Sudipto Ghosh; Roberto Natella; Bojan Cukic; Robin Poston; Nuno Laranjeiro. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2018. p. 212-223 8539083.

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

TY - GEN

T1 - MoonlightBox

T2 - mining Android API histories for uncovering release-time inconsistencies

AU - Li, Li

AU - Bissyande, Tegawende

AU - Klein, Jacques

PY - 2018

Y1 - 2018

N2 - In most of the approaches aiming at investigating Android apps, the release time of apps is not appropriately taken into account. Through three empirical studies, we demonstrate that the app release time is key for guaranteeing performance. Indeed, not considering time may result in serious threats to the validity of proposed approaches. Unfortunately, even approaches considering time could present some threats to validity when release times are erroneous. Symptoms of such erroneous release times appear in the form of inconsistencies with the APIs leveraged by the app. We present a tool called MoonlightBox for uncovering time inconsistencies by inferring the lower bound assembly time of a given app based on the used API lifetime information: any assembly time below this lower bound is considered as manipulated. We further perform several experiments and confirm that 1) over 7% of Android apps are subject to time inconsistency, 2) malicious apps are more likely to be targeted by time inconsistency, compared to benign apps, 3) time inconsistencies are favoured by some specific app lineages. We eventually revisit the three motivating empirical studies, leveraging MoonlightBox to compute a more realistic timeline of apps. The experimental results confirm that time indeed matters. The accuracy of release time is even crucial to achieve precise results.

AB - In most of the approaches aiming at investigating Android apps, the release time of apps is not appropriately taken into account. Through three empirical studies, we demonstrate that the app release time is key for guaranteeing performance. Indeed, not considering time may result in serious threats to the validity of proposed approaches. Unfortunately, even approaches considering time could present some threats to validity when release times are erroneous. Symptoms of such erroneous release times appear in the form of inconsistencies with the APIs leveraged by the app. We present a tool called MoonlightBox for uncovering time inconsistencies by inferring the lower bound assembly time of a given app based on the used API lifetime information: any assembly time below this lower bound is considered as manipulated. We further perform several experiments and confirm that 1) over 7% of Android apps are subject to time inconsistency, 2) malicious apps are more likely to be targeted by time inconsistency, compared to benign apps, 3) time inconsistencies are favoured by some specific app lineages. We eventually revisit the three motivating empirical studies, leveraging MoonlightBox to compute a more realistic timeline of apps. The experimental results confirm that time indeed matters. The accuracy of release time is even crucial to achieve precise results.

KW - Android

KW - API History

KW - MoonlightBox

KW - Release time Inconsistency

UR - http://www.scopus.com/inward/record.url?scp=85059608986&partnerID=8YFLogxK

U2 - 10.1109/ISSRE.2018.00031

DO - 10.1109/ISSRE.2018.00031

M3 - Conference Paper

SN - 9781538683224

SP - 212

EP - 223

BT - Proceedings - 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018

A2 - Ghosh, Sudipto

A2 - Natella, Roberto

A2 - Cukic, Bojan

A2 - Poston, Robin

A2 - Laranjeiro, Nuno

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - Piscataway NJ USA

ER -

Li L, Bissyande T, Klein J. MoonlightBox: mining Android API histories for uncovering release-time inconsistencies. In Ghosh S, Natella R, Cukic B, Poston R, Laranjeiro N, editors, Proceedings - 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018: 15–18 October 2018 Memphis, Tennessee, USA. Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers. 2018. p. 212-223. 8539083 https://doi.org/10.1109/ISSRE.2018.00031