Static analysis for quality mobile applications

Similar documents
Open Source Used In Cisco Configuration Professional for Catalyst 1.0

Open Source Used In TSP

HALCoGen TMS570LS31x Help: example_sci_uart_9600.c

ColdFusion Builder 3.2 Third Party Software Notices and/or Additional Terms and Conditions

Ecma International Policy on Submission, Inclusion and Licensing of Software

Intel Stress Bitstreams and Encoder (Intel SBE) 2017 AVS2 Release Notes (Version 2.3)

Ecma International Policy on Submission, Inclusion and Licensing of Software

MagicInfo Express Content Creator

US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

IETF TRUST. Legal Provisions Relating to IETF Documents. February 12, Effective Date: February 15, 2009

IETF TRUST. Legal Provisions Relating to IETF Documents. Approved November 6, Effective Date: November 10, 2008

pyserial-asyncio Documentation

HYDROOBJECTS VERSION 1.1

License, Rules, and Application Form

Table of Contents Overview...2 Selecting Post-Processing: ColorMap...3 Overview of Options Copyright, license, warranty/disclaimer...

ProgressBar Abstract

About This Guide. and with the Cisco Nexus 1010 Virtual Services Appliance: N1K-C1010

Preface. Audience. Cisco IOS Software Documentation. Organization

Definiens. Image Miner bit and 64-bit Editions. Release Notes

ANZ TRANSACTIVE MOBILE for ipad

User Manual. Date Aug 30, Enertrax DAS Download Client

AccuTerm 7 Internet Edition Connection Designer Help. Copyright Schellenbach & Assoc., Inc.

MUMPS IO Documentation

NemHandel Referenceklient 2.3.1

Copyright PFU LIMITED 2016

PRODUCT SPECIFIC LICENSE TERMS Sybase Enterprise Portal Version 5 Application Edition ( Program )

NemHandel Referenceklient 2.3.0

System Log NextAge Consulting Pete Halsted


Documentation Roadmap for Cisco Prime LAN Management Solution 4.2

SW MAPS TEMPLATE BUILDER. User s Manual

Open Source and Standards: A Proposal for Collaboration

Bar Code Discovery. Administrator's Guide

HYDRODESKTOP VERSION 1.4 QUICK START GUIDE

Definiens. Image Miner bit and 64-bit Edition. Release Notes

HYDRODESKTOP VERSION 1.1 BETA QUICK START GUIDE

FLAME BOSS 200V2 & 300 MANUAL. Version 2.6 Download latest at FlameBoss.com/manuals

User Guide. Calibrated Software, Inc.

FLAMEBOSS 300 MANUAL

QuarkXPress Server Manager 8.0 ReadMe

Copyright PFU LIMITED

SkyPilot OS Installation: Fedora Core 5

Grouper UI csrf xsrf prevention

The Cron service allows you to register STAF commands that will be executed at a specified time interval(s).

DAP Controller FCO

PyWin32ctypes Documentation

This file includes important notes on this product and also the additional information not included in the manuals.

PRODUCT SPECIFIC LICENSE TERMS Sybase Enterprise Portal Version 5 Enterprise Edition ( Program )

TheGreenBow VPN Client ios User Guide

TWAIN driver User s Guide

DAP Controller FCO

Pulse Check User Guide and Technical Guide. Quick Start Framework. Version Name: Winter 16 Version Number: 1.5 Date:

Conettix Universal Dual Path Communicator B465

Migration Tool. Migration Tool (Beta) Technical Note

Spout to NDI. Convert between Spout and Newtek NDI sources. Using the Newtek NDI SDK. Version 2.

Package fst. December 18, 2017

DHIS 2 Android User Manual 2.22

Data Deduplication Metadata Extension

Open Source Used In c1101 and c1109 Cisco IOS XE Fuji

Trimble. ecognition. Release Notes

SAM4 Reset Controller (RSTC)

openresty / array-var-nginx-module

This file includes important notes on this product and also the additional information not included in the manuals.

