Analyzing Android Applications with Soot and FlowDroid
|
|
- Marilyn Powers
- 6 years ago
- Views:
Transcription
1 Analyzing Android Applications with Soot and FlowDroid Eric Bodden SECURE SOFTWARE ENGINEERING GROUP
2 Agenda Why analyzing Android apps? Brief history of Soot Inter-procedural analysis with Heros Features added by FlowDroid Improving FlowDroid s results by deobfuscating apps with Harvester 2 SECURE SOFTWARE ENGINEERING GROUP
3 Why analyzing Android Apps? SECURE SOFTWARE ENGINEERING GROUP
4 4 [ICSE 15]
5 [BlackHat Europe 15] [McAfee s Threat Report Q4 2015] 5 SECURE SOFTWARE ENGINEERING GROUP
6 Other good reasons To optimize performance To lower power consumption To map the app landscape Your own topic here 6 SECURE SOFTWARE ENGINEERING GROUP
7 The Soot framework SECURE SOFTWARE ENGINEERING GROUP
8 What is Soot? a free compiler infrastructure, written in Java (LGPL) was originally designed to analyze and transform Java bytecode original motivation was to provide a common infrastructure with which researchers could compare analyses (points-to analyses) has been extended to include decompilation, visualization, Android support, inter-procedural analysis support, etc. etc. 8
9 What is Soot? Soot has many potential applications: used as a stand-alone tool (command line or Eclipse plugin) extended to include new IRs, analyses, transformations and visualizations as the basis of building new special-purpose tools 9
10 Soot - Past and Present Started in with the development of coffi by Clark Verbrugge and some first prototypes of Jimple IR by Clark and Raja Vallée-Rai First publicly-available versions of Soot 1.x were associated with Raja s M.Sc. thesis New contributions and releases have been added by many researchers from around the world Currently maintained by my research group at Darmstadt and Paderborn 10
11 Soot - Past and Present Soot 1.x has been used by many research groups for a wide variety of applications. Has also been used in several compiler courses. Last version was Soot 2.0 and the first version of the Eclipse Plugin were released - June JIT for PLDI Soot 2.3.0: Java 5 support Soot 2.4.0: partial Reflection support Soot 2.5.0: Better points-to analyses etc. Since then: continuous nightly builds, no official releases (and none planned) 11
12 Soot & me (2003) 12
13 Soot & me (2006) 13
14 14
15 The first thing Soot does... Parse method (as source code or bytecode) and convert into control-flow graph (CFG) Nodes: Simplified statements Edges: Possible control flows between such statements 15
16 Example y=x y=x; if(p) if(p) x=y; else z=2; x=y z=2 b=y; a=z; b=y a=z 16
17 In general, CFG is an over-approximation if(isprime( )).. if(!isprime( )).. y=x y=x; if(p) if(p) x=y; if(!p) z=2; b=y; a=z; x=y z=2 if(!p) b=y depending on how complex predicate p is, cannot infer that branches are mutually exclusive a=z 17
18 Intermediate Representation: Jimple Jimple = like Java, but simple Combines the best of both worlds Local variables, like in source code no stack operations Special variables for this and parameters Only simple statements, never nested 18
19 Jimple IR void foo() { Main this; double d1, d2, temp$0; int i1; void foo() { double d1 = 3.0; double d2 = 2.0; int i1 = (int) (d1*d2); bar(this,i1); this Main; d1 = 3.0; d2 = 2.0; temp$0 = d1 * d2; i1 = (int) temp$0; virtualinvoke this.<main: void bar(main,int)>(this, i1); return; all variables explicitly declared, even this 19
20 Jimple IR void foo() { Main this; double d1, d2, temp$0; int i1; void foo() { double d1 = 3.0; double d2 = 2.0; int i1 = (int) (d1*d2); bar(this,i1); this Main; d1 = 3.0; d2 = 2.0; temp$0 = d1 * d2; i1 = (int) temp$0; virtualinvoke this.<main: void bar(main,int)>(this, i1); return; special references for this and parameters 20
