| With the widespread of Android smart phones and tablets, people are more and more dependent on smart phone applications. The important role Android applications play calls for more efforts in guaranteeing application quality to enhance user’s experience. To achieve this, program analysis is the best way. Program analysis is a great technique for profiling applications, and can be used to enhance application performance, finding bugs or detect malicious behaviors. In this paper, we implement a distributed framework focusing on dynamic program analysis(DPA) for Android application based on bytecode instrumentation.Considering the multi-process runtime of Android applications as well as the lack of suitable profiling interfaces, it is challenging and difficult to apply DPA on Android. Existing analysis methods and frameworks are focusing mainly on the needs of security related issues and are neither extendable nor flexible enough to provide support for the development of generic DPA tools. Moreover, most of them care only about behaviors of individual processes and lack support for analyzing the scenario where multiple Android processes work together.In this paper we present a distributed framework that provides the fundamental support for the development of DPA tools for Android. It maintains a ShadowVM outside Android to accept user-defined analysis as well as framework-generated events, so that the analysis can be ran in the ShadowVM asynchronously in order. This design separates the analysis from original program, enforces strong isolation and reduces analysis’ s impact upon the base program. At the same, our framework provides a convenient high-level programming model and flexible instrumentation support. It also enables development of cross-platform analyses that can be applied to applications targeting the Android and Java platforms. Another great contribution of this paper is providing not only events from Dalvik Virutal Machine(DVM), but also extension of Binder library on Android to support multi-process analysis, which enriches the ability of analysis development. We implement the event buffering with Android anonymous shared memory, which enhances the performance of events transmission.We evaluate the framework with two diverse case studies, demonstrating key concepts, the flexibility of the framework, and analysis portability. The first case is to provide code coveage analysis for both JVM and DVM, revealing the great functionality and portability. The second case shows how to combine the Binder events with analysis code to detect runtime permission use of Android application. |
PDF Full Text Request