[1] "Understanding and Finding System Setting-Related Defects in Android Apps" by Jingling Sun, Ting Su, Junxin Li, Zhen Dong, Geguang Pu, Tao Xie and Zhendong Su. The 30th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2021)
@inproceedings{SetDroid,
author = {Sun, Jingling and Su, Ting and Li, Junxin and Dong, Zhen and Pu, Geguang and Xie, Tao and Su, Zhendong},
title = {Understanding and Finding System Setting-Related Defects in Android Apps},
year = {2021},
doi = {10.1145/3460319.3464806},
booktitle = {Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis},
pages = {204–215},
numpages = {12},
keywords = {Testing, Setting, Empirical study, Android},
location = {Virtual, Denmark},
series = {ISSTA 2021}
}
[2] "Characterizing and Finding System Setting-Related Defects in Android Apps" by Jingling Sun, Ting Su, Kai Liu, Chao Peng, Zhao Zhang, Geguang Pu, Tao Xie, Zhendong Su. IEEE Transactions on Software Engineering (TSE 2023)
@article{SetDroid2,
author = {Jingling Sun and
Ting Su and
Kai Liu and
Chao Peng and
Zhao Zhang and
Geguang Pu and
Tao Xie and
Zhendong Su},
title = {Characterizing and Finding System Setting-Related Defects in Android
Apps},
journal = {{IEEE} Trans. Software Eng.},
volume = {49},
number = {4},
pages = {2941--2963},
year = {2023},
doi = {10.1109/TSE.2023.3236449}
}
You can find more about our work on testing/analyzing Android apps at this website.
sudo apt-get install virtualbox-guest-additions-iso
sudo mkdir /media/temp
sudo mount /usr/share/virtualbox/VBoxGuestAdditions.iso /media/temp
/home/setdroid/Android/Sdk/emulator/emulator -avd Android8.0 -read-only -port 5554 &
/home/setdroid/Android/Sdk/emulator/emulator -avd Android8.0 -read-only -port 5556 &
cd /home/setdroid/SetDroid/Tool
python3 start.py -app_path /home/setdroid/SetDroid/App/a2dp.Vol.apk -append_device emulator-5554 -append_device emulator-5556 -android_system emulator8 -append_strategy display_immediate_1 -testcase_count 1 -choice 0 -event_num 50
-app_path
. The number of runs can be modified by the configuration parameter -testcase_count
. The number of events contained in each test can be modified by the configuration parameter -event_num
. Setting change strategy can be changed through the configuration parameter -append_strategy
. You can also add more strategies to make them be executed in sequence.Ctrl-C
at any time):
python3 start.py -app_path /home/setdroid/SetDroid/App/com.amaze.filemanager.apk -append_device emulator-5554 -append_device emulator-5556 -android_system emulator8 -append_strategy permssion_lazy_1 -append_strategy language -testcase_count 10 -event_num 100
pip3 install langid
You can create an emulator before running SetDroid. See this link for how to create avd using avdmanager. The following sample command will help you create an emulator, which will help you to start using SetDroid quickly:
sdkmanager "system-images;android-26;google_apis;x86"
avdmanager create avd --force --name Android8.0 --package 'system-images;android-26;google_apis;x86' --abi google_apis/x86 --sdcard 512M --device "pixel_xl"
Next, you can start two identical emulators and assign their port numbers with the following commands:
emulator -avd Android8.0 -read-only -port 5554
emulator -avd Android8.0 -read-only -port 5556
If you have downloaded our project and configured the environment, you only need to enter download_path/tool
to execute our sample app with the following command:
python3 start.py -app_path /home/setdroid/SetDroid/App/a2dp.Vol.apk -append_device emulator-5554 -append_device emulator-5556 -android_system emulator8 -append_strategy display_immediate_1 -testcase_count 1
SetDroid provides several ways to test android apps by command lines. You need to view configuration help through the following commands and change them.