21 Jimple IR void foo() { Main this; double d1, d2, temp$0; int i1; void foo() { double d1 = 3.0; double d2 = 2.0; int i1 = (int) (d1*d2); bar(this,i1); this Main; d1 = 3.0; d2 = 2.0; temp$0 = d1 * d2; i1 = (int) temp$0; virtualinvoke this.<main: void bar(main,int)>(this, i1); return; no stack operations; instead assignments 21
22 Jimple IR void foo() { Main this; double d1, d2, temp$0; int i1; void foo() { double d1 = 3.0; double d2 = 2.0; int i1 = (int) (d1*d2); bar(this,i1); this Main; d1 = 3.0; 1:n d2 = 2.0; temp$0 = d1 * d2; i1 = (int) temp$0; virtualinvoke this.<main: void bar(main,int)>(this, i1); return; complex statements broken down at most one reference on left-hand side, at most two references on right-hand side 22 => three-address code
23 Jimple IR void foo() { Main this; double d1, d2, temp$0; int i1; void foo() { double d1 = 3.0; double d2 = 2.0; int i1 = (int) (d1*d2); bar(this,i1); this Main; d1 = 3.0; d2 = 2.0; temp$0 = d1 * d2; i1 = (int) temp$0; virtualinvoke this.<main: void bar(main,int)>(this, i1); return; method calls fully resolved, 23 explicit this reference
24 Whole-program analysis The most important data structure to conduct an interprocedural whole-program analysis is a call graph. A call graph is a static abstractions of all method calls that a program may execute at runtime methods are nodes calls are edges flow-insensitive (no execution order) 24
25 A simple call graph public class Main implements Observer { public static void main(string[] args) { Main m = new Main(); Subject s = new Subject(); s.addobserver(m); s.modify(); Main.main Subject.<init> Subject.addObserver public void update(observable o, Object arg) { System.out.println(o+" notified me!"); Subject.modify static class Subject extends Observable { public void modify() { setchanged(); notifyobservers(); Observable.setChanged Main.update Observable.notifyObservers 25
26 Problem: Polymorphic calls import java.util.*; Main.makeCollection public class Main { public static void main(string[] args) { Collection c = makecollection(args[0]); c.add("soso"); static Collection makecollection(string s) { if(s.equals("list")) { return new ArrayList(); else { return new HashSet(); Main.main ArrayList.add? HashSet.add 26
27 Constructing call graphs Soot supports a number of call-graph construction algorithms CHA: Class Hierarchy Analysis RTA: Rapid Type Analysis VTA: Variable Type Analysis new: special support for libraries [Reif et al., FSE 16] Spark: Andersen-style subset-based analysis 27 SECURE SOFTWARE ENGINEERING GROUP
28 Inter-procedural analysis with Heros SECURE SOFTWARE ENGINEERING GROUP
29 Inter-procedural analysis with Heros Soot itself has templates to define intraprocedural analyses Also comprises algorithms for constructing call graphs But has no template mechanism for interprocedural traversals Heros adds this support by implementing the IFDS and IDE frameworks 29 SECURE SOFTWARE ENGINEERING GROUP
30 1995 Thomas Reps Susan Horwitz Mooly (Shmuel) Sagiv IFDS Framework 30
31 I F D S Framework a b f(a) f(b) = f(a b) {a,b distributive Subset problem Many applications: Alias-, Taint-, Typestate-, Shape-Analysis... Idea: reduce inter-procedural analysis problem to pure graph reachability 31
32 Example Program Reps, Horwitz, Sagiv
33 Super Program graph 1995 Reps, Horwitz, Sagiv 33
34 Idea: Specialize graph Program Super Graph Flow Functions = Exploded Super Graph 34
35 Flow functions as edges 1995 Reps, Horwitz, Sagiv Requires finite (or at least enumerable) domain 35
36 Exploded Super Graph normal call return call-to- return Reps, Horwitz, Sagiv
37 On-the-fly construction Much more efficient to create super graph on the fly (exploded or not) Start with program s entry point(s) For all transitive successors compute super edges as they are needed see [Naeem, Lhotak, CC 2010] 37
