| The Android runtime permission model allows the users to grant or revoke permissions at runtime.To verify the robustness of the mobile apps in this scenario,the testing needs to cover various permission combinations as much as possible.Most of the existing Android app automated testing techniques are performed only when all permissions are granted,without considering different permission combinations.If the manual testing is adopted,it is a timeconsuming and labor-consuming process.To address this issue,based on the Android runtime permission model,this paper studies the automated testing of permission-related behaviour of mobile apps,and then proposes an automated testing approach that integrates static analysis and dynamic exploration to avoid the explosion of permission combinations.In the static analysis phase,location and permissions information of permission-related API invocation statements need to be determined.Following each API invocation statement of the app,a statement to print the log is instrumented.Meanwhile,a static state transition graph of the app is constructed.In the dynamic analysis phase,based on the state transition graph output by the static analysis,according to the locallyexhaustive permission combinations strategy,the automated exploration of permission-directed is implemented to cover the target API invocation statements as much as possible and reveal the permission-related behavioural bugs.Based on the automated testing approach,the corresponding prototype tool PermDroid is designed and implemented.In this paper,50 real-world Android apps are selected as the experimental subjects.Three research questions,namely permission-related API invocation statement coverage,bug defection ability,and testing efficiency,are employed to evaluate PermDroid.Three popular Android app automated testing tools,namely Monkey,APE and GESDA,and three common combination testing strategies,namely All-and-None,Pairwise and Exhaustive are used as the comparison approaches.The experimental results demonstrate the effectiveness and efficiency of PermDroid: Compared with the alternative tools,PermDroid achieves a higher coverage(on average 72.38%)in 10 minutes,and uncovers seven permission-related behavioural bugs,which are difficult to find by other automated testing tools in a short time.Compared with the alternative permission-aware strategies,PermDroid significantly reduces the testing time. |
PDF Full Text Request