Understanding and Detecting Wake Lock Misuses for Android Applications

Similar documents
Understanding and Detecting Wake Lock Misuses for Android Applications

Towards Verifying Android Apps for the Absence of No-Sleep Energy Bugs

NavyDroid: Detecting Energy Inefficiency Problems for Smartphone Applications

Lifecycle-Aware Components Live Data ViewModel Room Library

GreenDroid: Automated Diagnosis of Energy Inefficiency for Smartphone Applications

Repairing crashes in Android Apps. Shin Hwei Tan Zhen Dong Xiang Gao Abhik Roychoudhury National University of Singapore

Android Fundamentals - Part 1

States of Activities. Active Pause Stop Inactive

Minds-on: Android. Session 2

CS 370 Android Basics D R. M I C H A E L J. R E A L E F A L L

Understand applications and their components. activity service broadcast receiver content provider intent AndroidManifest.xml

EMBEDDED SYSTEMS PROGRAMMING Application Basics

ANDROID APPS DEVELOPMENT FOR MOBILE AND TABLET DEVICE (LEVEL I)

CS378 - Mobile Computing. Anatomy of an Android App and the App Lifecycle

Lecture 3 Android Internals

Understanding Application

Overview of Activities

Lifecycle Callbacks and Intents

ANDROID APPS DEVELOPMENT FOR MOBILE AND TABLET DEVICE (LEVEL I)

Static Detection of Energy Defect Patterns in Android Applications

Static Analysis for Android: GUIs, Callbacks, and Beyond

DefDroid: Towards a More Defensive Mobile OS Against Disruptive App Behavior

Android Basics. Android UI Architecture. Android UI 1

ACTIVITY, FRAGMENT, NAVIGATION. Roberto Beraldi

Static Analysis for Android: GUIs, Callbacks, and Beyond

CS 4518 Mobile and Ubiquitous Computing Lecture 4: Data-Driven Views, Android Components & Android Activity Lifecycle Emmanuel Agu

Activities and Fragments

CMSC436: Fall 2013 Week 3 Lab

Summarizing Control Flow of Callbacks for Android API Methods

Taming Android Fragmentation: Characterizing and Detecting Compatibility Issues for Android Apps Lili Wei Yepang Liu S.C. Cheung

Android Ecosystem and. Revised v4presenter. What s New

Activities. Repo:

Produced by. Mobile Application Development. David Drohan Department of Computing & Mathematics Waterford Institute of Technology

CS 528 Mobile and Ubiquitous Computing Lecture 3b: Android Activity Lifecycle and Intents Emmanuel Agu

Automated Generation of Event-Oriented Exploits in Android Hybrid Apps

Application Fundamentals

Programming Mobile Applications with Android Lab2

Lab 1: Getting Started With Android Programming

Android Activities. Akhilesh Tyagi

Android. Mobile operating system developed by Google A complete stack. Based on the Linux kernel Open source under the Apache 2 license

L.C.Smith. Privacy-Preserving Offloading of Mobile App to the Public Cloud

Android for Ubiquitous Computing Researchers. Andrew Rice University of Cambridge 17-Sep-2011

UNDERSTANDING ACTIVITIES

CS378 -Mobile Computing. Anatomy of and Android App and the App Lifecycle

Efficiently, Effectively Detecting Mobile App Bugs with AppDoctor

Real-Time Embedded Systems

INTRODUCTION TO ANDROID

Google Maps Troubleshooting

Android Internals. Lecture 3. Operating Systems Practical. 19 October 2016

Android System Power and Performance Analyzer

University of Babylon - College of IT SW Dep. - Android Assist. Lect. Wadhah R. Baiee Activities

CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle Emmanuel Agu

Introduction to Android development

EnergyPatch: Repairing Resource Leaks to Improve Energy-efficiency of Android Apps

LECTURE NOTES OF APPLICATION ACTIVITIES

Optimizing Energy of HTTP Requests in Android Applications

SOFTWARE MAINTENANCE AND EVOLUTION --- REFACTORING FOR ASYNC --- CS563 WEEK 3 - THU

Tablets have larger displays than phones do They can support multiple UI panes / user behaviors at the same time

Android development. Outline. Android Studio. Setting up Android Studio. 1. Set up Android Studio. Tiberiu Vilcu. 2.