38 RHS Solver Generic solver for IFDS (and IDE) problems Fully context sensitive Can run in time linear in size of graph. O(E D^3) E: number of super-graph edges D: size of finite domain Decides reachability efficiently by computing summary edges between method-start 38
39 RHS 95 data-flow facts Static Super-graph edge Computed Summary Edge statements d holds at s if there is a summary edge from s startof(methodof(s),d ) to (s,d) for some d 39 0 d d
40 RHS 95 flow functions f(b) must be distributive: f(a) f(a) f(b) = f(a b) f(a b) 40
41 method calls procedure p afterwards call method-local p decision: b holds at s if there is ret a psummary edge from startof(methodof(s),d ) to (s,b) for some d 0 a b 0 c d 41
42 Ex.: Information-flow analysis void main() { int x = secret(); int y = 0; y = foo(x); print(y); int foo(int p) { return p; 42
43 IFDS Info-flow analysis 43
44 IFDS in Soot public interface IFDSTabulationProblem<N,D,M> { FlowFunctions<N,D,M> flowfunctions(); Multimap<M,D> initialseeds(); D zerovalue(); InterproceduralCFG<N,M> interproceduralcfg(); default implementation exists, uses CallGraph class internally 44
45 IFDS in Soot public interface FlowFunctions<N, D, M> { public FlowFunction<D> getnormalflowfunction(n curr, N succ); public FlowFunction<D> getcallflowfunction( N callstmt, M destinationmethod); public FlowFunction<D> getreturnflowfunction( N callsite, M calleemethod, N exitstmt, N returnsite); public FlowFunction<D> getcalltoreturnflowfunction( N callsite, N returnsite); 45
46 IFDS in Soot public interface FlowFunction<D> { Set<D> computetargets(d source); 46
47 What FlowDroid brings to the table SECURE SOFTWARE ENGINEERING GROUP
48 sources sinks code analysis report potential privacy leaks
49 SMS/MMS Location Calendar Contact sources sinks code analysis report potential privacy leaks SuSi [NDSS 14]
50 sources sinks code analysis report potential privacy leaks SuSi [NDSS 14] SMS/MMS Bluetooth NFC Internet
51 sources sinks code analysis report potential privacy leaks [PLDI 14] FlowDroid
52 void main() { 7 a = new A(); b = a.g; b.f foo(a); sink(b.f); a.g.f 6 5 void foo( z ) { x = z.g; w = source(); x.f x.f = w; 3 x.f 4 1 z.g.f w 2 Will it leak? 52
53 Two main requirements maximize true warnings minimize false warnings 53
54 and do it fast! maximize true warnings minimize false warnings 54
55 maximizing true warnings Recall
56 How do apps actually execute? 56
57 Activity lifecycle Activity starts oncreate() onstart() onrestart() onresume() Activity is running onpause() Also: services broadcast receivers content providers fragments onstop() ondestroy() Activity is shut down 57
58 public class MyActivity extends Activity { private static String URL = protected void oncreate(bundle savedinstancestate) { TelephonyManager telephonymanager = (TelephonyManager) getsystemservice(context.telephony_service); String imei = telephonymanager.getdeviceid(); URL = protected void onstart(){ try{ URL url = new URL(URL); HttpURLConnection conn = (HttpURLConnection) url.openconnection(); conn.setrequestmethod("get"); conn.setdoinput(true); // Starts the query conn.connect(); catch(exception ex){ 58
59 Dummy main method Activity starts oncreate() onstart() onresume() Activity is running onpause() onstop() onrestart() boolean p = true; MyActivity act = new MyActivity(); while(p) { act.oncreate(null); while(p) { act.onstart(); while(p) { act.onresume(); act.onpause(); //more to come ondestroy() Activity is shut down 59
60 Dummy main method so-called opaque predicate must be constructed such that analysis will definitely not evaluate it to true/false boolean p = true; MyActivity act = new MyActivity(); while(p) { act.oncreate(null); while(p) { act.onstart(); while(p) { act.onresume(); act.onpause(); //more to come 60
61 Dummy main method boolean p = System.currentTimeMillis()>0; MyActivity act = new MyActivity(); while(p) { act.oncreate(null); while(p) { act.onstart(); while(p) { act.onresume(); act.onpause(); //more to come 61
