Ariadnima - Android Component Flow Reconstruction and Visualization
|
|
- Silvester Howard
- 5 years ago
- Views:
Transcription
1 2017 IEEE 31st International Conference on Advanced Information Networking and Applications Ariadnima - Android Component Flow Reconstruction and Visualization Dennis Titze, Konrad Weiss, Julian Schütte {dennis.titze, konrad.weiss, julian.schuette}@aisec.fraunhofer.de Abstract Android applications are built with a set of different component types that serve specific purposes. Thanks to Android s system design they can interact with each other in a variety of ways, which makes it possible to complete complex tasks. The downside of the flexible interconnectivity of system components is that the relationship between them can be very complex and hard to understand. To give a better understanding of the interconnectivity of components, this work focuses on the reconstruction of relationships between the components of an app. Our approach focusses on real world applications by minimizing the need for complex calculations (e.g., flow analysis) where possible. On the basis of static code analysis component transitions will be reconstructed, and in a second step these transitions are then visualized to allow an analyst to easily understand the relationships of the app s components. Keywords. Android component transitions, component reconstruction, static analysis, visualization I. INTRODUCTION In the last years Android has risen to be the dominating smartphone OS with a market share of 87,6% in Q [5]. This is also reflected in the huge amount of Android applications available: over 2.4 million only on the Google play store [10]. Android apps are typically comprised of many different components which interact in many different ways with each other. Although this offers flexibility for the developers, it also makes it difficult to grasp the relationship between components. This can lead to developers having a hard time understanding how components depend on each other when they newly enter a project. That fact makes it also difficult for security analysts to uncover flaws in Android applications that emerge from the combination of different components, inside and across applications. In Android four different types of components (Activities, Receivers, Services and Providers) are used for four different purposes. The main component users see are activities. Activities are components that represent a visual interface to the user which can contain sensitive application information. By reconstructing the flow of activities in an application, information on what tasks can be completed with this application can often be uncovered, which also helps in the discovery of wanted and unwanted behaviour. But since the transitions between the app s components is not obvious, the reconstruction of the transitions is helpful for understanding the app s functionality. To solve the problem of reconstructing the transitions existing research already worked on Inter Component Communication (ICC) reconstruction [7]. Focus of their work was to produce a highly precise reconstruction based on dataflow analysis which can be very time- and resource consuming for real life applications. In contrast to this approach, our approach uses a data flow agnostic reconstruction of component transition parameters which makes it more usable for real life applications, albeit at the price of a lower accuracy. The reconstruction of the Android Component Flow Graph (AFG) is a special form of the Inter Component Communication problem, as not all ICC is relevant for our approach since only the first communication between components starts the target component and is therefore counted as transition. All further communication between these two components does not start any new component and is therefore not relevant in our case. The contribution of this paper is to statically reconstruct component transitions to solve the problem of unclear application component relationships. Transitions are defined as communication over API calls between two components, where the second component is started by the first component via this call. First, all API calls which trigger such transitions are specified. In the second step the parameters of these calls are reconstructed using a backward tracking to calculate the target component. The third step is to determine the caller of the transition, which is also done by backtracking from the API call. An architecture called Ariadnima was developed for this research to reconstruct component transitions and visualize them as a Android Component Flow Graph with special focus in a detailed representation of the activity component. This paper is structured as follows: Section II introduces work related to this paper, Section III details the background necessary for understanding possible component transitions and their reconstruction. Section IV shows how the transitions can be reconstructed and then in Section V how these can be visualized. Section VI evaluates the proposed solution followed by a discussion in Section VII. Section VIII concludes this paper X/17 $ IEEE DOI /AINA
2 II. RELATED WORK Some researchers already worked on related topics, especially the reconstruction of intents. The static intraprocedural reconstruction of Intents by Dienst et. al. [2] uses information from the AndroidManifest.xml and static analysis on top of Dalvik bytecode to reconstruct intent based application dependencies. Our approach considers a broader spectrum of functionalities that can cause component transitions and also uses an interprocedural reconstruction approach. The most prominent approach for reconstructing Inter Component Communication is Epicc [7] which reduced intent reconstruction to an Interprocedural Distributive Environment (IDE) problem. Their approach aims at a very precise reconstruction of the possible ICC. Although their work solved a superset of problems our approach tries to solve, the tools and approach were not considered because they used forward flow analysis which was considered too expensive for the reconstruction of an AFG in bigger applications. As we are only interested in the starting of components itself, and not the full interaction, a full data flow analysis can be skipped. Instead, our approach reconstructs the relevant objects in the inverse direction of program execution. Epicc uses the algorithm described by Sagiv et. al. [8] which has a runtime of O(ED 3 ) (E being the number of edges in the program, D being the symbols), but since not all prerequisites are met the runtime of Epicc is even longer. Since we only traverse the graph once for each API call that starts a transition, our approach has a runtime of O(ED). Our approach still relates to several of the concepts such as the ICC locations and metrics to specify reconstruction accuracy, the view on Intent filters, runtime registered receivers, URI reconstruction, entry and exit points in the application. Similar to Dexteroid [6], Android life cycle models and related callback methods of the four main components and other views or callbacks have been included in our approach to catch all entry points in the application s execution. III. BACKGROUND This section shortly describes the most important terms used in this paper: in the rest of the background: Inter Component Communication: The