Android App Development. Muhammad Sharjeel COMSATS Institute of Information Technology, Lahore

MOBILE APPLICATION DEVELOPMENT LECTURE 10 SERVICES IMRAN IHSAN ASSISTANT PROFESSOR

Getting Started. Dr. Miguel A. Labrador Department of Computer Science & Engineering

Lecture 2 Android SDK

Introduction to Android

Services. Background operating component without a visual interface Running in the background indefinitely

Generating Predicate Callback Summaries for the Android Framework

Mobile Computing. Introduction to Android

Introduction to Android

AATT+: Effectively Manifesting Concurrency Bugs in Android Apps

Honours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui

COLLEGE OF ENGINEERING, NASHIK-4

EMDK for Android Workshops Prashanth Kadur

Repairing Crashes in Android Apps

ACTIVITY, FRAGMENT, NAVIGATION. Roberto Beraldi

Android Application Development

Services are software components designed specifically to perform long background operations.

Static Taint Analysis Applied to Detecting Bad Programming Practices in Android

Specifying Callback Control Flow of Mobile Apps Using Finite Automata

Another difference is that the kernel includes only the suspend to memory mechanism, and not the suspend to hard disk, which is used on PCs.

Android Power Management & Ways to reduce the Power Consumption in an Android Smartphone

Fragments were added to the Android API in Honeycomb, API 11. The primary classes related to fragments are: android.app.fragment

Characterizing Smartphone Usage Patterns from Millions of Android Users

Xin Pan. CSCI Fall

Fragments and the Maps API

Programming with Android: Android for Tablets. Dipartimento di Scienze dell Informazione Università di Bologna

COSC 3P97 Mobile Computing

Ariadnima - Android Component Flow Reconstruction and Visualization

UI Fragment.

UnCovert: Evaluating thermal covert channels on Android systems. Pascal Wild

Android Programmierung leichtgemacht. Lars Vogel

Introduction to Concurrent Software Systems. CSCI 5828: Foundations of Software Engineering Lecture 08 09/17/2015

Vienos veiklos būsena. Theory

Produced by. Mobile Application Development. David Drohan Department of Computing & Mathematics Waterford Institute of Technology

with TestComplete 12 Desktop, Web, and Mobile Testing Tutorials

Introduction to Android

Embedded Systems Programming - PA8001

Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps

Lecture 08. Android Permissions Demystified. Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner. Operating Systems Practical

Introduction to Concurrent Software Systems. CSCI 5828: Foundations of Software Engineering Lecture 12 09/29/2016

CS260 Intro to Java & Android 04.Android Intro

Transcription:

Understanding and Detecting Wake Lock Misuses for Android Applications Artifact Evaluated by FSE 2016 Yepang Liu, Chang Xu, Shing-Chi Cheung, and Valerio Terragni Code Analysis, Testing and Learning Research Group (CASTLE)

Wake Lock: Android s Power Control Mechanism To save battery power, Android devices quickly fall asleep after a short period of user inactivity Wake locks can be used to keep certain hardware (e.g., CPU, Screen) on for long-running and critical computation (e.g., uninterruptable tasks) Wake lock acquisition Wake lock releasing A R Critical computation 2

Motivation Wake locks can help provide functionalities in a reliable manner 27.2% apps on Google Play store use wake locks However, programming wake locks is non-trivial Various lock types, configuration parameters (e.g., flags) Impact on hardware status and energy consumption various lock types multiple flags: ACQUIRE_CAUSES_WAKEUP, ON_AFTER_RELEASE // flags can be combined 3

Motivation Inappropriate use of wake locks is common 61.3% of our investigated open-source apps suffered from various wake lock bugs that can cause app crash, energy waste etc. Resource errors: - Unnecessary acquisition - Leakage - Permission - Well capture wake lock misuses? - Effectively detect them? - Limitations? - Automated detection? wake lock misuses 4

Research Goals Understand the common practices of wake lock usage Uncover the common misuses of wake locks Design techniques to detect wake lock misuses 5

Empirical Study: Research Questions Critical computation: What computational tasks are often protected by wake locks? Wake lock misuses: Are there common patterns of wake lock misuses? What consequences can they cause? Note: More RQs in our paper and technical report 6