62 Next problem, callbacks clicking a button causes a callback to be called 62
63 Next problem, callbacks which is something a security analysis might want to be aware of 63
64 Android defines callbacks in a special XML file <Button android:id="@+id/button1" android:layout_width="wrap_content" android:layout_height="wrap_content" android:layout_alignparenttop="true" android:layout_centerhorizontal="true" android:layout_margintop="185dp" android:text="@string/button" android:onclick="sendmessage"/> 64
65 boolean p = System.currentTimeMillis()>0; MyActivity act = new MyActivity(); while(p) { act.oncreate(null); while(p) { act.onstart(); while(p) { act.onresume(); act.sendmessage(...) act.onpause(); //more to come <Button android:id="@+id/button1" android:layout_width="wrap_content" android:layout_height="wrap_content" android:layout_alignparenttop="true" android:layout_centerhorizontal="true" android:layout_margintop="185dp" android:text="@string/button" android:onclick="sendmessage"/> Problem: not all UI elements are registered using XML files 65
66 Button b = (Button) findviewbyid(r.id.button2); b.setonclicklistener(new View.OnClickListener() { public void onclick(view v) { SmsManager sm = SmsManager.getDefault(); String number = " "; sm.sendtextmessage(number, null, imei, null, null); //sink ); 66
67 b.setonclicklistener(..) boolean p = System.currentTimeMillis()>0; MyActivity act = new MyActivity(); while(p) { act.oncreate(null); while(p) { act.onstart(); while(p) { act.onresume(); act.sendmessage(...) act.onpause(); //more to come new MyListener().onClick(..) Iterate until no new callback registrations are discovered 67
68 minimize false warnings maximize Precision
69 Minimizing false warnings through highly precise analysis FlowDroid s analysis is Fully Context sensitive k-field sensitive (default: k=5) k-object sensitive (default: k=5) Flow sensitive 69 SECURE SOFTWARE ENGINEERING GROUP
70 Problem: aliases may be created before the taint is created! x = new A(); y = new A(); y = x; x.f = privatekey(); need to look into the past print(y.f); 70
71 Forward Taint Analysis Backward Alias Analysis x.f=a Work Queue a y.f x=y Work Queue x.f CountingThreadPoolExecutor terminates not before both queues are empty 71
72 void main() { a = new A(); 7 b = a.g; b.f foo(a); sink(b.f); a.g.f void foo( z ) { x = z.g; w = source(); x.f = w; 3 x.f x.f 1 z.g.f w 2 For a more general approach see our ECOOP 16 paper on the Boomerang pointer analysis 72
73 Deobfuscating apps with Harvester [NDSS 16] SECURE SOFTWARE ENGINEERING GROUP
74 Current Android malware public static void gdadbjrj(string paramstring1, String paramstring2) throws Exception{ // Get class instance Class clz = Class.forName( gdadbjrj.gdadbjrj("vrif3+in9a.ata3rynd1bcvrv]af") ); Object localobject = clz.getmethod( gdadbjrj.gdadbjrj("]a9mafvm.9")).invoke(null); // Get method name String s = gdadbjrj.gdadbjrj( BaRIta*9caBBV]a"); // Build parameter list Class c = Class.forName( gdadbjrj.gdadbjrj("vrif3+invttnsari+r]kr9ar9")); Class[] arr = new Class[] { nglpsq.cbhgc, nglpsq.cbhgc, nglpsq.cbhgc, c, c ; // Get method and invoke it clz.getmethod(s, arr).invoke(localobject, paramstring1, null, paramstring2, null, null); SmsManager.sendTextMessage(...) 74
75 sendtextmessage(num, text) Harvester Class.forName(className) sendtextmessage( , loc_other ) sendtextmessage( , loc_us ) Class.forName( SmsManager ) 75
76 if(build.fingerprint.startswith("generic")) Static Analysis? msg = AES.decrypt("1234","fri$ds\&S") nr = "00" Dynamic Analysis? No! if(simcountryiso().equals("us")) No! nr += "4242" nr += "8888" sendtextmessage(nr, msg)... 76
77 Static Analysis + Dynamic Analysis 77
