Detecting Potential User-data Save & Export Losses due to Android App Termination

Sydur Rahaman, Umar Farooq, Iulian Neamtiu, Zhijia Zhao

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

A common feature in Android apps is saving, or exporting, user's work (e.g., a drawing) as well as data (e.g., a spreadsheet) onto local storage, as a file. Due to the volatile nature of the OS and the mobile environment in general, the system can terminate apps without notice, which prevents the execution of file write operations; consequently, user data that was supposed to be saved/exported is instead lost. Testing apps for such potential losses raises several challenges: how to identify data originating from user input or resulting from user action (then check whether it is saved), and how to reproduce a potential error by terminating the app at the exact moment when unsaved changes are pending. We address these challenges via an approach that finds potential 'lost writes', i.e., user data supposed to be written to a file, but the file write does not take place due to system-initiated termination. Our approach consists of two phases: a static analysis that finds potential losses and a dynamic loss verification phase where we compare lossy and lossless system-level file write traces to confirm errors. We ran our analysis on 2,182 apps from Google Play and 38 apps from F-Droid. Our approach found 163 apps where termination caused losses, including losing user's app-specific data, notes, photos, user's work and settings. In contrast, two state-of-the-art tools aimed at finding volatility errors in Android apps failed to discover the issues we found.

Original languageEnglish (US)
Title of host publicationProceedings - 2023 IEEE/ACM International Conference on Automation of Software Test, AST 2023
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages152-162
Number of pages11
ISBN (Electronic)9798350324020
DOIs
StatePublished - 2023
Event4th IEEE/ACM International Conference on Automation of Software Test, AST 2023 - Melbourne, Australia
Duration: May 15 2023May 16 2023

Publication series

NameProceedings - 2023 IEEE/ACM International Conference on Automation of Software Test, AST 2023

Conference

Conference4th IEEE/ACM International Conference on Automation of Software Test, AST 2023
Country/TerritoryAustralia
CityMelbourne
Period5/15/235/16/23

All Science Journal Classification (ASJC) codes

  • Artificial Intelligence
  • Computer Vision and Pattern Recognition
  • Software
  • Safety, Risk, Reliability and Quality
  • Control and Optimization

Keywords

  • Android
  • Dynamic Analysis
  • Mobile Apps
  • Persistence
  • Static Analysis

Fingerprint

Dive into the research topics of 'Detecting Potential User-data Save & Export Losses due to Android App Termination'. Together they form a unique fingerprint.

Cite this