process of application components interacting with each other. This happens using specific API methods and can be done internally in an application or across components of different applications. Component transition: Subset of ICC where one component causes another component to become active. If that component was not started before, it will be also created. Call site: A call site is a location inside a function where a given method or function is invoked. A. Application Components Developers can extend four different component types to fulfil different tasks when building an application. To be known by the system components have to be declared in the AndroidManifest.xml or added programmatically. Components that are implicitly or explicitly exported in the manifest are reachable by third party applications as interfaces to access some of the applications functionality or data. 1) Activities: As UI controllers, activities manage what is shown to the user and what code is executed on a users input. The activities callback methods and all callback methods of added View components are the beginning of code executed in this component. 2) Services: Services handle long running background tasks that should run independently of what is currently visible to the user and continuously run in the background until the task is finished or the service is stopped. They start running when they are started or bound to by other components via startservice(...) or bindservices(...). 3) Broadcast receivers: Broadcast receivers are components that can be implemented to handle certain broadcasts and perform actions when they are received. After their callback method onreceive(...) is called they have only a limited time to react to the received broadcast before they are terminated if they are not specified to run on a separated thread than the main thread. 4) Content providers: Content providers are used to provide access to the internal data of the app to other apps. Providers are used to have a safer and more secure interface to the data providing create, request, update and delete operations (CRUD interface) by overriding the respective methods of the ContentProvider class. The content providers CRUD-methods are the callback methods that start the provider. B. Component lifecycle Every component type has a specific life cycle that is managed by Android. The Android system changes the life cycle state of a specific component and notifies the component by invoking one of its callback methods. These callback methods are the start of every execution path that occurs in the application. If a component is exported to other applications the callback methods represent entry points into the application. C. Component transitions In Android certain functions on certain objects trigger the system to start a new component. Those functions are the transition points from one component to another. The functions and objects they are executed on may already specify the component type that is started. Intent objects for Activity, Receiver or Service components and URIs for 337
3 Providers are then used as parameters to further specify the transitions target. 1) Intents and Intent filters: Several functions use Intent objects as parameters such that the underlying messaging system can identify the transition target. When intents are used in a transition, the target component name can be set explicitly making it an explicit intent. In the other case, the intent can specify four information types to limit Android in which components such an implicit intent will be delivered to. An action string specifies which task a resolved component should be able to perform. A data URI and/or MIMEtype can be specified that the resulting component has to handle certain data. One or more intent categories further limit the intent according to certain context information. Finally the transition can be limited to a component with a certain package name. Every component that wants to receive implicit intents has to tell the Android systems which Intents can be delivered to it by specifying one or multiple intent filters. Action strings, categories, data URIs and types can be set for every Intent filter statically in the AndroidMainfest.xml or dynamically during runtime. 2) Further transitions: Other actions can further result in component transitions: Intent Sender: can be used to directly cause an intent based transition. The IntentSender object contains an Intent to be send, an action to be performed with the Intent and the identity of the creating application. IntentSender instances can not be created directly, but have to be retrieved from a instance of PendingIntent. Pending Intents: To allow the delegation of intents to other applications Android allows the creation of pending intents. These are wrappers for IntentSender objects created from an Intent and designed to be handed over to third-party applications. Every application, creating or recipient of the object, can trigger a transition by using the objects send methods. Activity Hierarchy: Every activity can declare a parent activity in the AndroidManifest.xml. If that activity is visible when the navigate Up button is pressed by the user, Androids default behaviour is to start the parent activity, causing an additional type of component transitions. D. Exported components Several of the internal components may be exported in the AndroidManifest.xml to make them reachable (i.e., startable or callable) by components of other applications. Their exported status can be explicitly set by setting the android:exported attribute to true or false. If the flag is not set implicit rules are applied: Activities, Receivers and Services are implicitly exported if they have specified an intent filter. Providers where implicitly exported until Android 4.2 and then changed to be exported only if the attribute android:exported is set to true. IV. TRANSITION RECONSTRUCTION Figure 1: The six main phases of the AFG generation Table I: Example Functions Starting an Activity Using Intents Base class Return type Function Context void startactivity(intent i,...) Context void startactivities(intent[] i,...) Activity void startactivity(intent i,...) Activity void startactivities(intent[] i,...) Activity void startactivityforresult(intent i,...) Figure 1 shows the steps needed for reconstructing a Android Component Call Graph. Step 1 and 2 are the preparation of the app which is done using the analysis framework Soot [9]. Step 3 determines the target of the component transition, and Step 4 determines the source of the transition. The targets and sources are then condensed into a graph in Step 5. To make the resulting more comprehensive, a dynamic analysis step generates screenshots of all activities of the app. A. Argument Reconstruction Callee Determination The first step to reconstruct the transition is to find the line of code which starts it. For each of the components described in Section III-A, many API calls exist which start such a transition. Therefore, the Android Developer Documentation [3] and the Android Source Code [4] was searched for any API call which starts such a transition. Some example transitions for Activities are listed in Table I. To find the component that will be the target of a component transition, the arguments going into the API call that starts the transition will have to be reconstructed. Our approach reconstructs objects backwards from the API call where they are used by traversing all possible intraand interprocedural execution paths. The objects used as arguments for the transition starting API call are primarily String, Class and ComponentName objects. These will be reconstructed in this step.the objects can be directly used as arguments for the call sites or to define the content of an Intent. Ariadnima will reconstruct them interprocedurally to get more defining values for the call sites but ignores intraprocedural data and control flows 338