78 if(build.fingerprint.startswith("generic")) msg = AES.decrypt("1234","fri$ds\&S") nr = "00" Environment if(simcountryiso().equals("us")) nr += "4242" nr += "8888" sendtextmessage(nr, msg)... 78
79 if(build.fingerprint.startswith("generic")) msg = AES.decrypt("1234","fri$ds\&S") nr = "00" Environment if(simcountryiso().equals("us")) nr += "4242" nr += "8888" sendtextmessage(nr, msg)... 79
80 if(build.fingerprint.startswith("generic")) msg = AES.decrypt("1234","fri$ds\&S") nr = "00" Environment if(simcountryiso().equals("us")) nr += "4242" nr += "8888" sendtextmessage(nr, msg)... 80
81 x if(build.fingerprint.startswith("generic")) msg = AES.decrypt("1234","fri$ds\&S") nr = "00" Environment if(simcountryiso().equals("us")) nr += "4242" nr += "8888" sendtextmessage(nr, msg)... 81
82 x if(build.fingerprint.startswith("generic")) msg = AES.decrypt("1234","fri$ds\&S") nr = "00" Environment if(simcountryiso().equals("us")) nr += "4242" nr += "8888" sendtextmessage(nr, msg)... 82
83 x if(build.fingerprint.startswith("generic")) msg = AES.decrypt("1234","fri$ds\&S") nr = "00" Environment if(simcountryiso().equals("us")) nr += "4242" nr += "8888" sendtextmessage(nr, msg)... 83
84 x if(build.fingerprint.startswith("generic")) msg = AES.decrypt("1234","fri$ds\&S") nr = "00" Environment if(executor_1) nr += "4242" nr += "8888" sendtextmessage(nr, msg)... 84
85 main() { Callee1(false); Callee1(true); Callee1(boolean EXECUTOR_1) { msg = AES.decrypt("1234","fri$ds\&S") nr = "00" if(executor_1) nr += "4242" nr += "8888" Log(nr, msg) sendtextmessage(nr, msg) 85
86 Harvester enables de-obfuscation Class c = Class.forName(gdadbjrj.gdadbjrj( VRIf3+InVTTnSaRI+R]KR9aR9 ));... Class c = Class.forName("SmsManager"); SmsManager.sendTextMessage(a, b, c, d, e); 86
87 Recall: Precision: 87% 100% Efficiency: < 3 minutes 16,799 Malware Samples we manually looked into 12 samples Our approach works pretty well since none designs a malware that is combined to an environment variable Interesting findings: Premium-rate numbers C&C messages URLs (URIs) Encryption key for WhatsApp data and more 87
88 Effect of Harvester Harvester replaces conditionals by toolcontrolled variables Then runs multiple dynamic execution, one for each combination of boolean values some cases optimized away Dynamic analysis then reads out the requested dynamic values during execution Can improve FlowDroid s results, e.g. by resolving reflective calls 88
89 Results of Harvester Works very well on all current malware we tested Recovery rate for values of interest: >90% Usually results within seconds Can be used to improve results of static analyses by adding to the call graph 89
90 64 Test apps Complex data structures Callbacks, Lifecycle Field and Object Sensitivity Inter-app communication Reflection Implicit flows
91 DroidBench, obfuscated with DexGuard? = correct warning, = missed leak ple circles in one row: multiple leaks exp 91 SECURE SOFTWARE ENGINEERING GROUP
92 Summary Soot provides Jimple IR and general static-analysis infrastructure Heros adds inter-procedural analysis support FlowDroid adds modeling of lifecycle and highly precise taint analysis Harvester aids Soot/FlowDroid-based analyses through static/dynamic obfuscation 92 SECURE SOFTWARE ENGINEERING GROUP
93 Prof. Dr. Eric Bodden Chair for Software Engineering Heinz Nixdorf Institut Zukunftsmeile Paderborn Telefon: eric.bodden@uni-paderborn.de SECURE SOFTWARE ENGINEERING GROUP
Smartphone Security for Android Applications
Smartphone Security for Android Applications Steven Arzt Siegfried Rasthofer (Eric Bodden) 17.09.2013 Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 1 About Us PhD-Students at the
More informationDetecting privacy leaks in Android Apps
Detecting privacy leaks in Android Apps Li Li, Alexandre Bartel, Jacques Klein, and Yves le Traon University of Luxembourg - SnT, Luxembourg {li.li,alexandre.bartel,jacques.klein,yves.letraon}@uni.lu Abstract.
