Mobile applications (apps for short) often need to display images. However, inefficient image displaying (IID) issues are pervasive in mobile apps, and can severely impact app performance and user experience. This paper first establishes a descriptive framework for the image displaying procedures of IID issues. Based on the descriptive framework, we conduct an empirical study of 216 real-world IID issues collected from 243 popular open-source Android apps to validate the presence and severity of IID issues, and then shed light on these issues’ characteristics to support research on effective issue detection. With the findings of this study, we propose a static IID issue detection tool TAPIR and evaluate it with 243 real-world Android apps. Encouragingly, 49 and 64 previously-unknown IID issues in two different versions of 16 apps reported by TAPIR are manually confirmed as true positives, respectively, and 16 previously-unknown IID issues reported by TAPIR have been confirmed by developers and 13 have been fixed. Then, we further evaluate the performance impact of these detected IID issues and the performance improvement if they are fixed. The results demonstrate that the IID issues detected by TAPIR indeed cause significant performance degradation, which further show the effectiveness and efficiency of TAPIR.
- Article type
- Year
- Co-author
Repackaging brings serious threats to Android ecosystem. Software birthmark techniques are typically applied to detect repackaged apps. Birthmarks based on apps' runtime graphical user interfaces (GUI) are effective, especially for obfuscated or encrypted apps. However, existing studies are time-consuming and not suitable for handling apps in large scale. In this paper, we propose an effective yet efficient dynamic GUI birthmark for Android apps. Briefly, we run an app with automatically generated GUI events and dump its layout after each event. We divide each dumped layout into a grid, count in each grid cell the vertices of boundary rectangles corresponding to widgets within the layout, and generate a feature vector to encode the layout. Similar layouts are merged at runtime, and finally we obtain a graph as the birthmark of the app. Given a pair of apps to be compared, we build a weighted bipartite graph from their birthmarks and apply a modified version of the maximum-weight-bipartite-matching algorithm to determine whether they form a repackaging pair (RP) or not. We implement the proposed technique in a prototype, GridDroid, and apply it to detect RPs in three datasets involving 527 apks. GridDroid reports only six false negatives and seven false positives, and it takes GridDroid merely 20 microseconds on average to compare a pair of birthmarks.
Context-aware systems (a.k.a. CASs) integrate cyber and physical space to provide adaptive functionalities in response to changes in context. Building context-aware systems is challenging due to the uncertain running environment. Therefore, many input validation approaches have been proposed to protect context-aware systems from uncertainty and keep them executing safely. However, in contrast to context-aware systems' prevailing in physical environments, most of those academic solutions (83%) are purely evaluated in simulated environments. In this article, we study whether this evaluation setting could lead to biased conclusions. We build a testing platform, RM-Testing, based on DJI RoboMaster robot car, to conduct the physical-environment based experiments. We select three up-to-date input validation approaches, and compare their performance in the simulated environment and in the physical environment. The experimental results show that all three approaches' performance in simulated environments (improving task success rate by 82% compared with the system without the support of input validation) does differ from their performance in a physical environment (improving the task success rate by 50%). We also recognize three factors (scenario setting, physical platform and environmental model) that affect the performance of input validation approaches, based on an execution model of the context-aware system.