Today's smartphones are a ubiquitous source of private and confidential data. At the same time, smartphone users plagued by carelessly programmed apps that leak important data accident, malicious exploit their given privileges to copy such intentionally. While existing static taint-analysis approaches have potential detecting leaks ahead all for Android use number coarse-grain approximations can yield high numbers missed false alarms.

Today's smartphones are a ubiquitous source of private and confidential data. At the same time, smartphone users plagued by carelessly programmed apps that leak important data accident, malicious exploit their given privileges to copy such intentionally. While existing static taint-analysis approaches have potential detecting leaks ahead all for Android use number coarse-grain approximations can yield high numbers missed false alarms. In this work we thus present FlowDroid, novel highly...

We present a growing collection of Android Applications collected from several sources, including the official Google Play app market. Our dataset, AndroZoo, currently contains more than three million apps, each which has been analysed by tens different Antivirus products to know applications are detected as Malware. provide this dataset contribute ongoing research efforts, well enable new potential topics on Apps. By releasing our community, we also aim at encouraging fellow researchers...

Shake Them All is a popular Wallpaper application exceeding millions of downloads on Google Play. At installation, this given permission to (1) access the Internet (for updating wallpapers) and (2) use device microphone (to change background following noise changes). With these permissions, could silently record user conversations upload them remotely. To give more confidence about how actually processes what it records, necessary build precise analysis tool that tracks flow any sensitive...

Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this given permission to (1) access the Internet (for updating wallpapers) and (2) use device microphone (to change background following noise changes). With these permissions, could silently record user conversations upload them remotely. To give more confidence about how actually processes what it records, necessary build precise analysis tool that tracks flow any sensitive...

This paper introduces Dexpler, a software package which converts Dalvik bytecode to Jimple. Dexpler is built on top of Dedexer and Soot. As Jimple Soot's main internal rep- resentation code, the can be manipu- lated with any based tool, for instance performing point-to or flow analysis.

Large Software Product Lines (SPLs) are common in industry, thus introducing the need of practical solutions to test them. To this end, t-wise can help drastically reduce number product configurations test. Current approaches for SPLs restricted small values t. In addition, these techniques fail at providing means finely control configuration process. view this, automatically generating and prioritizing large required. This paper proposes (a) a search-based approach capable SPLs, forming...

Automated testing of Android apps is essential for app users, developers, and market maintainer communities alike. Given the widespread adoption specificities its development model, literature has proposed various approaches ensuring that not only functional requirements but also nonfunctional are satisfied. In this paper, we aim at providing a clear overview state-of-the-art works around topic testing, in an attempt to highlight main trends, pinpoint methodologies applied, enumerate...

Recently, the ChatGPT LLM has received great attention: it can be used as a bot for discussing source code, prompting to suggest changes, provide descriptions or even generate code. Typical demonstrations generally focus on existing benchmarks, which may have been in model training (i.e., data leakage). To assess feasibility of using an useful assistant programmers, we must its realistic capabilities unseen problems well various tasks. In this paper, present empirical study ChatGPT's...

Software Product Lines (SPL) are difficult to validate due combinatorics induced by variability across their features. This leads combinatorial explosion of the number derivable products. Exhaustive testing in such a large space products is infeasible. One possible option test SPLs generating cases that cover all T feature interactions (T-wise). T-wise dramatically reduces while ensuring reasonable SPL coverage. However, automatic generation satisfying using SAT solvers raises two issues....

Feedback from software users constitutes a vital part in the evolution of projects. By filing issue reports, help identify and fix bugs, document code, enhance via feature requests. Many studies have explored proposed approaches to enable submission higher-quality presented techniques sort, categorize leverage issues for engineering needs. Who, however, cares about issues? What kind are reported trackers? correlation exist between reporting success projects? In this study, we address need...

The Android packaging model offers ample opportunities for malware writers to piggyback malicious code in popular apps, which can then be easily spread a large user base. Although recent research has produced approaches and tools identify piggybacked the literature lacks comprehensive investigation into such phenomenon. We fill this gap by: 1) systematically building set of benign apps pairs, we release community; 2) empirically studying characteristics comparison with their counterparts; 3)...

Android developers heavily use reflection in their apps for legitimate reasons, but also significantly hiding malicious actions. Unfortunately, current state-of-the-art static analysis tools are challenged by the presence of reflective calls which they usually ignore. Thus, results security analysis, e.g., private data leaks, inconsistent given measures taken malware writers to elude detection. We propose DroidRA instrumentation-based approach address this issue a non-invasive way. With...

In the permission-based security model (used e.g. in Android and Blackberry), applications can be granted more permissions than they actually need, what we call a "permission gap". Malware leverage unused for achieving their malicious goals, instance using code injection. this paper, present an approach to detecting permission gaps static analysis. Using our tool on dataset of applications, found out that non negligible part suffers from gaps, i.e. does not use all declare.

Multi-view modeling allows a developer to describe software system from multiple points of view, e.g. structural and behavioral, using different notations. Aspect-oriented techniques have been proposed address the scalability problem within individual This paper presents RAM, an aspect-oriented approach that provides scalable multi-view modeling. RAM modeler define stand-alone reusable aspect models 3 The support structure (using UML class diagrams) behavior state sequence diagrams)....

The packaging model of Android apps requires the entire code necessary for execution an app to be shipped into one single apk file. Thus, analysis often visits which is not part functionality delivered by app. Such contributed common libraries are used pervasively all apps. Unfortunately, analyses, e.g., piggybacking detection and malware detection, can produce inaccurate results if they do take account case library code, constitute noise in features. Despite some efforts on investigating...

Properly benchmarking Automated Program Repair (APR) systems should contribute to the development and adoption of research outputs by practitioners.To that end, community must ensure it reaches significant milestones reliably comparing state-of-the-art tools for a better understanding their strengths weaknesses.In this work, we identify investigate practical bias caused fault localization (FL) step in repair pipeline.We propose highlight different configurations used literature, impact on...

The Android Application Programming Interface provides the necessary building blocks for app developers to harness functionalities of devices, including interacting with services and accessing hardware. This API thus evolves rapidly meet new requirements security, performance advanced features, creating a race update apps. Unfortunately, given extent lack automated alerts on important changes, apps are suffered from API-related compatibility issues. These issues can manifest themselves as...

Although Software Product Lines are recurrently praised as an efficient paradigm for systematic reuse, practical adoption remains challenging. For bottom-up Line adoption, where a set of artefact variants already exists, practitioners lack end-to-end support chaining (1) feature identification, (2) location, (3) constraints discovery, well (4) reengineering approaches. This challenge can be overcome if there exists principles building framework to integrate various algorithms and different...

Test-based automated program repair has been a prolific field of research in software engineering the last decade. Many approaches have indeed proposed, which leverage test suites as weak, but affordable, approximation to specifications. Although literature regularly sets new records on number benchmark bugs that can be fixed, several studies increasingly raise concerns about limitations and biases state-of-the-art approaches. For example, correctness generated patches questioned studies,...

Static analysis has been successfully used in many areas, from verifying mission-critical software to malware detection. Unfortunately, static often produces false positives, which require significant manual effort resolve. In this paper, we show how overlay a probabilistic model, trained using domain knowledge, on top of results, order triage results. We apply idea analyzing mobile applications. Android application components can communicate with each other, both within single applications...