More informationAll Your Code Belongs To Us Dismantling Android Secrets With CodeInspect. Steven Arzt. 04.10.2015 Secure Software Engineering Group Steven Arzt 1
All Your Code Belongs To Us Dismantling Android Secrets With CodeInspect Steven Arzt 04.10.2015 Secure Software Engineering Group Steven Arzt 1 04.10.2015 Secure Software Engineering Group Steven Arzt
More informationTechnical Report. Harvesting Runtime Data in Android Applications for Identifying Malware and Enhancing Code Analysis
Technical Report Nr. TUD-CS-5- Feb. 5th, 5 Harvesting Runtime Data in Android Applications for Identifying Malware and Enhancing Code Analysis Authors Siegfried Rasthofer Steven Arzt Marc Miltenberger
More informationIntroduction to Android Development. Daniel Rodrigues, Buuna 2014
Introduction to Android Development Daniel Rodrigues, Buuna 2014 Contents 1. Android OS 2. Development Tools 3. Development Overview 4. A Simple Activity with Layout 5. Some Pitfalls to Avoid 6. Useful
More informationAndroid Development. Marc Mc Loughlin
Android Development Marc Mc Loughlin Android Development Android Developer Website:h:p://developer.android.com/ Dev Guide Reference Resources Video / Blog SeCng up the SDK h:p://developer.android.com/sdk/
More informationAndroid For Java Developers. Marko Gargenta Marakana
Android For Java Developers Marko Gargenta Marakana Agenda Android History Android and Java Android SDK Hello World! Main Building Blocks Debugging Summary History 2005 Google buys Android, Inc. Work on
More informationAppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context
AppContext: Differentiating Malicious and Benign Mobile App Behaviors Using Context Wei Yang, Xusheng Xiao, Benjamin Andow, Sihan Li, Tao Xie, William Enck Department of Computer Science, University of
More informationIntroduction to Android. CSG250 Wireless Networks Fall, 2008
Introduction to Android CSG250 Wireless Networks Fall, 2008 Outline Overview of Android Programming basics Tools & Tricks An example Q&A Android Overview Advanced operating system Complete software stack
More informationA Study of Android Application Security
A Study of Android Application Security William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri USENIX Security Symposium August 2011 Systems and Internet Infrastructure Security Laboratory
More informationMono for Android Activity Lifecycle Activity Lifecycle Concepts and Overview
Mono for Android Lifecycle Lifecycle Concepts and Overview Xamarin Inc. BRIEF Overview Activities are a fundamental building block of Android Applications and they can exist in a number of different states.
More informationEdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework
EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework Yinzhi Cao, Yanick Fratantonio, Antonio Bianchi, Manuel Egele, Christopher Kruegel, Giovanni Vigna and
More informationAndroid Fundamentals 1
Android Fundamentals 1 What is Android? Android is a lightweight OS aimed at mobile devices. It is essentially a software stack built on top of the Linux kernel. Libraries have been provided to make tasks
More informationHow to develop your own app
How to develop your own app It s important that everything on the hardware side and also on the software side of our Android-to-serial converter should be as simple as possible. We have the advantage that
More informationMMI 2: Mobile Human- Computer Interaction Android
MMI 2: Mobile Human- Computer Interaction Android Prof. Dr. michael.rohs@ifi.lmu.de Mobile Interaction Lab, LMU München Android Software Stack Applications Java SDK Activities Views Resources Animation
More informationUniversità Degli Studi di Parma. Distributed Systems Group. Android Development. Lecture 2 Android Platform. Marco Picone - 2012
Android Development Lecture 2 Android Platform Università Degli Studi di Parma Lecture Summary 2 The Android Platform Dalvik Virtual Machine Application Sandbox Security and Permissions Traditional Programming
More informationTechnical Report. Highly Precise Taint Analysis for Android Applications. Nr. TUD-CS-2013-0113 May 8th, 2013
Technical Report Nr. TUD-CS-2013-0113 May 8th, 2013 Highly Precise Taint Analysis for Android Applications Authors Christian Fritz (EC SPRIDE) Steven Arzt (EC SPRIDE) Siegfried Rasthofer (EC SPRIDE) Eric
More informationUsing Eclipse CDT/PTP for Static Analysis
PTP User-Developer Workshop Sept 18-20, 2012 Using Eclipse CDT/PTP for Static Analysis Beth R. Tibbitts IBM STG tibbitts@us.ibm.com "This material is based upon work supported by the Defense Advanced Research
More informationHello World! Some code
Embedded Systems Programming Hello World! Lecture 10 Verónica Gaspes www2.hh.se/staff/vero What could an Android hello world application be like? Center for Research on Embedded Systems School of Information
More informationEdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework
TECHNICAL REPORT TR-UCSB-2014-05 1 EdgeMiner: Automatically Detecting Implicit Control Flow Transitions through the Android Framework Abstract A wealth of recent research proposes static data flow analysis
More informationAndroid Basics. Xin Yang 2016-05-06
Android Basics Xin Yang 2016-05-06 1 Outline of Lectures Lecture 1 (45mins) Android Basics Programming environment Components of an Android app Activity, lifecycle, intent Android anatomy Lecture 2 (45mins)
More informationAn Introduction to Android Application Development. Serdar Akın, Haluk Tüfekçi
An Introduction to Android Application Serdar Akın, Haluk Tüfekçi ARDIC ARGE http://www.ardictech.com April 2011 Environment Programming Languages Java (Officially supported) C (Android NDK Needed) C++
More informationApplication-only Call Graph Construction
Application-only Call Graph Construction Karim Ali and Ondřej Lhoták David R. Cheriton School of Computer Science, University of Waterloo Abstract. Since call graphs are an essential starting point for
More informationAndroid Application Development
Android Application Development Self Study Self Study Guide Content: Course Prerequisite Course Content Android SDK Lab Installation Guide Start Training Be Certified Exam sample Course Prerequisite The
More informationComputing Concepts with Java Essentials
2008 AGI-Information Management Consultants May be used for personal purporses only or by libraries associated to dandelon.com network. Computing Concepts with Java Essentials 3rd Edition Cay Horstmann
More informationMAP524/DPS924 MOBILE APP DEVELOPMENT (ANDROID) MIDTERM TEST OCTOBER 2013 STUDENT NAME STUDENT NUMBER
MAP524/DPS924 MOBILE APP DEVELOPMENT (ANDROID) MIDTERM TEST OCTOBER 2013 STUDENT NAME STUDENT NUMBER Please answer all questions on the question sheet This is an open book/notes test. You are allowed to
More informationArduino & Android. A How to on interfacing these two devices. Bryant Tram
Arduino & Android A How to on interfacing these two devices Bryant Tram Contents 1 Overview... 2 2 Other Readings... 2 1. Android Debug Bridge -... 2 2. MicroBridge... 2 3. YouTube tutorial video series
More informationCSE 504: Compiler Design. Data Flow Analysis
Data Flow Analysis Pradipta De pradipta.de@sunykorea.ac.kr Current Topic Iterative Data Flow Analysis LiveOut sets Static Single Assignment (SSA) Form Data Flow Analysis Techniques to reason about runtime
More informationMobile Security - Tutorial 1. Beginning Advanced Android Development Brian Ricks Fall 2014
Mobile Security - Tutorial 1 Beginning Advanced Android Development Brian Ricks Fall 2014 Before we begin... I took your Wireless Network Security course in Spring... are you gonna have memes in this?