4 Figure 2: Code Example of Activity Transition (DC-agnostic) to get a faster reconstruction at the price of an overapproximation. When the reconstructing of one of these objects is started Ariadnima will search for all defining assignment units or units where those objects are used for an invocation and resumes reconstructing them there. Due to the DC-agnostic analysis, this can cause unused values to be part of the final set of assumed values for that object. An example is shown in Listing 1: the String reference is assigned multiple string constants which overwrite each other: only the last assigned string will be valid but the analysis will consider all of them as valid, therefore overapproximating the possible targets. String str = "Activity1"; str = "Activity2"; starttransitionwithstring ( str ); Listing 1: Overapproximated String B. Caller Determination Until now the possible contents of objects that go into transition-causing API calls were reconstructed and sets of possible target components for those transitions were defined. That leaves the analysis with reconstructing the source components. As explained in Section III-B, the components of an app are managed by the Android system. For all components, several functions exist which can be called by the Android system at certain times during the app s lifecycle. For example, the function oncreate() of an activity is started as the activity is created. To determine possible callers, the call graph is traversed backwards from the call site to search any such functions started by the Android system. Since the calls can originate in different classes of the app, a simple lookup of the current function is not sufficient, and the full backward analysis of the call graph is needed. The result of the caller determination is a list of components which can if a certain call path is executed lead to the transition to the other component. As the caller determination is only a static analysis, the call path might not be executed during runtime (e.g., if certain conditions are never met, which could not be determined statically). C. Activity flow graph construction After collecting valid targets and sources for the defined API call sites the graph is built. First the construction will add all internal components as nodes. Then the construction will iterate over all edges and add both internal edges between the app s components to the graph, as well as all external edges (e.g. an Intent which would start a component of another app) to nodes representing the externally started components. D. Example Figure 2 shows an example of an App containing two Activities MainActivity and SecondActivity. 1) The first step searches through all code locations if an API call exists which can initiate a component transition. In our example, only the API call startactivity(intent) is found. 2) As the value of intent is not known at this location, the Argument Reconstruction phase performs a backward search for all possible values of intent. As described in Section IV-A, only performs a DCagnostic search. In this example the search yields the value SecondActivity.class as possible target of the transition. 3) In the next step, the caller of the transition is reconstructed by reversing the call graph until all lifecycle methods which can lead to this call site are found. The classes containing those lifecycle classes are the possible callers of the transition. In this example, the call graph is traversed backwards to the function oncreate which is a lifecycle function. The class MainActivity containing this function is therefore one possible caller of the transition. The algorithm therefore determined that there is a possible component transition from the activity MainActivity to 339
5 Figure 3: Graph showing incoming and outgoing paths to one component the activity SecondActivity using the API function startactivity(intent). V. VISUALIZATION The result of the previous analysis phase is a textual representation of all nodes, connecting edges and meta information including the type of edge, which Intent resulted in which transition, etc. Additionally, the activities of the app are started to capture a screenshot of the activity. In many cases the screenshot reveals the intention of the activity to an analyst. For example, it might be easy to distinguish a settings activity from a terms-of-service activity. For visualization, this data can be presented to the analyst using many different readily available tools. For our visualization, the network graph component of visjs [1] was used to display the graph. Figure 3 shows such a graph of an example app. This graph shows different named activities and their connection between each other. The graph also shows an external Intent com.google.android.c2dm.intent.register which will be sent from the app to the Android system, which then forwards it to any app registered to the Intent. Further optimizations to simplify the resulting graph were implemented including merging of identical edges (i.e, an activity starts the same other activity in different code locations), and a configurable hiding of certain edges (e.g. hiding of all internal edges to only show which external components the app tries to start). VI. EVALUATION In an evaluation, 100 apps taken from Google Play s newest and most-popular category were randomly selected (in March 2016). The apps ranged in size between 380kB and 50MB (average: 14.9MB). The evaluation was done on a virtual machine with 16 Gigabytes of memory 4 CPU cores. The timeout for the Soot Call Graph construction and code parsing phase was set to two hours. If Soot stopped due to the timeout, the Android Component Flow Graph was not further reconstructed. This was the case for 5 apps, which were excluded for the following time measurements. A. Reconstructed transitions To measure the completeness of the target reconstruction process a similar metric will be used as in the measurements in Epicc [7]. After the reconstruction process that started with a set of call sites our tool considered relevant, the ratio of call sites where at least some target information was found to the original set of call sites will be calculated. This metric does not perfectly reflect the accuracy of the reconstruction as the number of different target information going into one call site is neither measured nor known. Additionally the metric only counts the API call sites that were considered in the analysis. So missed transitions due to not considered API functions have no influence on the measurement. After the analysis 54% of the initial call sites had some reconstructed target information and for 47% of all processed call sites not only target information was found, but at least one source component could be identified. Those 47% of call sites will have edges in the resulting Activity flow graph. B. Runtime Table II shows the median time spend in the different phases and the median total time. The runtime evaluation 340