Fujitsu ScandAll PRO V2.1.5 README

CSCE Inspection Activity Name(s):

Adobe Connect. Adobe Connect. Deployment Guide

calio / form-input-nginx-module

Anybus Wireless Bridge Ethernet Bluetooth Access Point Product Guide

Definiens. Tissue Studio Release Notes

APPLICATION NOTE. Atmel AT03261: SAM D20 System Interrupt Driver (SYSTEM INTERRUPT) SAM D20 System Interrupt Driver (SYSTEM INTERRUPT)

Introduction. The Win32 OpenSSL Installation Group hopes that you enjoy this software and get many years of use out of it!

Flask-Sitemap Documentation

Bosch Smart Home. Plug Instruction Manual

Enterprise Payment Solutions. Scanner Installation April EPS Scanner Installation: Quick Start for Remote Deposit Complete TM

Hyperscaler Storage. September 12, 2016

SMS2CMDB Project Summary v1.6

Internet Connection Guide

iphone/ipad Connection Manual

CA File Master Plus. Release Notes. Version

User Manual for Video Codec

Denkh XML Reporter. Web Based Report Generation Software. Written By Scott Auge Amduus Information Works, Inc.

RPly Documentation. Release Alex Gaynor

Dictation Blue Manual

PageScope Box Operator Ver. 3.2 User s Guide

Panasonic Audio Player 2 User Guide

HIS document 2 Loading Observations Data with the ODDataLoader (version 1.0)

iwrite technical manual iwrite authors and contributors Revision: 0.00 (Draft/WIP)

AT11512: SAM L Brown Out Detector (BOD) Driver. Introduction. SMART ARM-based Microcontrollers APPLICATION NOTE

Technics Audio Player User Guide

VMware vcenter Log Insight Manager. Deployment Guide

Primavera. Contract Manager Installation Guide

NEC Display Solutions MultiProfiler for Linux x64 Versions Installation Guide

Supported and Interoperable Devices and Softwares for the Cisco Secure Access Control System 5.2

Splunk. Splunk. Deployment Guide

cs50.c /**************************************************************************** * CS50 Library 6 *

Programming Style & Firmware Standards

Distinction Import Module User Guide. DISTINCTION.CO.UK

Scott Auge

Explaining & Accessing the SPDX License List

SkyPilot EMS Installation

Transcription:

Static analysis for quality mobile applications Julia Perdigueiro MOTODEV Studio for Android Project Manager Instituto de Pesquisas Eldorado Eric Cloninger Product Line Manager Motorola Mobility Life. Powered.

Agenda Motivation & Requirements MOTODEV App Validator Static Analysis for Android The SDK: Creating Your Own Validations Wrapping Up

Motivation & Requirements

In the beginning Internal teams from Motorola were requesting a pre-flighting tool so application quality could be increased There should be a way of checking whether applications might be compatible with Motorola devices

Scenario There were no tools available specific to Android back then Conversations started in May 2010 The team that developed MOTODEV Studio for Android had the knowledge to work on this new tool

We wanted the new tool to A standalone, command line environment Consistent output mechanism Possible to have IDEs like Eclipse or MOTODEV Studio parse and utilize messages effectively Possible to add device specifications without the necessity of rebuilding the entire application Possible to integrate with application build processes (IDE or command line)

and also Indicate how serious a problem is Provide as much information as possible to help the user understand how (or if) they should fix a problem Be able to find and install updates Suitable for both APKs and ADT Projects contents Available for Windows, Mac and Linux

Choices, choices vs.

What kind of tool to develop? Eclipse-based products structure was already well known by the development team We were open to analyzing the advantages of using other structures/technologies Cons of a pure Java tool were too significant No free support to update mechanism (p2-like) Impossible to use Eclipse plug-ins for support (Java/XML processing, etc.)

