IccDroid is an automated testing tool based on reinforcement learning to find ICC-related bugs in Android apps. IccDroid leverages hybrid analysis to build a more complete ICC call graph. Based on this graph, IccDroid further designs an ICC-guided exploration strategy based on Q-learning to improve the testing effectiveness in bug finding. So far, IccDroid has found 13 previously unknown ICC-related bugs, all of which have been confirmed by the app developers and five have already been fixed.
All the source code of IccDroid is also publicly available for facilitating the development of automated testing.
- Python: 3.6
- Android SDK: API 23 (make sure adb and aapt commands are available)
- Linux: Ubantu 16.04
- UiAutomator2: 2.16.3 (pip install uiautomator2== 2.16.3)
- System images: Android 7.0 x86_64 (Marshmallow)
- RAM: 2048M
- SD card: 512M
The above version of the software has been tested in our experiment and can run successfully. In addition, please start the emulator before running IccDroid (you can see this link for how to creating and using avdmanager).
Before running IccDroid, please update the configure.py as follows:
# Dataflow Server info
SERVER_HOST = "127.0.0.1"
SERVER_PORT = 9999
# Device info
DEVICE_ID = "emulator-5554"
DEVICE_SCREEN_HEIGHT = 1920
DEVICE_SCREEN_WIDTH = 1020
# Time Setting(s)
STAGE_ONE_TIME = 3600 # (Graph Enhancement Exploration time)
STAGE_TWO_TIME = 3600 # (ICC-Guided Exploration time)Other configuration information of the configure.py can be selected according to user customization or default configuration.
For applications that require permission or login, you should install apk on the emulator and grant the permissions or login the account begore testing. Then you start IccDroid by:
# enter workspace of IccDroid
cd /opt/IccDroid
# start testing
python main.py apk_pathThe output contents are placed in folder <apk_dir>/<apk_name> and contain coverage and log directory:
-
coverage -- These files in the folder are used to calculate the final code coverage. (code coverage is recorded every 2 seconds)
-
log -- The folder contains two types of files:
- crash_event_X: record the event sequence triggered the
crash X. - crash_log_X: record the exception stack log of crash
crash X.
- crash_event_X: record the event sequence triggered the
In order to better reproduce IccDroid, we provide the app’s Link, Version, Strategy and the revealed bugs.
| APK Name | Issue State | Cause | Details |
|---|---|---|---|
| AmazeFileManager | Confirmed | NullPointerException | TeamAmaze/AmazeFileManager#3311 |
| AntennaPod | Confirmed | XmlPullParserException | AntennaPod/AntennaPod#5885 |
| AlarmClock | Fixed | ActivityNotFoundException | yuriykulikov/AlarmClock#451 |
| Aadr2 | Fixed | NullPointerException | itkach/aard2-android#90 |
| AnyMemo | Confirmed | ExpatParserException | helloworld1/AnyMemo#525 |
| BookCatalogue | Confirmed | DeadObjectException | eleybourn/Book-Catalogue#877 |
| BookCatalogue | Confirmed | NullPointerException | eleybourn/Book-Catalogue#878 |
| APhotoManager | Confirmed | RuntimeException | k3b/APhotoManager#200 |
| Betterbatterystats | Confirmed | BatteryInfoUnavailableException | asksven/BetterBatteryStats#888 |
| CatimaLoyalty | Fixed | IllegalArgumentException | CatimaLoyalty/Android#881 |
| CatimaLoyalty | Fixed | ActivityNotFoundException | CatimaLoyalty/Android#880 |
| Runnerup | Confirmed | ConnectionException | jonasoreland/runnerup#1109 |
| Swiftp | Fixed | ActivityNotFoundException | ppareit/swiftp#174 |
| Simpletask | Confirmed | IllegalArgumentException | mpcjanssen/simpletask-android#1172 |