6 Table II: Median Runtimes of the Reconstruction Phases Phases Unpacking Screenshots Soot Targets Sources AFG Total Time (s) Relative (%) shows that the main efforts for the static analysis are spent in the preparation phase (Soot). Reconstructing the targets and sources and the resulting graph takes much less time. Another big part of the runtime is the screenshot phase where a screenshot of each app is taken using a virtual device. This could be further improved, e.g., by using a real device instead of a virtual one. VII. DISCUSSION The approach of this work allows the reconstruction of the parameters needed for target reconstruction. As new Android versions often introduce new API functions, the analysis is specific to one Android version. For any other version, all possible transition API functions need to be identified and added to the tool. If new parameters need to be reconstructed, their reconstruction needs to be added to the tool as well. The main analysis is based upon Soot which e.g., produces the Call Graph. Soot currently does not analyse any native code, which is therefore also not analysed in our tool. Further the analysis of Ariadnima is dependant on the precision of the Call Graph produced by Soot. This Call Graph does e.g., not include calls made using Java Reflection. As Ariadnima uses a DC-agnostic approach to reconstruct the arguments of a transition, the resulting Android Component Flow Graph lacks precision compared to other approaches (although at the big benefit of a much lower complexity). In the future we plan to increase the reconstruction precision in those cases the resulting graph will most benefit from the higher precision, e.g., by performing flow analysis on very limited parts of the code. The evaluation showed that the taking of screenshots consumes a lot of time, which will further be improved in the future. VIII. CONCLUSION The goal of this work was to build a tool to reconstruct an Android Component Flow Graph representing the direct and indirect transitions between components in an application, and the transitions into the Android system. The focus of our work was not to have a graph which is as precise as possible, but to have an approach capable of analysing real life applications. To achieve this, several simplifications were used in the approach, mainly a data and call graph agnostic reconstruction of transition call arguments. The second focus of the work was to generate a meaningful visualization, which was realized by capturing screenshots of all activities and representing the graph with all connected components and their screenshots. An evaluation of Ariadnima has shown that although being practical in terms of runtime for real apps, the data and call graph agnostic reconstruction of transition call arguments results in several missed transitions. In our tests, 47% of the transitions were recovered. An analyst therefore needs to decide if a high precision is needed which requires a resource intensive data flow analysis, or missing several transitions is acceptable. In the latter case, Ariadnima can provide a sufficient solution. REFERENCES [1] vis.js - A dynamic, browser based visualization library. [2] S. Dienst and T. Berger. Static Analysis of App Dependencies in Android Bytecode. 0:1 10, [3] Google Inc. Android Developer Documentation. [4] Google Inc. Android Open Source Project. [5] IDC. Smartphone OS Market Share, 2016 Q2. [6] M. Junaid, D. Liu, and D. Kung. Dexteroid: Detecting Malicious Behaviors in Android Apps Using Reverse- Engineered Life Cycle Models [7] D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein, and Y. L. Traon. Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis. USENIX Security Symposium, pages , [8] M. Sagiv, T. Reps, and S. Horwitz. Precise interprocedural dataflow analysis with applications to constant propagation. Theoretical Computer Science, 167(1): , [9] T. U. D. Secure Software Engineering Group. A framework for analyzing and transforming Java and Android Applications. [10] Statista. Google Play Store Statistics September
Lecture 2 Android SDK
Lecture 2 Android SDK This work is licensed under the Creative Commons Attribution 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by/4.0/ or send a
More informationSecurity Philosophy. Humans have difficulty understanding risk
Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy
More informationLecture 08. Android Permissions Demystified. Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner. Operating Systems Practical
Lecture 08 Android Permissions Demystified Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner Operating Systems Practical 20 November, 2013 OSP Lecture 08, Android Permissions Demystified
More informationMinds-on: Android. Session 2
Minds-on: Android Session 2 Paulo Baltarejo Sousa Instituto Superior de Engenharia do Porto 2016 Outline Activities UI Events Intents Practice Assignment 1 / 33 2 / 33 Activities Activity An activity provides
More informationAndroid. Mobile operating system developed by Google A complete stack. Based on the Linux kernel Open source under the Apache 2 license
Android Android Mobile operating system developed by Google A complete stack OS, framework A rich set of applications Email, calendar, browser, maps, text messaging, contacts, camera, dialer, music player,
More informationAndroid Fundamentals - Part 1
Android Fundamentals - Part 1 Alexander Nelson September 1, 2017 University of Arkansas - Department of Computer Science and Computer Engineering Reminders Projects Project 1 due Wednesday, September 13th
More informationAmandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps
Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps FENGGUO WEI, University of South Florida SANKARDAS ROY, Bowling Green State University
More informationCS378 -Mobile Computing. Services and Broadcast Receivers
CS378 -Mobile Computing Services and Broadcast Receivers Services One of the four primary application components: activities content providers services broadcast receivers 2 Services Application component
More informationApplication Fundamentals
Application Fundamentals CS 2046 Mobile Application Development Fall 2010 Announcements CMS is up If you did not get an email regarding this, see me after class or send me an email. Still working on room
More informationAmandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps
1 Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps FENGGUO WEI, University of South Florida SANKARDAS ROY, Bowling Green State University
More informationMobile Application Development Android
Mobile Application Development Android Lecture 2 MTAT.03.262 Satish Srirama satish.srirama@ut.ee Android Lecture 1 -recap What is Android How to develop Android applications Run & debug the applications
More informationStatic Analysis for Android: GUIs, Callbacks, and Beyond
Static Analysis for Android: GUIs, Callbacks, and Beyond Atanas (Nasko) Rountev Joint work with Dacong Yan Shengqian Yang Haowei Wu Yan Wang Hailong Zhang Ohio State University PRESTO: Program Analyses
More informationServices are software components designed specifically to perform long background operations.