And the winner was...

MOTODEV App Validator

Today Provides developers with over 30 tests to increase application quality and stability. Addresses issues such as: Invalid entries in the Android manifest Missing strings, image files, and layouts Too few or too many permissions declared in the manifest Conditions that cause apps to be filtered by the Android Market

Today Checks for compatibility issues by comparing app settings against specifications for every Motorola device Specifications for non-motorola devices could also be added easily Available as: Command-line tool, Eclipse plug-ins and on the Web Runs on Windows, Mac and Linux

The architecture Eclipse-based Different front-ends provide different ways of use It s alive! A work in progress Not only for providing new validations, but also for improving the structure and provided features

App Validator architecture

Workflows All front-ends have similar workflows Command line is the most complex one User input parsing and validation Even with differences, the plug-in structure allows the same workflow to take place at some point

App Validator workflow

App Validator workflow

Static Analysis for Android

Why not plain Java static analysis? Specific types of classes Activity, Broadcast Receiver, Content Provider, Service Permissions Android Manifest file details Resources problems Layout, Locale, etc. Compatibility across different devices Today: smartphones, tablets Soon: TV, GPS Upcoming: refrigerators, cars who knows? :)

Validation example Asking for more permissions than necessary Can prevent your application from being shown in the application store for some devices Be sure of the permissions you ask for! Permissions may imply Features Requiring Features imply that the devices have the necessary support (software and hardware)

Permissions in action

Validation example

Validation example

Validation example The tool looks into the Java code for API calls and makes best guesses Extra permissions Missing permissions Permissions validation is a good example of how particular static analysis for Android is Models for Java and different XML files have to be processed and created to make validations available Uses JDT for building models for Java code

The SDK: Creating Your Own Validations

Sooo simple... As we re on top of Eclipse... Let s use extension points! Checkers Conditions Outputters (already included: CSV, XML, plain text) Many basic classes already implemented within the framework Concentrate on implementing only the necessary code: the validation itself Reference implementation available in the distributed package

Why so simple? We re dealing with mobile developers, i.e., Android developers They may not be familiar with the Eclipse reality They hold the knowledge (and the necessity) for Android application validation Make it as painless as possible The development of validation code is not their main goal

SDK Structure

The SDK: Creating Your Own Validations (Quick Demo)

Wrapping Up

Areas of Improvement Improve command-line tool startup speed OSGI usage, loading time, drop unnecessary bundles, etc. Usability improvements Specially on how the output is shown Grouping Having a separate view on the IDE Graphical results options Improvements on parsing information from Android resources and Java code And last but not least new validations!

Where do we get our ideas from? Our own development team Other Motorola teams Discussion Boards, Stack Overflow the MOTODEV Community Studying new features made available by each of the Android releases Try not to overlap with other similar tools We want to add value, not replicate effort :)

Thank you Q&A Get App Validator here: moto.ly/mds Validate your apps on the Web: moto.ly/webvalidator Take the MOTODEV survey & get an extra chance to win! Just stop by our booth today :)

Give Feedback on the Sessions 1 2 Sign In: www.eclipsecon.org Select Session Evaluate 3 Vote

Legal LICENSE NOTICES Except where noted, sample source code written by Motorola Mobility Inc. and provided to you is licensed as described below. Copyright 2010-2012, Motorola, Inc. All rights reserved except as otherwise explicitly indicated. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of the Motorola, Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Other source code displayed in this presentation may be offered under other licenses. Apache 2.0 Copyright 2010, Android Open Source Project. All rights reserved unless otherwise explicitly indicated. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/license-2.0. Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Creative Commons 3.0 Attribution License Portions of this presentation are reproduced from work created and shared by Google (http://code.google.com/policies.html) and used according to terms described in the Creative Commons 3.0 Attribution License (http://creativecommons.org/licenses/by/3.0/).

developer.motorola.com/enterprise

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback