Today's smartphones are a ubiquitous source of private and confidential data. At the same time, smartphone users plagued by carelessly programmed apps that leak important data accident, malicious exploit their given privileges to copy such intentionally. While existing static taint-analysis approaches have potential detecting leaks ahead all for Android use number coarse-grain approximations can yield high numbers missed false alarms.

Today's smartphones are a ubiquitous source of private and confidential data. At the same time, smartphone users plagued by carelessly programmed apps that leak important data accident, malicious exploit their given privileges to copy such intentionally. While existing static taint-analysis approaches have potential detecting leaks ahead all for Android use number coarse-grain approximations can yield high numbers missed false alarms. In this work we thus present FlowDroid, novel highly...

We present a growing collection of Android Applications collected from several sources, including the official Google Play app market. Our dataset, AndroZoo, currently contains more than three million apps, each which has been analysed by tens different Antivirus products to know applications are detected as Malware. provide this dataset contribute ongoing research efforts, well enable new potential topics on Apps. By releasing our community, we also aim at encouraging fellow researchers...

Shake Them All is a popular Wallpaper application exceeding millions of downloads on Google Play. At installation, this given permission to (1) access the Internet (for updating wallpapers) and (2) use device microphone (to change background following noise changes). With these permissions, could silently record user conversations upload them remotely. To give more confidence about how actually processes what it records, necessary build precise analysis tool that tracks flow any sensitive...

Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this given permission to (1) access the Internet (for updating wallpapers) and (2) use device microphone (to change background following noise changes). With these permissions, could silently record user conversations upload them remotely. To give more confidence about how actually processes what it records, necessary build precise analysis tool that tracks flow any sensitive...

Summary Fault localization methods seek to identify faulty program statements based on the information provided by failing and passing test executions. Spectrum‐based are among most popular ones assist programmers assigning suspiciousness values according their probability of being faulty. This paper proposes Metallaxis, a fault approach mutation analysis. The innovative part Metallaxis is that it uses mutants links them with places. Thus, killed mostly tests provide good indication about...

This paper introduces Dexpler, a software package which converts Dalvik bytecode to Jimple. Dexpler is built on top of Dedexer and Soot. As Jimple Soot's main internal rep- resentation code, the can be manipu- lated with any based tool, for instance performing point-to or flow analysis.

Large Software Product Lines (SPLs) are common in industry, thus introducing the need of practical solutions to test them. To this end, t-wise can help drastically reduce number product configurations test. Current approaches for SPLs restricted small values t. In addition, these techniques fail at providing means finely control configuration process. view this, automatically generating and prioritizing large required. This paper proposes (a) a search-based approach capable SPLs, forming...

Although white-box regression test prioritization has been well-studied, the more recently introduced black-box approaches have neither compared against each other nor well-established techniques. We present a comprehensive experimental comparison of several techniques, including strategies and approaches. found that Combinatorial Interaction Testing diversity-based techniques (Input Model Diversity Input Test Set Diameter) perform best among Perhaps surprisingly, we little difference...

Permissioned and private blockchain platforms are increasingly used in today's industry. This paper provides a comprehensive comparative study of the 5 major frameworks (Fabric, Ethereum, Quorum, MultiChain R3 Corda) with regard to community activities, performance, scalability, privacy adoption criteria. Based on literature review, this shows that even if Fabric is promising, final selection framework for specific case-study always trade-off. Finally, lessons learnt given industrial...

Use cases are believed to be a good basis for system testing. Yet, automate the test generation process, there is large gap bridge between high-level use and concrete cases. We propose new approach automating of scenarios in context object-oriented embedded software, taking into account traceability problems views case execution. Starting from formalization requirements based on extended with contracts, we automatically build transition which synthesize Our objective cover terms statement...

Software Product Lines (SPL) are difficult to validate due combinatorics induced by variability across their features. This leads combinatorial explosion of the number derivable products. Exhaustive testing in such a large space products is infeasible. One possible option test SPLs generating cases that cover all T feature interactions (T-wise). T-wise dramatically reduces while ensuring reasonable SPL coverage. However, automatic generation satisfying using SAT solvers raises two issues....

The need for testing-for-diagnosis strategies has been identified a long time, but the explicit link from testing to diagnosis (fault localization) is rare. Analyzing type of information needed efficient fault localization, we identify attribute (called Dynamic Basic Block) that restricts accuracy algorithm. Based on this attribute, test-for-diagnosis criterion proposed and validated through rigorous case studies: it shows test suite can be improved reach high level accuracy. So, dilemma...

Feedback from software users constitutes a vital part in the evolution of projects. By filing issue reports, help identify and fix bugs, document code, enhance via feature requests. Many studies have explored proposed approaches to enable submission higher-quality presented techniques sort, categorize leverage issues for engineering needs. Who, however, cares about issues? What kind are reported trackers? correlation exist between reporting success projects? In this study, we address need...

The Android packaging model offers ample opportunities for malware writers to piggyback malicious code in popular apps, which can then be easily spread a large user base. Although recent research has produced approaches and tools identify piggybacked the literature lacks comprehensive investigation into such phenomenon. We fill this gap by: 1) systematically building set of benign apps pairs, we release community; 2) empirically studying characteristics comparison with their counterparts; 3)...

Many studies suggest using coverage concepts, such as branch coverage, the starting point of testing, while others most prominent test quality indicator. Yet relationship between and fault-revelation remains unknown, yielding uncertainty controversy. Most previous rely on Clean Program Assumption, that a suite will obtain similar for both faulty fixed ('clean') program versions. This assumption may appear intuitive, especially bugs denote small semantic deviations. However, we present...

In the permission-based security model (used e.g. in Android and Blackberry), applications can be granted more permissions than they actually need, what we call a "permission gap". Malware leverage unused for achieving their malicious goals, instance using code injection. this paper, present an approach to detecting permission gaps static analysis. Using our tool on dataset of applications, found out that non negligible part suffers from gaps, i.e. does not use all declare.

Identifying equivalent mutants remains the largest impediment to widespread uptake of mutation testing. Despite being researched for more than three decades, problem remains. We propose Trivial Compiler Equivalence (TCE) a technique that exploits use readily available compiler technology address this long-standing challenge. TCE is directly applicable real-world programs and can imbue existing tools with ability detect special form useless called duplicated mutants. present thorough...

The packaging model of Android apps requires the entire code necessary for execution an app to be shipped into one single apk file. Thus, analysis often visits which is not part functionality delivered by app. Such contributed common libraries are used pervasively all apps. Unfortunately, analyses, e.g., piggybacking detection and malware detection, can produce inaccurate results if they do take account case library code, constitute noise in features. Despite some efforts on investigating...

Properly benchmarking Automated Program Repair (APR) systems should contribute to the development and adoption of research outputs by practitioners.To that end, community must ensure it reaches significant milestones reliably comparing state-of-the-art tools for a better understanding their strengths weaknesses.In this work, we identify investigate practical bias caused fault localization (FL) step in repair pipeline.We propose highlight different configurations used literature, impact on...