SERVICES Service Services are software components designed specifically to perform long background operations. such as downloading a file over an internet connection or streaming music to the user, but
More informationCS371m - Mobile Computing. Content Providers And Content Resolvers
CS371m - Mobile Computing Content Providers And Content Resolvers Content Providers One of the four primary application components: activities content providers / content resolvers services broadcast receivers
More informationUnderstanding and Detecting Wake Lock Misuses for Android Applications
Understanding and Detecting Wake Lock Misuses for Android Applications Artifact Evaluated by FSE 2016 Yepang Liu, Chang Xu, Shing-Chi Cheung, and Valerio Terragni Code Analysis, Testing and Learning Research
More informationProgramming with Android: Intents. Luca Bedogni. Dipartimento di Scienze dell Informazione Università di Bologna
Programming with Android: Intents Luca Bedogni Dipartimento di Scienze dell Informazione Università di Bologna Outline What is an intent? Intent description Handling Explicit Intents Handling implicit
More informationAndroid App Development. Ahmad Tayeb
Android App Development Ahmad Tayeb Ahmad Tayeb Lecturer @ Department of Information Technology, Faculty of Computing and Information Technology, KAU Master degree from Information Sciences and Technologies,
More informationUnderstand applications and their components. activity service broadcast receiver content provider intent AndroidManifest.xml
Understand applications and their components activity service broadcast receiver content provider intent AndroidManifest.xml Android Application Written in Java (it s possible to write native code) Good
More informationUnderstanding and Detecting Wake Lock Misuses for Android Applications
Understanding and Detecting Wake Lock Misuses for Android Applications Artifact Evaluated Yepang Liu, Chang Xu, Shing-Chi Cheung, and Valerio Terragni Code Analysis, Testing and Learning Research Group
More informationIntroduction to Android
Introduction to Android Ambient intelligence Alberto Monge Roffarello Politecnico di Torino, 2017/2018 Some slides and figures are taken from the Mobile Application Development (MAD) course Disclaimer
More informationCS 528 Mobile and Ubiquitous Computing Lecture 3b: Android Activity Lifecycle and Intents Emmanuel Agu
CS 528 Mobile and Ubiquitous Computing Lecture 3b: Android Activity Lifecycle and Intents Emmanuel Agu Android Activity LifeCycle Starting Activities Android applications don't start with a call to main(string[])
More informationANDROID DEVELOPMENT. Course Details
ANDROID DEVELOPMENT Course Details centers@acadgild.com www.acadgild.com 90360 10796 01 Brief About the Course Android s share of the global smartphone is 81%. The Google Certified Android development
More informationServices. Background operating component without a visual interface Running in the background indefinitely
Services Background operating component without a visual interface Running in the background indefinitely Differently from Activity, Service in Android runs in background, they don t have an interface
More informationIntroduction To JAVA Programming Language
Introduction To JAVA Programming Language JAVA is a programming language which is used in Android App Development. It is class based and object oriented programming whose syntax is influenced by C++. The
More informationCMSC436: Fall 2013 Week 3 Lab
CMSC436: Fall 2013 Week 3 Lab Objectives: Familiarize yourself with the Activity class, the Activity lifecycle, and the Android reconfiguration process. Create and monitor a simple application to observe
More informationStatic Verification of Android Security
Static Verification of Android Security Michele Bugliesi based on work with Stefano Calzavara and Alvise Spanò appeared at FORTE/FMOODS Int. Conf. 2013 Università Ca Foscari Venezia Dipartimento di Scienze
More informationANDROID SERVICES, BROADCAST RECEIVER, APPLICATION RESOURCES AND PROCESS
ANDROID SERVICES, BROADCAST RECEIVER, APPLICATION RESOURCES AND PROCESS 1 Instructor: Mazhar Hussain Services A Service is an application component that can perform long-running operations in the background
More informationMobile Computing. Introduction to Android
Mobile Computing Introduction to Android Mobile Computing 2011/2012 What is Android? Open-source software stack for mobile devices OS, middleware and key applications Based upon a modified version of the
More informationExtended Dataflow Model For Automated Parallel Execution Of Algorithms
Extended Dataflow Model For Automated Parallel Execution Of Algorithms Maik Schumann, Jörg Bargenda, Edgar Reetz and Gerhard Linß Department of Quality Assurance and Industrial Image Processing Ilmenau
More informationAutomated Generation of Event-Oriented Exploits in Android Hybrid Apps
Automated Generation of Event-Oriented Exploits in Android Hybrid Apps Guangliang Yang, Jeff Huang, and Guofei Gu *Secure Communication and Computer Systems Lab Texas A&M University In Android, the hybrid
More informationANDROID SYLLABUS. Advanced Android
Advanced Android 1) Introduction To Mobile Apps I. Why we Need Mobile Apps II. Different Kinds of Mobile Apps III. Briefly about Android 2) Introduction Android I. History Behind Android Development II.
More informationWeiss Chapter 1 terminology (parenthesized numbers are page numbers)
Weiss Chapter 1 terminology (parenthesized numbers are page numbers) assignment operators In Java, used to alter the value of a variable. These operators include =, +=, -=, *=, and /=. (9) autoincrement
More informationTowards Verifying Android Apps for the Absence of No-Sleep Energy Bugs
Towards Verifying Android Apps for the Absence of No-Sleep Energy Bugs Panagiotis Vekris Ranjit Jhala, Sorin Lerner, Yuvraj Agarwal University of California, San Diego 1 2 Software Energy Bugs 3 Software
More informationCS 370 Android Basics D R. M I C H A E L J. R E A L E F A L L
CS 370 Android Basics D R. M I C H A E L J. R E A L E F A L L 2 0 1 5 Activity Basics Manifest File AndroidManifest.xml Central configuration of Android application Defines: Name of application Icon for
More informationAndroid Online Training
Android Online Training IQ training facility offers Android Online Training. Our Android trainers come with vast work experience and teaching skills. Our Android training online is regarded as the one
More informationAndroid Programming - Jelly Bean
1800 ULEARN (853 276) www.ddls.com.au Android Programming - Jelly Bean Length 5 days Price $4235.00 (inc GST) Overview This intensive, hands-on five-day course teaches programmers how to develop activities,
More informationSummarizing Control Flow of Callbacks for Android API Methods
Summarizing Control Flow of Callbacks for Android API Methods Danilo Dominguez Perez and Wei Le Iowa State University {danilo0, weile}@iastate.edu ABSTRACT Ensuring the reliability and security of Android
More informationAtelier Java - J1. Marwan Burelle. EPITA Première Année Cycle Ingénieur.
marwan.burelle@lse.epita.fr http://wiki-prog.kh405.net Plan 1 2 Plan 3 4 Plan 1 2 3 4 A Bit of History JAVA was created in 1991 by James Gosling of SUN. The first public implementation (v1.0) in 1995.