Two Datasets 1. Binaries (APK files) of 44,736 free Android apps that use wake locks Comprehensive: covering all 26 app categories, each category has thousands of apps Popularity: each app received 200K+ downloads on average Diverse sizes: ranging from a few KB to hundreds of MB, average size 7.7 MB 2. Code repositories of 31 most popular F-Droid indexed open-source Android apps that use wake locks Popularity: each app received 39+ millions of downloads on average Well-maintained: thousands of code revisions, hundreds of bug reports Large-scale: each app has 40.3K lines of code on average 7

Study Methodology (Dataset 1) Decompilation (Dex2jar) Retargeting APK files to Java bytecode Program analysis (Soot, BCEL) Statistical analysis Locating analysis entry points (event handlers) Analyzing app API usage, lock type, acquisition/releasing points Correlating API calls with wake lock uses Analyzing common lock types and acquiring/releasing points 8

Study Methodology (Dataset 2) Processing code repositories: search-assisted manual analysis Search keywords: wake, wakelock, power, powermanager Code Repos Bug reports Revision commit logs Revision code diffs 1,157 bug reports 1,558 code revisions 56 real and fixed issues Wake lock misuses 31 Android apps Keyword search Manual validation 9

Key Empirical Findings The use of wake locks are strongly correlated with the invocations to APIs that perform 13 types of computational tasks Many tasks require permissions to run and can bring users perceptible benefits Computational task Networking & communications Data management & sharing System-level operations Media & audio Sensing operations API example java.net.datagramsocket.connect() android.database.sqlite.sqlitedatabase.query() android.os.process.killprocess() android.media.audiotrack.write() android.location.locationmanager.requestlocationupdates() 10

Key Empirical Findings Studied by existing work Not studied by existing work 8 types of wake lock misuses commonly cause functional/nonfunctional issues Root cause # issues # affected apps Example Consequence Unnecessary wakeup 11 7 Tomahawk Rev. 883d210 Energy waste Wake lock leakage 10 7 MyTracks Rev. 1349 Energy waste Premature lock releasing 9 7 ConnectBot Issue 37 Crash Multiple lock acquisition 8 3 CSipSimple Issue 152 Crash Inappropriate lock type 8 3 Osmand Issue 582 Energy waste Problematic timeout setting 3 2 K9Mail Issue 170 Instability Inappropriate flags 2 2 FBReader Rev. f289863 Energy waste Permission errors 2 2 Firefox Issue 703661 Crash Total 53 18 Note: More findings in our paper and technical report 11

Unnecessary Wakeup A Wake lock acquisition R Wake lock releasing Wake lock eventually released after acquisition/use A R Critical computation Acquire too early or release too late Energy waste TomaHawk Player bug: Wake lock is not released until users left the player UI, should be released immediately after music stops playing. 12

Wake Lock Leakage A Wake lock acquisition R Wake lock releasing A Wake lock never release after use Energy waste 13

Premature Lock Releasing A Wake lock acquisition R Wake lock releasing Wake lock released before acquisition R A App crash 14

Detecting Wake Lock Misuses ELITE: A static wake lock necessity analyzer Current version detects (1) unnecessary wakeup and (2) wake lock leakage Android app Static analyzer Wake lock misuses 15

Component-Based Static Analysis ELITE analyzes app components one by one. It generates and analyzes top level method call sequences for issue detection when analyzing each component. Top level methods: (1) callback methods and (2) non-callback methods exposed for other components to invoke Execution model: top level methods (tm) are invoked by system or other components and they may invoke various other methods (om) tm1 tm2 tm3 tm4 om1 om2 om3 om4 Top level methods Other methods Execution order Call relationship 16

Challenge: Generating Valid Method Call Sequences Example 1: Component lifecycle callbacks execution follows prescribed orders ELITE encodes the ordering as temporal constraints and enforce them during method call sequence generation 1.onRestart() 2.onStart() 3.onResume() Launch activity Running 1.onCreate() 2.onStart() 3.onResume() onpause() Stopped onstop() onresume() Paused ondestroy() <<kill>> Destroyed <<kill>> 17

Challenge: Generating Valid Method Call Sequences Example 2: GUI and system event callbacks can only be invoked when the corresponding event listeners are registered ELITE infers each event listener s registering and unregistering methods (via static analysis) and enforce the proper order during sequence generation public class MyActivity extends Activity { Dynamic registration protected void onstart() { Button button = (Button) findviewbyid(r.id.button_id); button.setonclicklistener(new View.OnClickListener() { onclick() onstart() public void onclick(view v) { // Perform action on click onstart() onclick() } });}} 18