python3 start.py --help
-pro_click
The proportion of click events, which is 45% by default.-pro_longclick
The proportion of long-press events, which is 25% by default.-pro_scroll
The proportion of scroll events, which is 5% by default.-pro_home
The proportion of click home button events, which is 0% by default.-pro_edit
The proportion of edit events, which is 15% by default.-pro_naturalscreen
The proportion of rotating to natural events, which is 1% by default.-pro_leftscreen
The proportion of rotating to left events, which is 8% by default.-pro_back
The proportion of click back button events, which is 1% by default.-pro_splitscreen
The proportion of split-screen events, which is 0% by default.-app_path
the APK address of the app you want to test.-append_device
The serial numbers of devices used in the test, which can be obtained by executing "adb devices" in the terminal.-android_system
The Android system of the test device, At present, only Android 8.0 system is supported.-root_path
The storage path of the output file.-resource_path
The path of the resource file that you want to import into the test devices in advance.-testcase_count
The number of rounds that you want to test for each strategy.-event_num
The number of events in per round of test.-setting_random_denominator
Used to adjust the frequency of setting change event insertion.-append_strategy
The strategies that you want to use (multiple test strategies can be executed in sequence), currently, the supported strategies are as follows, corresponding to the 14 strategies listed in Table 5 of the paper.Strategy name | Setting | Oracle rule | Injection strategy | Pair of events for setting changes |
---|---|---|---|---|
network_immediate_1 | Network | I | Immediate | ⟨turn on airplane, turn off airplane⟩ |
network_lazy_1 | Network | I | Lazy | ⟨turn on airplane, turn off airplane⟩ |
network_lazy_2 | Network | I | Lazy | ⟨switch to mobile data, switch to Wi-Fi⟩ |
location_lazy_1 | Location | I | Lazy | ⟨turn off location, turn on location⟩ |
location_lazy_2 | Location | I | Lazy | ⟨switch to "device only", switch to "high accuracy"⟩ |
sound_lazy_1 | Sound | I | Lazy | ⟨turn on "do not disturb", turn off "do not disturb"⟩ |
battery_immediate_1 | Battery | I | Immediate | ⟨turn on the power saving mode, add the app into the whitelist⟩ |
battery_lazy_1 | Battery | I | Lazy | ⟨turn on the power saving mode, turn off the power saving mode⟩ |
display_immediate_1 | Display | I | Immediate | ⟨switch to landscape, switch to portrait⟩ |
display_immediate_2 | Display | I | Immediate | ⟨turn on multi-window, turn off multi-window⟩ |
permssion_lazy_1 | Permission | I | Lazy | ⟨turn off permission, turn on permission⟩ |
developer_lazy_1 | Developer | I | Lazy | ⟨turn on "Don’t keep activities", turn off "Don’t keep activities"⟩ |
language | Language | II | - | ⟨change system language, -⟩ |
time | Time | II | - | ⟨change hour format, -⟩ |
/home/setdroid/SetDroid/Root
. /home/setdroid/SetDroid/Root
. error_realtime.txt
file, a wrong_realtime.txt
file, and many numbered folders correspond to each round of test results. read_trace.txt
file, a trace.txt
file, an i_trace.html
file, and a folder named screen
. screen
folder, and you can see the screenshot of each step and the corresponding interface layout information file. This file records the sequences that trigger the setting defects, which start with Start::x::run_count::y
(x means the x-th error and Y means the error was captured during the y-th round of execution), and end with End::
This file records the sequences that trigger the suspected setting defects.
This file records the execution sequence of SetDroid, which is easy for SetDroid users to read.
This file records the execution sequence of SetDroid, which can be read and replayed by SetDroid.
This file records the sequence of screenshots after each step, which is arranged horizontally. The events executed at each step are marked on the screenshot. After opening the file in the browser, there is a drag bar at the bottom, which can drag horizontally to view the whole sequence. When the error is captured, the screenshot is marked with a red frame. When the two interfaces are different, the screen capture is marked with a yellow frame.
If someone wants to extend the artifact, they can modify it in the following position of the tool.
Add a new setting change function in injector.py, and add calls to it to change_setting_before_run
or inject_setting_during_run
as needed.
Add a new exploration class according to RandomPolicy
class in policy.py, and inherit the Policy
class
Add a new check function in check.py and call it in the corresponding position in the executor.py