Research on Mobile App Analysis and Testing

Background

Mobile apps are typical GUI-centered and event-driven software. They are now ubiquitous and serving the needs of our daily life in many different aspects. However, due to the complex end-user environments (e.g., different OSes, vendor devices and third-party libraries), ensuring app reliability and correctness has thus become a longstanding challenge in both academia and industry (see literature). Our research aims to tackle this challenge by developing novel, effective and practical approaches and techniques to improve app quality, reliability and usability.

Techniques, Tools and Dataset

To this end, we have devoted much research effort over the recent years and developed several effective app analysis and testing techniques, including:
  • Stoat, a fully automated GUI fuzzing technique for finding crashing bugs;
  • Genie, SetDroid and Odin, fully automated GUI fuzzing techniques for finding non-crashing, logic bugs;
  • SetChecker, a static analysis tool for finding system setting related bugs;
  • Themis, the first ground-truth benchmark for evaluating/analyzing automated GUI fuzzing tools;
  • DroidDefects/CrashAnalysis: the dataset of framework-specific exception bugs of Android apps.

  • Research Impact

    In addition to successfully finding many bugs in open-source apps, our techniques have found and reported 100+ bugs in several highly-popular industrial apps with billions of monthly-active users, many of which have been already fixed by the app vendors. For example:

    TikTok (Douyin): 78 (confirmed) / 32 (fixed)
    WeChat: 11 (confirmed) / 11 (fixed)
    CapCut: 4 (confirmed) / 4 (fixed)
    QQmail: 2 (confirmed) / 2 (fixed)
    Google+: 2 (confirmed) / 2 (fixed)
    AlipayHK: 2 (confirmed) / 2 (fixed)
    Gmail: 1 (confirmed) / 1 (fixed)

    Up to now:
    - Stoat has become a representative model-based testing approach for Android (cited by 225+), and used/compared/extended by many work);
    - SetDroid has been intergated into FastBot (ByteDance's official app testing infrastructure) for daily testing;
    - Themis has helped optimize/enhance FastBot with several new GUI fuzzing & mutation strategies.

    If you have some questions or want to know more, feel free to contact us (Ting Su).

    Selected Publications

  • Fastbot2: Reusable Automated Model-based GUI Testing for Android Enhanced by Reinforcement Learning
    Zhengwei Lv, Chao Peng, Zhao Zhang, Ting Su, Kai Liu, Ping Yang
    37th IEEE/ACM International Conference on Automated Software Engineering
    ASE 2022 (industry track), pdf.

  • Detecting Non-crashing Functional Bugs in Android Apps via Deep-State Differential Analysis
    Jue Wang, Yanyan Jiang, Ting Su, Shaohua Li, Chang Xu, Jian Lu, Zhendong Su
    ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering
    ESEC/FSE 2022, pdf.

  • Fully Automated Functional Fuzzing of Android Apps for Detecting Non-Crashing Logic Bugs
    Ting Su, Yichen Yan, Jue Wang, Jingling Sun, Yiheng Xiong, Geguang Pu, Ke Wang, Zhendong Su
    ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications
    SPLASH/OOPSLA 2021, pdf, talk video, Genie.

  • Benchmarking Automated GUI Testing for Android against Real-World Bugs
    Ting Su, Jue Wang, Zhendong Su
    29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering
    ESEC/FSE 2021, pdf, talk video, Themis.

  • Understanding and Finding System Setting-Related Defects in Android Apps
    Jingling Sun, Ting Su, Junxin Li, Zhen Dong, Geguang Pu, Tao Xie, Zhendong Su
    30th ACM SIGSOFT International Symposium on Software Testing and Analysis
    ISSTA 2021, pdf, SetDroid.

  • Why My App Crashes? Understanding and Benchmarking Framework-specific Exceptions of Android apps
    Ting Su, Lingling Fan, Sen Chen, Yang Liu, Lihua Xu, Geguang Pu, Zhendong Su
    IEEE Transactions on Software Engineering
    TSE 2020, pdf, DroidDefects.

  • Efficiently Manifesting Asynchronous Programming Errors in Android Apps
    Lingling Fan, Ting Su, Sen Chen, Guozhu Meng, Yang Liu, Lihua Xu, Geguang Pu
    The 33rd IEEE/ACM International Conference on Automated Software Engineering
    ASE 2018, pdf.

  • Large-Scale Analysis of Framework-Specific Exceptions in Android Apps
    Lingling Fan#, Ting Su#, Sen Chen, Guozhu Meng, Yang Liu, Lihua Xu, Geguang Pu and Zhendong Su
    The 40th International Conference on Software Engineering
    ICSE 2018, pdf, slides, CrashAnalysis.
    (#Equal Contribution)

  •     ACM SIGSOFT Distinguished Paper Award

  • Guided, Stochastic Model-Based GUI Testing of Android Apps
    Ting Su, Guozhu Meng, Yuting Chen, Ke Wu, Weiming Yang, Yao Yao, Geguang Pu, Yang Liu, Zhendong Su
    The 11th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering
    ESEC/FSE 2017, pdf, slides, Stoat.

  •    Best Research Prototype Tool Award (NASAC 2017 held by CCF)

    Other Publications

  • SetDroid: Detecting User-configurable Setting Issues of Android Apps via Metamorphic Fuzzing
    Jingling Sun
    The 43th International Conference on Software Engineering
    ICSE 2021, ACM Student Research Competition, pdf

       Second Place of ACM Student Research Competition

  • FSMdroid: Guided GUI Testing of Android Apps
    Ting Su
    The 38th International Conference on Software Engineering
    ICSE 2016, ACM Student Research Competition, pdf, Press

       Golden Medal (First Place) of ACM Student Research Competition

  • Under Review

  • Characterizing and Finding System Setting-Related Defects in Android Apps
    Jingling Sun, Ting Su, Kai Liu, Chao Peng, Zhao Zhang, Geguang Pu, Tao Xie, Zhendong Su
    IEEE Transactions on Software Engineering (under review)



  • Acknowledge: Our research has received generous funding support from Chinese NSF, Swiss NSF, Google, ByteDance, and NTUitive Gap Fund.



    last modified: 2022.6.8