状态转换图制导的ARP错误检测方法  

作　　者：林高毅 崔展齐 陈翔[2] 郑丽伟[1] LIN Gao-Yi;CUI Zhan-Qi;CHEN Xiang;ZHENG Li-Wei(School of Computer Science,Beijing Information Science and Technology University,Beijing 100101,China;School of Information Science and Technology,Nantong University,Nantong 226019,China)

机构地区：[1]北京信息科技大学计算机学院,北京100101 [2]南通大学信息科学技术学院,江苏南通226019

出　　处：《软件学报》2025年第2期469-487,共19页Journal of Software

基　　金：江苏省前沿引领技术基础研究专项(BK20202001);北京信息科技大学“勤信人才”培育计划(QXTCP C201906)。

摘　　要：Android应用开发人员需要在保持应用频繁更新的同时快速检测出应用中Android运行时权限(Android runtime permission,ARP)错误.现有的Android应用自动化测试工具通常未考虑ARP机制,无法有效测试Android应用内的权限相关行为.为帮助开发人员快速检测出应用中ARP错误,提出状态转换图制导的Android应用运行时权限错误检测方法.首先,对被测应用APK文件进行权限误用分析,插桩APK文件中可能导致ARP错误的API,并对APK文件重新签名;然后,安装插桩后的APK文件,动态探索应用以生成其状态转换图(state transition graph,STG);最后,使用STG制导自动化测试,快速检测出应用中ARP错误.基于所提出方法实现原型工具RPBDroid,并与ARP错误动态检测工具SetDroid、PermDroid和传统自动化测试工具APE进行对比实验.实验结果表明,RPBDroid成功检测出17个应用中的15个ARP错误,比APE、SetDroid、PermDroid分别多14、12和14个.此外,相比于测试工具SetDroid、PermDroid和APE,RPBDroid检测ARP错误的平均用时分别减少86.42%、86.72%和86.70%.While keeping frequent application updates,Android application developers need to detect Android runtime permission(ARP)bugs as quickly as possible.Android applications cannot effectively be tested for permission-related behaviors with automated testing tools since they are rarely designed for ARP bugs.This study proposes a state transition graph guided testing approach for detecting ARP bugs in Android applications.First,it analyzes the APK file of the application under test for permission misuse,instruments the APIs that may cause ARP bugs in the APK file,and re-signs the APK file.Then,it installs the APK file and dynamically explores the application to generate its state transition graph(STG).Finally,it detects ARP bugs quickly by automated testing with the guidance of STG.To evaluate the effectiveness of the approach,the study implements a prototype tool RPBDroid and conducts comparative experiments with the ARP bug detection tools SetDroid,PermDroid,and the automated testing tool APE.The experimental results show that RPBDroid successfully detects 15 ARP bugs out of 17 applications,which detects 14,12,and 14 more ARP bugs than APE,SetDroid,and PermDroid respectively.In addition,RPBDroid reduces the average time required to detect ARP bugs by 86.42%,86.72%,and 86.70%in comparison with SetDroid,PermDroid,and APE.

关 键 词：ANDROID应用 Android运行时权限错误 权限误用 自动化测试工具 状态转换图 

分 类 号：TP311[自动化与计算机技术—计算机软件与理论]