More information1. GOALS and MOTIVATION
AppSeer: Discovering Interface Defects among Android Components Vincenzo Chiaramida, Francesco Pinci, Ugo Buy and Rigel Gjomemo University of Illinois at Chicago 4 September 2018 Slides by: Vincenzo Chiaramida
More informationProgramming with Android: Activities and Intents. Dipartimento di Informatica Scienza e Ingegneria Università di Bologna
Programming with Android: Activities and Intents Luca Bedogni Marco Di Felice Dipartimento di Informatica Scienza e Ingegneria Università di Bologna Outline What is an intent? Intent description Handling
More informationActivities and Fragments
Activities and Fragments 21 November 2017 Lecture 5 21 Nov 2017 SE 435: Development in the Android Environment 1 Topics for Today Activities UI Design and handlers Fragments Source: developer.android.com
More informationInteroperation of tasks
Operating systems (vimia219) Interoperation of tasks Tamás Kovácsházy, PhD 4 th topic, Implementation of tasks, processes and threads Budapest University of Technology and Economics Department of Measurement
More informationMC Android Programming
MC1921 - Android Programming Duration: 5 days Course Price: $3,395 Course Description Android is an open source platform for mobile computing. Applications are developed using familiar Java and Eclipse
More informationLecture 1 Introduction to Android. App Development for Mobile Devices. App Development for Mobile Devices. Announcement.
CSCE 315: Android Lectures (1/2) Dr. Jaerock Kwon App Development for Mobile Devices Jaerock Kwon, Ph.D. Assistant Professor in Computer Engineering App Development for Mobile Devices Jaerock Kwon, Ph.D.
More informationActivities. https://developer.android.com/guide/components/activities.html Repo: https://github.com/karlmorris/basicactivities
Activities https://developer.android.com/guide/components/activities.html Repo: https://github.com/karlmorris/basicactivities Overview What is an Activity Starting and stopping activities The Back Stack
More informationJava for Programmers Course (equivalent to SL 275) 36 Contact Hours
Java for Programmers Course (equivalent to SL 275) 36 Contact Hours Course Overview This course teaches programmers the skills necessary to create Java programming system applications and satisfies the
More informationClass Analysis for Testing of Polymorphism in Java Software
Class Analysis for Testing of Polymorphism in Java Software Atanas Rountev Ana Milanova Barbara G. Ryder Rutgers University, New Brunswick, NJ 08903, USA {rountev,milanova,ryder@cs.rutgers.edu Abstract
More informationEMBEDDED SYSTEMS PROGRAMMING Application Basics
EMBEDDED SYSTEMS PROGRAMMING 2015-16 Application Basics APPLICATIONS Application components (e.g., UI elements) are objects instantiated from the platform s frameworks Applications are event driven ( there
More informationAndroid Programming (5 Days)
www.peaklearningllc.com Android Programming (5 Days) Course Description Android is an open source platform for mobile computing. Applications are developed using familiar Java and Eclipse tools. This Android
More informationPScout: Analyzing the Android Permission Specification. Kathy Wain Yee Au
PScout: Analyzing the Android Permission Specification by Kathy Wain Yee Au A thesis submitted in conformity with the requirements for the degree of Master of Applied Science Graduate Department of Electrical
More informationCS 193A. Multiple Activities and Intents
CS 193A Multiple Activities and Intents This document is copyright (C) Marty Stepp and Stanford Computer Science. Licensed under Creative Commons Attribution 2.5 License. All rights reserved. Multiple
More informationCS378 -Mobile Computing. Intents
CS378 -Mobile Computing Intents Intents Allow us to use applications and components that are part of Android System and allow other applications to use the components of the applications we create Examples
More informationGenerating Predicate Callback Summaries for the Android Framework
Generating Predicate Callback Summaries for the Android Framework Danilo Dominguez Perez and Wei Le Iowa State Univeristy {danilo0,weile}@iastate.edu arxiv:703.08902v3 [cs.se] 29 Mar 207 Abstract One of
More informationMobile Application Development Android
Mobile Application Development Android Lecture 3 MTAT.03.262 Satish Srirama satish.srirama@ut.ee Android Lecture 2 - recap Views and Layouts Events Basic application components Activities Intents 9/15/2014
More informationATC Android Application Development
ATC Android Application Development 1. Android Framework and Android Studio b. Android Platform Architecture i. Linux Kernel ii. Hardware Abstraction Layer(HAL) iii. Android runtime iv. Native C/C++ Libraries
More informationITG Software Engineering
Android Security Course ID: Page 1 Last Updated 12/15/2014 Android Security ITG Software Engineering Course Overview: This 5 day course covers the Android architecture, the stack, and primary building
More informationServices. service: A background task used by an app.
CS 193A Services This document is copyright (C) Marty Stepp and Stanford Computer Science. Licensed under Creative Commons Attribution 2.5 License. All rights reserved. Services service: A background task
More informationThe Open Mobile Provisioning API
The Open Mobile Provisioning API V E R S I O N 3. 2 J U N E 2 0 1 4 Corporate Headquarters ipass Inc. 3800 Bridge Parkway Redwood Shores, CA 94065 USA www.ipass.com +1 650-232-4100 +1 650-232-0227 fx TABLE
More informationNational College of Ireland BSc in Computing 2015/2016. Mahmoud Azzam LocalDeal. Final Report
National College of Ireland BSc in Computing 2015/2016 Mahmoud Azzam 13110241 X13110241@student.ncirl.ie LocalDeal Final Report Table of Contents Table of Contents Executive Summary... 4 1 Introduction...
