{"title":"An Empirical Study of the Performance Impacts of Android Code Smells","authors":"Geoffrey Hecht, Naouel Moha, Romain Rouvoy","doi":"10.1145/2897073.2897100","DOIUrl":"https://doi.org/10.1145/2897073.2897100","url":null,"abstract":"Android code smells are bad implementation practices within Android applications (or apps) that may lead to poor software quality, in particular in terms of performance. Yet, performance is a main software quality concern in the development of mobile apps. Correcting Android code smells is thus an important activity to increase the performance of mobile apps and to provide the best experience to mobile end-users while considering the limited constraints of mobile devices (e.g., CPU, memory, battery). However, no empirical study has assessed the positive performance impacts of correcting mobile code smells. In this paper, we therefore conduct an empirical study focusing on the individual and combined performance impacts of three Android performance code smells (namely, Internal Getter/Setter, Member Ignoring Method, and HashMap Usage) on two open source Android apps. To perform this study, we use the Paprika toolkit to detect these three code smells in the analyzed apps, and we derive four versions of the apps by correcting each detected smell independently, and all of them. Then, we evaluate the performance of each version on a common user scenario test. In particular, we evaluate the UI and memory performance using the following metrics: frame time, number of delayed frames, memory usage, and number of garbage collection calls. Our results show that correcting these Android code smells effectively improve the UI and memory performance. In particular, we observe an improvement up to 12.4% on UI metrics when correcting Member Ignoring Method and up to 3.6% on memory-related metrics when correcting the three Android code smells. We believe that developers can benefit from these results to guide their refactoring, and thus improve the quality of their mobile apps.","PeriodicalId":296509,"journal":{"name":"2016 IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132455630","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Profiling the Responsiveness of Android Applications via Automated Resource Amplification","authors":"Yan Wang, A. Rountev","doi":"10.1145/2897073.2897097","DOIUrl":"https://doi.org/10.1145/2897073.2897097","url":null,"abstract":"The responsiveness of the GUI in an Android application is an important component of the user experience. Android guidelines recommend that potentially-expensive operations should not be performed in the GUI thread, but rather in separate threads. The responsiveness of existing code can be improved by introducing such asynchronous processing, either manually or automatically. One simple view is that all potentially-expensive operations should be removed from the GUI thread. We demonstrate that this view is too simplistic, because run-time cost under reasonable conditions may often be below the threshold for poor responsiveness. We propose a profiling approach to characterize response times as a function of the size of a potentially-expensive resource (e.g., shared preferences store, bitmap, or Silt database). By manipulating and \"amplifying\" such resources automatically, we can obtain a responsiveness profile for each GUI-related callback. The profiling is based on a static analysis to generate tests that trigger expensive operations, followed by a dynamic analysis of amplified test execution. Based on our evaluation, we conclude that many operations can be safely left in the GUI thread. These results highlight the importance of choosing carefully - based on profiling information - the operations that should be removed from the GUI thread, in order to avoid unnecessary code complexity.","PeriodicalId":296509,"journal":{"name":"2016 IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft)","volume":"43 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131664602","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kyle R. Corpus, Ralph Joseph DL. Gonzales, Alvin Scott Morada, L. Vea
{"title":"Mobile User Identification through Authentication Using Keystroke Dynamics and Accelerometer Biometrics","authors":"Kyle R. Corpus, Ralph Joseph DL. Gonzales, Alvin Scott Morada, L. Vea","doi":"10.1145/2897073.2897111","DOIUrl":"https://doi.org/10.1145/2897073.2897111","url":null,"abstract":"Biometrics is everything that can be measured in a human being. It has two types; behavioral and physiological. This paper discusses the use of keystroke dynamics, a form of behavioral biometrics that deals with the measure of how a person types, and the utilization of accelerometer biometrics as a form of behavioral biometric that measures how a person holds his mobile device. We collected biometric data from 30 volunteer participants by asking them to enter their 8-16-character password specimens 8 times using a customized tool in a mobile phone. The first 6 collection from each participant was set aside for the training set while the other 2 is for the test set. The data were then processed and extracted keystroke dynamic and accelerometer biometrics using a customized tool written in Java. Several well-known classifiers were trained using keystroke dynamic features alone, accelerometer biometrics alone, and the combination of both. Results show that Neural Network classifier using the combined features gave the most acceptable model. The model performance was further improved by removing some low ranking features defined by the Chi Square attribute evaluator and by removing some features that are highly correlated to other features.","PeriodicalId":296509,"journal":{"name":"2016 IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122983161","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Blending Mobile Programming and Liberal Education in a Social-Economic High School","authors":"Ilenia Fronza, Nabil El Ioini, Luis Corral","doi":"10.1145/2897073.2897096","DOIUrl":"https://doi.org/10.1145/2897073.2897096","url":null,"abstract":"Mobile programming is one of the fastest growing approaches in many fields, such as marketing or e-commerce. From the educational perspective, this means that students should understand that they can build mobile applications (apps) without being professionals, and at the same time recognize their own potential to use technology in any professional path they choose. This goal is not trivial, even if students are in general curious and open to learn about the creation of apps. Indeed, especially in liberal education, students get discouraged upfront as they perceive programming as a difficult task. This paper describes a course that was cre- ated to fit the educational needs of a social-economic high school. Students take part of an interdisciplinary project in which the Software Engineering process is used to promote CT skills. The course was repeated twice and involved 29 students (8th and 9th grade).","PeriodicalId":296509,"journal":{"name":"2016 IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133873460","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Comparing Performance Parameters of Mobile App Development Strategies","authors":"M. Willocx, Jan Vossaert, Vincent