TY - GEN
T1 - Detecting Potential User-data Save & Export Losses due to Android App Termination
AU - Rahaman, Sydur
AU - Farooq, Umar
AU - Neamtiu, Iulian
AU - Zhao, Zhijia
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - A common feature in Android apps is saving, or exporting, user's work (e.g., a drawing) as well as data (e.g., a spreadsheet) onto local storage, as a file. Due to the volatile nature of the OS and the mobile environment in general, the system can terminate apps without notice, which prevents the execution of file write operations; consequently, user data that was supposed to be saved/exported is instead lost. Testing apps for such potential losses raises several challenges: how to identify data originating from user input or resulting from user action (then check whether it is saved), and how to reproduce a potential error by terminating the app at the exact moment when unsaved changes are pending. We address these challenges via an approach that finds potential 'lost writes', i.e., user data supposed to be written to a file, but the file write does not take place due to system-initiated termination. Our approach consists of two phases: a static analysis that finds potential losses and a dynamic loss verification phase where we compare lossy and lossless system-level file write traces to confirm errors. We ran our analysis on 2,182 apps from Google Play and 38 apps from F-Droid. Our approach found 163 apps where termination caused losses, including losing user's app-specific data, notes, photos, user's work and settings. In contrast, two state-of-the-art tools aimed at finding volatility errors in Android apps failed to discover the issues we found.
AB - A common feature in Android apps is saving, or exporting, user's work (e.g., a drawing) as well as data (e.g., a spreadsheet) onto local storage, as a file. Due to the volatile nature of the OS and the mobile environment in general, the system can terminate apps without notice, which prevents the execution of file write operations; consequently, user data that was supposed to be saved/exported is instead lost. Testing apps for such potential losses raises several challenges: how to identify data originating from user input or resulting from user action (then check whether it is saved), and how to reproduce a potential error by terminating the app at the exact moment when unsaved changes are pending. We address these challenges via an approach that finds potential 'lost writes', i.e., user data supposed to be written to a file, but the file write does not take place due to system-initiated termination. Our approach consists of two phases: a static analysis that finds potential losses and a dynamic loss verification phase where we compare lossy and lossless system-level file write traces to confirm errors. We ran our analysis on 2,182 apps from Google Play and 38 apps from F-Droid. Our approach found 163 apps where termination caused losses, including losing user's app-specific data, notes, photos, user's work and settings. In contrast, two state-of-the-art tools aimed at finding volatility errors in Android apps failed to discover the issues we found.
KW - Android
KW - Dynamic Analysis
KW - Mobile Apps
KW - Persistence
KW - Static Analysis
UR - http://www.scopus.com/inward/record.url?scp=85165966671&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85165966671&partnerID=8YFLogxK
U2 - 10.1109/AST58925.2023.00019
DO - 10.1109/AST58925.2023.00019
M3 - Conference contribution
AN - SCOPUS:85165966671
T3 - Proceedings - 2023 IEEE/ACM International Conference on Automation of Software Test, AST 2023
SP - 152
EP - 162
BT - Proceedings - 2023 IEEE/ACM International Conference on Automation of Software Test, AST 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 4th IEEE/ACM International Conference on Automation of Software Test, AST 2023
Y2 - 15 May 2023 through 16 May 2023
ER -