More informationAndroid Application Development
Android Application Development Course Code: AND-401 Version 7 (Nougat) 2016 Android ATC Published by: Android ATC Fourth Printing: December 2016. First Printing: October 2013. ISBN: 978-0-9900143-8-6
More informationWHOLE-SYSTEM ANALYSIS FOR UNDERSTANDING PUBLICLY ACCESSIBLE FUNCTIONS IN ANDROID
WHOLE-SYSTEM ANALYSIS FOR UNDERSTANDING PUBLICLY ACCESSIBLE FUNCTIONS IN ANDROID Nguyen Huu Hoang () (2) *, Lingxiao Jiang (2), Quan Thanh Tho () () Ho Chi Minh City University of Technology, Viet Nam
More informationAP COMPUTER SCIENCE JAVA CONCEPTS IV: RESERVED WORDS
AP COMPUTER SCIENCE JAVA CONCEPTS IV: RESERVED WORDS PAUL L. BAILEY Abstract. This documents amalgamates various descriptions found on the internet, mostly from Oracle or Wikipedia. Very little of this
More informationD WSMO Data Grounding Component
Project Number: 215219 Project Acronym: SOA4All Project Title: Instrument: Thematic Priority: Service Oriented Architectures for All Integrated Project Information and Communication Technologies Activity
More informationDynamic Detection of Inter- Application Communication Vulnerabilities in Android. Daniel Barton
Dynamic Detection of Inter- Application Communication Vulnerabilities in Android Daniel Barton Authors/Paper Metadata Roee Hay IBM Security Omer Tripp IBM T.J. Watson Research Center Marco Pistoia IBM
More informationMobile Application Development Android
Mobile Application Development Android Lecture 3 MTAT.03.262 Satish Srirama satish.srirama@ut.ee Android Lecture 2 - recap Views and Layouts Events Basic application components Activities Intents 9/22/2017
More informationInspirel. YAMI4 Requirements. For YAMI4Industry, v page 1
YAMI4 Requirements For YAMI4Industry, v.1.3.1 www.inspirel.com info@inspirel.com page 1 Table of Contents Document scope...3 Architectural elements...3 Serializer...3 Socket...3 Input buffer...4 Output
More informationSoftware Practice 3 Today s lecture Today s Task
1 Software Practice 3 Today s lecture Today s Task Prof. Hwansoo Han T.A. Jeonghwan Park 43 2 MULTITHREAD IN ANDROID 3 Activity and Service before midterm after midterm 4 Java Thread Thread is an execution
More informationClass 6. Review; questions Assign (see Schedule for links) Slicing overview (cont d) Problem Set 3: due 9/8/09. Program Slicing
Class 6 Review; questions Assign (see Schedule for links) Slicing overview (cont d) Problem Set 3: due 9/8/09 1 Program Slicing 2 1 Program Slicing 1. Slicing overview 2. Types of slices, levels of slices
More informationInformatica PIM. Functional Overview. Version: Date:
Informatica PIM Functional Overview Version: Date: 8 March 18, 2014 Table of Contents Process Overview 3 Supplier Invitation 3 User Roles 3 Data Upload 4 Management of Import Mappings 5 Validation Rules
More informationDesigning Web Applications: Lessons from SAS User Interface Analysts Todd Barlow, SAS Institute Inc., Cary, NC
Designing Web Applications: Lessons from SAS User Interface Analysts Todd Barlow, SAS Institute Inc., Cary, NC ABSTRACT Web application user interfaces combine aspects of non-web GUI design and Web site
More informationandroid application development CONTENTS 1.1 INTRODUCTION TO O ANDROID OPERATING SYSTEM... TURES Understanding the Android Software Stack...
Contents android application development FOR m.tech (jntu - h) i semester - CSE, ii semester - WEB TECHNOLOGIES CONTENTS i UNIT - I [CH. H. - 1] ] [INTRODUCTION TO ANDROID OPERATING SYSTEM]... 1.1-1.32
More informationCross-platform daemonization tools.
Cross-platform daemonization tools. Release 0.1.0 Muterra, Inc Sep 14, 2017 Contents 1 What is Daemoniker? 1 1.1 Installing................................................. 1 1.2 Example usage..............................................
More informationAndroid App Development
Android App Development Course Contents: Android app development Course Benefit: You will learn how to Use Advance Features of Android with LIVE PROJECTS Original Fees: 15000 per student. Corporate Discount
More informationOn Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis
On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis Michael Backes, Sven Bugiel, Erik Derr, Patrick McDaniel, Damien Octeau, and Sebastian Weisgerber
More informationOn Understanding Permission Usage Contextuality in Android Apps
On Understanding Permission Usage Contextuality in Android Apps Md Zakir Hossen and Mohammad Mannan Concordia Institute of Information Systems Engineering Concordia University, Montreal, Canada {m osssen,mmannan}@ciise.concordia.ca
More informationCommunication. Distributed Systems Santa Clara University 2016
Communication Distributed Systems Santa Clara University 2016 Protocol Stack Each layer has its own protocol Can make changes at one layer without changing layers above or below Use well defined interfaces
More informationTongbo Luo Cong Zheng Zhi Xu Xin Ouyang ANTI-PLUGIN: DON T LET YOUR APP PLAY AS AN ANDROID PLUGIN
Tongbo Luo Cong Zheng Zhi Xu Xin Ouyang ANTI-PLUGIN: DON T LET YOUR APP PLAY AS AN ANDROID PLUGIN Bio Black Hat Veteran. Principle Security Researcher @ PANW. Mobile Security - Discover Malware - Android
More informationRipple: Reflection Analysis for Android Apps in Incomplete Information Environments
Ripple: Reflection Analysis for Android Apps in Incomplete Information Environments Yifei Zhang, Tian Tan, Yue Li and Jingling Xue Programming Languages and Compilers Group University of New South Wales
More informationIntents and Intent Filters
Intents and Intent Filters Intent Intent is an messaging object. There are three fundamental use cases: Starting an activity: Intent intent = new Intent(this, SecondActivity.class); startactivity(intent);
More informationOSC. Simplification. Asset Store Description 2 Underlying Concepts 3 Getting started 4
OSC Simplification Manual Version 1.2 Asset Store Description 2 Underlying Concepts 3 Getting started 4 How to receive without scripting 4 How to send almost without scripting 5 How to receive using scripting
More informationBEAAquaLogic. Service Bus. Interoperability With EJB Transport
BEAAquaLogic Service Bus Interoperability With EJB Transport Version 3.0 Revised: February 2008 Contents EJB Transport Introduction...........................................................1-1 Invoking
More informationBuilding User Interface for Android Mobile Applications II
Building User Interface for Android Mobile Applications II Mobile App Development 1 MVC 2 MVC 1 MVC 2 MVC Android redraw View invalidate Controller tap, key pressed update Model MVC MVC in Android View
More information2 Lecture Embedded System Security A.-R. Darmstadt, Android Security Extensions
2 Lecture Embedded System Security A.-R. Sadeghi, @TU Darmstadt, 2011-2014 Android Security Extensions App A Perm. P 1 App B Perm. P 2 Perm. P 3 Kirin [2009] Reference Monitor Prevents the installation
More informationAndroid Application Sandbox. Thomas Bläsing DAI-Labor TU Berlin
Android Application Sandbox Thomas Bläsing DAI-Labor TU Berlin Agenda Introduction What is Android? Malware on smartphones Common countermeasures on the Android platform Use-Cases Design Conclusion Summary
More informationACTIVITY, FRAGMENT, NAVIGATION. Roberto Beraldi
ACTIVITY, FRAGMENT, NAVIGATION Roberto Beraldi Introduction An application is composed of at least one Activity GUI It is a software component that stays behind a GUI (screen) Activity It runs inside the
More informationUsing DidFail to Analyze Flow of Sensitive Information in Sets of Android Apps
Using DidFail to Analyze Flow of Sensitive Information in Sets of Android Apps Will Klieber*, Lori Flynn*, Amar Bhosale, Limin Jia, and Lujo Bauer *presenting June 2015 Copyright 2015 Carnegie Mellon University
More informationUnCovert: Evaluating thermal covert channels on Android systems. Pascal Wild
UnCovert: Evaluating thermal covert channels on Android systems Pascal Wild August 5, 2016 Contents Introduction v 1: Framework 1 1.1 Source...................................... 1 1.2 Sink.......................................
More informationAnother difference is that the kernel includes only the suspend to memory mechanism, and not the suspend to hard disk, which is used on PCs.
9. Android is an open-source operating system for mobile devices. Nowadays, it has more than 1.4 billion monthly active users (statistic from September 2015) and the largest share on the mobile device
More informationInformation-Flow Analysis of Android Applications in DroidSafe
Information-Flow Analysis of Android Applications in DroidSafe Michael I. Gordon, Deokhwan Kim, Jeff Perkins, and Martin Rinard MIT CSAIL Limei Gilham Kestrel Institute Nguyen Nguyen Global InfoTek, Inc.
More informationEMBEDDED SYSTEMS PROGRAMMING Android Services
EMBEDDED SYSTEMS PROGRAMMING 2016-17 Android Services APP COMPONENTS Activity: a single screen with a user interface Broadcast receiver: responds to system-wide broadcast events. No user interface Service:
More informationMultiple Activities. Many apps have multiple activities
Intents Lecture 7 Multiple Activities Many apps have multiple activities An activity A can launch another activity B in response to an event The activity A can pass data to B The second activity B can
More informationPointer Analysis in the Presence of Dynamic Class Loading. Hind Presented by Brian Russell
Pointer Analysis in the Presence of Dynamic Class Loading Martin Hirzel, Amer Diwan and Michael Hind Presented by Brian Russell Claim: First nontrivial pointer analysis dealing with all Java language features
More informationF O U N D A T I O N. OPC Unified Architecture. Specification. Part 1: Concepts. Version 1.00
F O U N D A T I O N Unified Architecture Specification Part 1: Concepts Version 1.00 July 28, 2006 Unified Architecture, Part 1 iii Release 1.00 CONTENTS Page FOREWORD... vi AGREEMENT OF USE... vi 1 Scope...
More informationOSEK/VDX. Communication. Version January 29, 2003
Open Systems and the Corresponding Interfaces for Automotive Electronics OSEK/VDX Communication Version 3.0.1 January 29, 2003 This document is an official release and replaces all previously distributed
More informationAutomatic Reconstruction of the Underlying Interaction Design of Web Applications
Automatic Reconstruction of the Underlying Interaction Design of Web Applications L.Paganelli, F.Paternò C.N.R., Pisa Via G.Moruzzi 1 {laila.paganelli, fabio.paterno}@cnuce.cnr.it ABSTRACT In this paper
More informationAndroid. Operating System and Architecture. Android. Screens. Main features
Android Android Operating System and Architecture Operating System and development system from Google and Open Handset Alliance since 2008 At the lower level is based on the Linux kernel and in a higher
More informationIntroduction to Android
Introduction to Android Ambient intelligence Teodoro Montanaro Politecnico di Torino, 2016/2017 Disclaimer This is only a fast introduction: It is not complete (only scrapes the surface) Only superficial
More informationSoftware Architecture
Software Architecture Does software architecture global design?, architect designer? Overview What is it, why bother? Architecture Design Viewpoints and view models Architectural styles Architecture asssessment
More informationCSE 501 Midterm Exam: Sketch of Some Plausible Solutions Winter 1997
1) [10 pts] On homework 1, I asked about dead assignment elimination and gave the following sample solution: 8. Give an algorithm for dead assignment elimination that exploits def/use chains to work faster
More informationCHAPTER 44. Java Stored Procedures
CHAPTER 44 Java Stored Procedures 752 Oracle Database 12c: The Complete Reference You can write stored procedures, triggers, object type methods, and functions that call Java classes. In this chapter,
More information