Naessens","doi":"10.1145/2897073.2897092","DOIUrl":"https://doi.org/10.1145/2897073.2897092","url":null,"abstract":"Mobile cross-platform tools (CPTs) provide an interesting alternative to native development. Cross-platform tools aim at sharing a significant portion of the application codebase between the implementations for the different platforms. This can drastically decrease the development costs of mobile applications. There is, however, some reluctance of mobile application developers to adopt these tools. One of the reasons is that the landscape of CPTs is so diverse that it is hard to select the most suitable CPT to implement a specific application. The contribution of this paper is twofold. First, it presents a performance analysis of a fully functional mobile application implemented with ten cross-platform tools and native for Android, iOS and Windows Phone. The performance tests are executed on a high- and low-end Android and iOS device, and a Windows Phone device. Second, based on the performance analysis, general conclusions of which application developers should be aware when selecting a specific (type of) cross-platform tool are drawn.","PeriodicalId":296509,"journal":{"name":"2016 IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft)","volume":"230 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114693247","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Inter-App Communication between Android Apps Developed in App-Inventor and Android Studio","authors":"L. A. Allison, M. M. Fuad","doi":"10.1145/2897073.2897117","DOIUrl":"https://doi.org/10.1145/2897073.2897117","url":null,"abstract":"Communications between mobile apps are an important aspect of mobile platforms. Android is specifically designed with inter-app communication in mind and depends on this to provide different platform specific functionalities. Android Apps can either be designed with the help of Android SDK and using IDEs such as Android Studio or by using a browser based platform called App Inventor. These two development platforms provide their own technique for inter-app communication in the same platform, however lack an established method of inter-app communication when apps are developed using the two seperate development platforms. This paper provides the missing information required for the app communications and presents the method for sending and receiving arguments between apps developed in these two platforms. The paper also outlines the significance of the result, and examines their limitations.","PeriodicalId":296509,"journal":{"name":"2016 IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126664559","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"App Security with JSFlow","authors":"Daniel Hedin","doi":"10.1145/2897073.2897714","DOIUrl":"https://doi.org/10.1145/2897073.2897714","url":null,"abstract":"In the presence of attacker controlled code, popular protection mechanisms such as access control and taint tracking fail. We argue for the necessity of full information-flow control and present JSFlow, an information-flow aware interpreter for full ECMA-262(v.5). Previous work has shown that (hybrid) dynamic information-flow enforcement is a fruitful approach to enforcing secure information flow in the setting of web application. Those results naturally extend to hybrid mobile apps, with JSFlow deployed as a library.","PeriodicalId":296509,"journal":{"name":"2016 IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130729273","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Migrating User Interfaces in Native Mobile Applications: Android to iOS","authors":"Xiaochao Fan, Kenny Wong","doi":"10.1145/2897073.2897101","DOIUrl":"https://doi.org/10.1145/2897073.2897101","url":null,"abstract":"Mobile application migration is the process of porting an application's source code from one mobile platform to another. This process is difficult due to many differences between the platforms, such as languages, libraries, tools, design principles, and special hardware features. We consider migrating native mobile applications, which are not typically designed to be portable. While language translators exist to convert some of the source code, there is a lack of techniques to migrate the user interface. In this paper, we propose a technique to semi-automatically migrate the user interface of a native mobile application from Android to iOS.","PeriodicalId":296509,"journal":{"name":"2016 IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134279478","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Rocky Slavin, Xiaoyin Wang, M. Hosseini, James Hester, R. Krishnan, Jaspreet Bhatia, T. Breaux, Jianwei Niu
{"title":"PVDetector: A Detector of Privacy-Policy Violations for Android Apps","authors":"Rocky Slavin, Xiaoyin Wang, M. Hosseini, James Hester, R. Krishnan, Jaspreet Bhatia, T. Breaux, Jianwei Niu","doi":"10.1145/2897073.2897720","DOIUrl":"https://doi.org/10.1145/2897073.2897720","url":null,"abstract":"Many Android apps heavily depend on collecting and sharing sensitive privacy information, such as device ID, location, and postal address, to provide service and value. To protect user privacy, apps are typically required by market places to provide privacy policies informing users about how their private information will be processed. In this paper, we present PVDetector, an automatic tool that analyzes Android apps to detect privacy-policy violations, i.e., inconsistencies between an app’s data collection code and the corresponding description in its privacy policy.","PeriodicalId":296509,"journal":{"name":"2016 IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft)","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117112940","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Biniam Fisseha Demissie, Davide Ghio, M. Ceccato, Andrea Avancini
{"title":"Identifying Android Inter-app Communication Vulnerabilities Using Static and Dynamic Analysis","authors":"Biniam Fisseha Demissie, Davide Ghio, M. Ceccato, Andrea Avancini","doi":"10.1145/2897073.2897082","DOIUrl":"https://doi.org/10.1145/2897073.2897082","url":null,"abstract":"The Android platform is designed to facilitate inter-app integration and communication, so that apps can reuse functionalities implemented by other apps by resorting to delegation. Though this feature is usually mentioned to be the main reason for the popularity of the platform, it also poses security risks to the end user. Malicious unprivileged apps can exploit the delegation model to access privileged tasks that are exposed by vulnerable apps. In this paper, we present a particularly dangerous case of delegation, that we call the Android Wicked Delegation (AWiDe). Moreover, we compare two distinct approaches to automatically detect inadequate message validation, respectively based on static analysis and on dynamic analysis. We empirically validate our approaches on more than three hundred popular apps. Vulnerabilities detected by us lead to the implementation of successful proof-of-concept attacks, and the app developers have confirmed one of them.","PeriodicalId":296509,"journal":{"name":"2016 IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft)","volume":"2 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131882887","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}