Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

AndroLog: Android Instrumentation and Code Coverage Analysis

Jordan Samhi, Andreas Zeller

TL;DR

Problem: Evaluating dynamic behavior of Android apps requires code coverage in black-box settings where source code is unavailable. Approach: AndroLog provides a Soot-based, non-intrusive instrumentation framework that inserts lightweight logs across classes, methods, statements, and Android components, along with a log-processing module to generate coverage reports. Contributions: a two-component architecture (Instrumenter and Log Processor), a three-step workflow (instrument, test, compute coverage), open-source implementation, and superior instrumentation reach (up to 98% vs 79% and 48% for baselines). Significance: enables scalable, low-overhead dynamic analysis with minimal interference and flexible granularity, paving the way for better vulnerability and bug detection in Android apps.

Abstract

Dynamic analysis has emerged as a pivotal technique for testing Android apps, enabling the detection of bugs, malicious code, and vulnerabilities. A key metric in evaluating the efficacy of tools employed by both research and practitioner communities for this purpose is code coverage. Obtaining code coverage typically requires planting probes within apps to gather coverage data during runtime. Due to the general unavailability of source code to analysts, there is a necessity for instrumenting apps to insert these probes in black-box environments. However, the tools available for such instrumentation are limited in their reliability and require intrusive changes interfering with apps' functionalities. This paper introduces AndroLog a novel tool developed on top of the Soot framework, designed to provide fine-grained coverage information at multiple levels, including class, methods, statements, and Android components. In contrast to existing tools, AndroLog leaves the responsibility to test apps to analysts, and its motto is simplicity. As demonstrated in this paper, AndroLog can instrument up to 98% of recent Android apps compared to existing tools with 79% and 48% respectively for COSMO and ACVTool. AndroLog also stands out for its potential for future enhancements to increase granularity on demand. We make AndroLog available to the community and provide a video demonstration of AndroLog (see section 8).

AndroLog: Android Instrumentation and Code Coverage Analysis

TL;DR

Problem: Evaluating dynamic behavior of Android apps requires code coverage in black-box settings where source code is unavailable. Approach: AndroLog provides a Soot-based, non-intrusive instrumentation framework that inserts lightweight logs across classes, methods, statements, and Android components, along with a log-processing module to generate coverage reports. Contributions: a two-component architecture (Instrumenter and Log Processor), a three-step workflow (instrument, test, compute coverage), open-source implementation, and superior instrumentation reach (up to 98% vs 79% and 48% for baselines). Significance: enables scalable, low-overhead dynamic analysis with minimal interference and flexible granularity, paving the way for better vulnerability and bug detection in Android apps.

Abstract

Dynamic analysis has emerged as a pivotal technique for testing Android apps, enabling the detection of bugs, malicious code, and vulnerabilities. A key metric in evaluating the efficacy of tools employed by both research and practitioner communities for this purpose is code coverage. Obtaining code coverage typically requires planting probes within apps to gather coverage data during runtime. Due to the general unavailability of source code to analysts, there is a necessity for instrumenting apps to insert these probes in black-box environments. However, the tools available for such instrumentation are limited in their reliability and require intrusive changes interfering with apps' functionalities. This paper introduces AndroLog a novel tool developed on top of the Soot framework, designed to provide fine-grained coverage information at multiple levels, including class, methods, statements, and Android components. In contrast to existing tools, AndroLog leaves the responsibility to test apps to analysts, and its motto is simplicity. As demonstrated in this paper, AndroLog can instrument up to 98% of recent Android apps compared to existing tools with 79% and 48% respectively for COSMO and ACVTool. AndroLog also stands out for its potential for future enhancements to increase granularity on demand. We make AndroLog available to the community and provide a video demonstration of AndroLog (see section 8).
Paper Structure (10 sections, 5 figures)

This paper contains 10 sections, 5 figures.

Table of Contents

  1. Introduction
  2. Architecture
  3. Design
  4. Instrumenter Component
  5. Log Processor Component
  6. Future Research Opportunities
  7. Preliminary Empirical Evaluation
  8. Related Work
  9. Conclusion
  10. Data Availability

Figures (5)

  • Figure 1: AndroLog's Architecture. The AndroLog Instrumenter takes an app and instruments it. the AndroLog Log Processor takes the app and the logs produced by the instrumented app to generate a code coverage report.
  • Figure 2: AndroLog's Workflow. The analyst uses AndroLog to instrument an app. The analyst tests the instrumented app and collects runtime logs. The analyst uses AndroLog to generate the code coverage report.
  • Figure 3: AndroLog's Design. Instrumenter: AndroLog transforms the Dalvik bytecode of an app into Jimple and instruments it. Then, AndroLog aligns and signs the app which is ready for testing. Log Processor: AndroLog takes the original app (i.e., the non-instrumented version) and the execution logs to produce the code coverage report.
  • Figure 4: LogCheckerClass injected into apps.
  • Figure 5: Example of the instrumentation of a method.