Static Control-Flow Analysis of User-Driven Callbacks in Android Applications

• Published in: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering Vol. 1; pp. 89 - 99
• Main Authors: Shengqian Yang, Dacong Yan, Haowei Wu, Yan Wang, Rountev, Atanas
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.05.2015
• Subjects: Algorithm design and analysis; Analytical models; Androids; Context; Graphical user interfaces; Humanoid robots; Smart phones
• ISSN: 0270-5257; 1558-1225
• DOI: 10.1109/ICSE.2015.31

Android software presents many challenges for static program analysis. In this work we focus on the fundamental problem of static control-flow analysis. Traditional analyses cannot be directly applied to Android because the applications are framework-based and event-driven. We consider user-event-driven components and the related sequences of callbacks from the Android framework to the application code, both for lifecycle callbacks and for event handler callbacks. We propose a program representation that captures such callback sequences. This representation is built using context-sensitive static analysis of callback methods. The analysis performs graph reachability by traversing context-compatible interprocedural control-flow paths and identifying statements that may trigger callbacks, as well as paths that avoid such statements. We also develop a client analysis that builds a static model of the application's GUI. Experimental evaluation shows that this context-sensitive approach leads to substantial precision improvements, while having practical cost.