COLUMBUS: Android App Testing Through Systematic Callback Exploration

Priyanka Bose, Dipanjan Das, Saastha Vasan, Sebastiano Mariani, Ilya Grishchenko, Andrea Continella, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

62 Downloads (Pure)

Abstract

With the continuous rise in the popularity of Android mobile devices, automated testing of apps has become more important than ever. Android apps are event-driven programs. Unfortunately, generating all possible types of events by interacting with an app's interface is challenging for an automated testing approach. Callback-driven testing eliminates the need for event generation by directly invoking app callbacks. However, existing callback-driven testing techniques assume prior knowledge of Android callbacks, and they rely on a human expert, who is familiar with the Android API, to write stub code that prepares callback arguments before invocation. Since the Android API is very large and keeps evolving, prior techniques could only support a small fraction of callbacks present in the Android framework. In this work, we introduce Columbus, a callback-driven testing technique that employs two strategies to eliminate the need for human involvement: (i) it automatically identifies callbacks by simultaneously analyzing both the Android framework and the app under test; (ii) it uses a combination of under-constrained symbolic execution (primitive arguments), and type-guided dynamic heap introspection (object arguments) to generate valid and effective inputs. Lastly, Columbus integrates two novel feedback mechanisms-data dependency and crash-guidance- during testing to increase the likelihood of triggering crashes and maximizing coverage. In our evaluation, Columbus outperforms state-of-the-art model-driven, checkpoint-based, and callback-driven testing tools both in terms of crashes and coverage.

Original languageEnglish
Title of host publicationProceedings of the International Conference on Software Engineering (ICSE)
Pages1381-1392
Number of pages12
ISBN (Electronic)9781665457019
DOIs
Publication statusPublished - 14 Jul 2023
Event45th International Conference on Software Engineering, ICSE 2023 - Melbourne, Australia
Duration: 14 May 202320 May 2023
Conference number: 45

Conference

Conference45th International Conference on Software Engineering, ICSE 2023
Abbreviated titleICSE2023
Country/TerritoryAustralia
CityMelbourne
Period14/05/2320/05/23

Keywords

  • cybersecurity

Fingerprint

Dive into the research topics of 'COLUMBUS: Android App Testing Through Systematic Callback Exploration'. Together they form a unique fingerprint.

Cite this