Abstract
In this paper we formalize the semantics of the Android multitasking mechanism and develop efficient static analysis methods with automated tool supports. For the formalization, we propose an extension of the existing Android Stack Machine model to capture all the core elements of the mechanism, in particular, the intent flags used in inter-component communication. For the static analysis, we consider the configuration reachability and stack boundedness problem, designing new algorithms and developing a prototype tool TaskDroid to fully support automated model construction and analysis of Android apps. The experimental results show that TaskDroid is effective and efficient in analyzing Android apps in practice.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
- 3.
For instance, https://stackoverflow.com/questions/3219726/.
- 4.
In this paper, activities as viewed as atomic objects, and thus sub-components (e.g., fragments, https://developer.android.com/guide/components/fragments) contained in activities are simply ignored.
- 5.
- 6.
The name is inherited from the Android system.
- 7.
It is a confirmed bug of the multitasking mechanism affecting Android 4.4, 7.0 and 7.1.1; see https://issuetracker.google.com/issues/36986021 for the discussions.
- 8.
- 9.
The experiments need considerable manual work and are very time-consuming, we choose to conduct experiments on the F-Droid apps only as they are relatively small in size. We plan to carry out more extensive experiments in the near future.
- 10.
- 11.
- 12.
References
Android documentation. https://developer.android.com/guide/components/activities/tasks-and-back-stack.html
Azim, T., Neamtiu, I.: Targeted and depth-first exploration for systematic testing of android apps. In: OOPSLA, pp. 641–660 (2013)
Bianchi, A., Corbetta, J., Invernizzi, L., Fratantonio, Y., Kruegel, C., Vigna, G.: What the app is that? deception and countermeasures in the android user interface. In: SP 2015, pp. 931–948 (2015)
Cavada, R., et al.: The nuXmv symbolic model checker. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 334–342. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08867-9_22
Chen, T., He, J., Song, F., Wang, G., Wu, Z., Yan, J.: Android stack machine. In: Chockler, H., Weissenbacher, G. (eds.) CAV 2018. LNCS, vol. 10982, pp. 487–504. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96142-2_29
He, J., Chen, T., Wang, P., Wu, Z., Yan, J.: Android multitasking mechanism: Formal semantics and static analysis of apps (Full version) (2019). https://github.com/LoringHe/TaskDroid
Lee, S., Hwang, S., Ryu, S.: All about activity injection: threats, semantics, and detection. In: ASE 2017, pp. 252–262 (2017)
Lee, S., Hwang, S., Ryu, S.: Operational semantics for the android activity activation mechanism. Technical report (2017)
Li, L., et al.: Static analysis of android apps: a systematic literature review. Inform. Softw. Technol. 88, 67–95 (2017)
Liu, J., Wu, D., Xue, J.: TDroid: exposing app switching attacks in android with control flow specialization. In: ASE 2018, pp. 236–247 (2018)
Octeau, D., et al.: Combining static analysis with probabilistic models to enable market-scale android inter-component analysis. In: POPL 2016, pp. 469–484 (2016)
Octeau, D., Luchaup, D., Jha, S., McDaniel, P.D.: Composite constant propagation and its application to android program analysis. IEEE Trans. Software Eng. 42(11), 999–1014 (2016)
Ren, C., Zhang, Y., Xue, H., Wei, T., Liu, P.: Towards discovering and understanding task hijacking in android. In: USENIX Security, pp. 945–959 (2015)
Vallée-Rai, R., Co, P., Gagnon, E., Hendren, L.J., Lam, P., Sundaresan, V.: Soot – a Java bytecode optimization framework. In: Proceedings of the 1999 conference of the Centre for Advanced Studies on Collaborative Research (1999)
Xiao, Y., Bai, G., Mao, J., Liang, Z., Cheng, W.: Privilege leakage and information stealing through the android task mechanism. In: PAC 2017, pp. 152–163 (2017)
Yan, J., Wu, T., Yan, J., Zhang, J.: Widget-sensitive and back-stack-aware GUI exploration for testing android apps. In: QRS 2017, pp. 42–53 (2017)
Yang, S., Zhang, H., Wu, H., Wang, Y., Yan, D., Rountev, A.: Static window transition graphs for android. In: ASE 2015, pp. 658–668 (2015)
Zhang, Y., Sui, Y., Xue, J.: Launch-mode-aware context-sensitive activity transition analysis. In: ICSE 2018, pp. 598–608 (2018)
Zhao, J., Albarghouthi, A., Rastogi, V., Jha, S., Octeau, D.: Neural-augmented static analysis of android communication. In: FSE 2018, pp. 342–353 (2018)
Acknowledgements
This work is partially supported by the NSFC grants (No. 61672505, 61872340, 61572478), Key Research Program of Frontier Sciences, Chinese Academy of Sciences (No. QYZDJ-SSW-JSC036), Guangdong Science and Technology Department grant (No. 2018B010107004), the Open Project of Shanghai Key Laboratory of Trustworthy Computing (No. 07dz22304201601), and the INRIA-CAS joint research project VIP. Taolue Chen is also partially supported by Birkbeck BEI School Project (ARTEFACT) and an oversea grant from the State Key Laboratory of Novel Software Technology, Nanjing University (KFKT2018A16).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
He, J., Chen, T., Wang, P., Wu, Z., Yan, J. (2019). Android Multitasking Mechanism: Formal Semantics and Static Analysis of Apps. In: Lin, A. (eds) Programming Languages and Systems. APLAS 2019. Lecture Notes in Computer Science(), vol 11893. Springer, Cham. https://doi.org/10.1007/978-3-030-34175-6_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-34175-6_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34174-9
Online ISBN: 978-3-030-34175-6
eBook Packages: Computer ScienceComputer Science (R0)