Summarizing Top Level Methods ELITE encodes potential runtime behaviors of each top level method tm by means of four sets of dataflow facts inferred via forward interprocedural dataflow analysis (performed before sequence generation) 1. ACQ: The wake lock instances that may have been acquired after executing tm 2. REL: The wake lock instances that may have been released after executing tm 3. START: The asynchronous computational tasks that may have been started after executing tm 4. STOP: The asynchronous computational tasks that may have been stopped/paused after executing tm 19

Wake Lock Necessity Analysis A top level method call sequence for the app TomaHawk: Checkpoint 1 Checkpoint 2 Checkpoint 3 oncreate() playpause() ondestroy() End ACQ = {partial lock} START = {media player} START = {media player} STOP = {media player} START = {partial lock} STOP = {media player} Checkpoint: the app may stay quiescent at such state-transitioning time point indefinitely for a long time when there are no events to handle 20

Wake Lock Necessity Analysis (A Running Example) Intuition: at each checkpoint, wake locks should be held only if the app is performing long running (asynchronous) computation Checkpoint oncreate() playpause() ondestroy() End ACQ = {partial lock} START = {media player} START = {media player} STOP = {media player} START = {partial lock} STOP = {media player} Check 1: Is it possible after executing playpause() the acquired wake lock would be released? Check 2: Is it possible after executing playpause(), all started asynchronous computational tasks would be stopped? Yes Since no useful tasks are running, why the wake lock is held? No 21

Experimental Setup Subjects: 12 versions of five large-scale and popular open-source Android apps Six versions contain real wake lock misuses and the other six versions are corresponding issue-fixing versions Techniques under comparison Relda: a resource leak detection technique for Android apps (Guo et al. ASE 13) Verifier: a verification technique for detecting no-sleep bugs (Vekris et al. HotPower 12) 22

Experimental Result Our tool App Bug type Version #Wakelock Result: #TP / #reported warnings issues ELITE Relda Verifier TomaHawk Unnecessary Buggy 1 1/1 0/1 0/2 wakeup Clean 0 0/0 0/0 0/0 Open- Unnecessary Buggy 1 1/1 0/0 0/1 GPSTracker wakeup Clean 0 0/0 0/0 0/1 MyTracks Unnecessary Buggy 2 2/2 0/1 0/2 wakeup Clean 0 0/0 0/1 0/0 FBReader Leakage Buggy 1 1/1 0/0 0/0 Clean 0 0/0 0/0 0/0 MyTracks Leakage Buggy 1 1/1 0/1 0/0 Clean 0 0/0 0/1 0/0 CallMeter Leakage Buggy 1 0/0 0/0 1/1 Clean 0 0/0 0/0 0/1 Precision 100% 0% 12.5% Recall 85.7% 0% 14.3% False alarm 23

Experimental Result Analysis Relda and Verifier: high rate of false positives/negatives Rely on pre-defined wake lock releasing points (e.g., Activity.onPause() handler) for leakage detection, oblivious to app semantics and runtime behaviors Wake lock releasing points in activities (results of analyzing 44,736 apps) Releasing point Percentage of apps onpause() 35.4% ondestroy() 15.8% onresume() 13.0% onwindowfocuschanged() 11.2% oncreate() 10.2% Other 389 callbacks 14.4% 25

Experimental Result Analysis Relda and Verifier: high rate of false positives/negatives Rely on pre-defined wake lock releasing points (e.g., Activity.onPause() handler) for leakage detection, oblivious to app semantics and runtime behaviors Do not locate all defined program callbacks and properly handle the execution order among them (ELITE systematically locates all callbacks with a fix-point iterative algorithm and infer temporal constraints to model callback execution orders) Lack of full path sensitivity in program analysis (also the reason for ELITE s false negative when analyzing CallMeter) 26

Conclusion The first large-scale empirical study of wake lock usage in practice Eight common patterns of wake lock misuses ELITE: a static analysis technique for wake lock misuse detection A preliminary evaluation shows that ELITE outperforms existing techniques Our datasets and tool are available at: http://sccpu2.cse.ust.hk/elite/ 27

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback