{"title":"On the unsoundness of static analysis for Android GUIs","authors":"Yan Wang, Hailong Zhang, A. Rountev","doi":"10.1145/2931021.2931026","DOIUrl":null,"url":null,"abstract":"Android software presents exciting new challenges for the static analysis community. However, static analyses for Android are typically unsound. This is due to the lack of specification of the Android framework, the continuous evolution of framework features and behavior, and the absence of soundness arguments and studies by program analysis researchers. Our goal is to investigate one important aspect of this problem: the static modeling of control/data flow due to interactions of the user with the application's GUI. We compare the solutions of three existing static analyses - FlowDroid, IccTA, and Gator - with the actual run-time behavior. Specifically, we observe the run-time sequences of callbacks and their parameters, and match them against the static abstractions provided by these analyses. This study provides new insights into the unsoundness of existing analysis techniques. We conclude with open questions and action items for program analysis researchers working in this increasingly important area.","PeriodicalId":278847,"journal":{"name":"Proceedings of the 5th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis","volume":"62 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"29","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 5th ACM SIGPLAN International Workshop on State Of the Art in Program Analysis","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2931021.2931026","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 29
Abstract
Android software presents exciting new challenges for the static analysis community. However, static analyses for Android are typically unsound. This is due to the lack of specification of the Android framework, the continuous evolution of framework features and behavior, and the absence of soundness arguments and studies by program analysis researchers. Our goal is to investigate one important aspect of this problem: the static modeling of control/data flow due to interactions of the user with the application's GUI. We compare the solutions of three existing static analyses - FlowDroid, IccTA, and Gator - with the actual run-time behavior. Specifically, we observe the run-time sequences of callbacks and their parameters, and match them against the static abstractions provided by these analyses. This study provides new insights into the unsoundness of existing analysis techniques. We conclude with open questions and action items for program analysis researchers working in this increasingly important area.