Primary supervisorXiao Chen
Android is a mobile operating system that occupies 72.11% market share globally. As the most popular mobile operating system, the android mobile app industry has been active for over a decade, generating billions of dollars in revenue for Google and thousands of mobile app developers. Several third-party Android app stores in China are estimated to generate over $8 billion in yearly revenue. Meanwhile, the number of bugs and vulnerabilities in mobile apps is growing. In 2016, 24.7% of mobile apps contained at least one high-risk security flaw. Therefore, it is necessary to implement efficient static and dynamic testings on an app to fix detected bugs and vulnerabilities before launching to the market.
Although the research community proposed various techniques for testing Android apps, including searched-based, random, model-based, learning-based and program analysis-based approaches, their methods still struggle to achieve high code coverages, which are generally limited to 20% - 30%. The low code coverage implies that those dynamic tools can only test a small part of the entire app, which exposes the apps to the risk of quality and security issues. Besides, hackers may also attack app vulnerabilities to cause revenue loss. In this research, we will first conduct an empirical study to understand the challenges in state-of-the-art dynamic test tools for achieving high code coverage. Based on the observations, we will propose various strategies to tackle such challenges. Finally, we will provide a manually crafted database (i.e., Android apps) for the research community to benchmark their testing tools in handling each challenge.
- Understand the challenges in state-of-the-art Android dynamic test tools through an empirical study.
- Propose strategies to tackle the challenges in the state-of-the-art dynamic test tools.
- Craft a benchmark database for evaluating Android dynamic test tools.
Python programming (required); Android app development (required); Static and dynamic analysis experience (preferred); Deep Learning (preferred)