More informationBasics of Android Development 1
Departamento de Engenharia Informática Minds-On Basics of Android Development 1 Paulo Baltarejo Sousa pbs@isep.ipp.pt 2016 1 The content of this document is based on the material presented at http://developer.android.com
More informationHow to Write a Checker in 24 Hours
How to Write a Checker in 24 Hours Clang Static Analyzer Anna Zaks and Jordan Rose Apple Inc. What is this talk about? The Clang Static Analyzer is a bug finding tool It can be extended with custom checkers
More informationA Short Introduction to Android
A Short Introduction to Android Notes taken from Google s Android SDK and Google s Android Application Fundamentals 1 Plan For Today Lecture on Core Android Three U-Tube Videos: - Architecture Overview
More informationAndroLIFT: A Tool for Android Application Life Cycles
AndroLIFT: A Tool for Android Application Life Cycles Dominik Franke, Tobias Royé, and Stefan Kowalewski Embedded Software Laboratory Ahornstraße 55, 52074 Aachen, Germany { franke, roye, kowalewski}@embedded.rwth-aachen.de
More informationHybriDroid: Analysis Framework for Android Hybrid Applications
HybriDroid: Analysis Framework for Android Hybrid Applications Sungho Lee, Julian Dolby, Sukyoung Ryu Programming Language Research Group KAIST June 13, 2015 Sungho Lee, Julian Dolby, Sukyoung Ryu HybriDroid:
More informationTracking Load-time Configuration Options
FOSD Meeting 2014 Tracking Load-time Configuration Options Max Lillack 1 SPL or one App to rule them all? Institut für Wirtschaftsinformatik Max Lillack 2 Challenge Apps must handle variability regarding
More informationState of the World - Statically Verifying API Usage Rule
Statically Verifying API Usage Rule using Tracematches Xavier Noumbissi, Patrick Lam University of Waterloo November 4, 2010 (University of Waterloo) Statically Verifying API Usage Rule November 4, 2010
More informationProgramming with Android: System Architecture. Dipartimento di Scienze dell Informazione Università di Bologna
Programming with Android: System Architecture Luca Bedogni Marco Di Felice Dipartimento di Scienze dell Informazione Università di Bologna Outline Android Architecture: An Overview Android Dalvik Java
More information(In-)Security of Backend-as-a-Service
(In-)Security of Backend-as-a-Service Siegfried Rasthofer (TU Darmstadt / CASED) Steven Arzt (TU Darmstadt / CASED) Robert Hahn (TU Darmstadt) Max Kolhagen (TU Darmstadt) Eric Bodden (Fraunhofer SIT /
More informationHabanero Extreme Scale Software Research Project
Habanero Extreme Scale Software Research Project Comp215: Java Method Dispatch Zoran Budimlić (Rice University) Always remember that you are absolutely unique. Just like everyone else. - Margaret Mead
More informationJava 6 'th. Concepts INTERNATIONAL STUDENT VERSION. edition
Java 6 'th edition Concepts INTERNATIONAL STUDENT VERSION CONTENTS PREFACE vii SPECIAL FEATURES xxviii chapter i INTRODUCTION 1 1.1 What Is Programming? 2 J.2 The Anatomy of a Computer 3 1.3 Translating
More informationAndroid Application Development - Exam Sample
Android Application Development - Exam Sample 1 Which of these is not recommended in the Android Developer's Guide as a method of creating an individual View? a Create by extending the android.view.view
More informationANDROID APPS DEVELOPMENT FOR MOBILE AND TABLET DEVICE (LEVEL I)
ANDROID APPS DEVELOPMENT FOR MOBILE AND TABLET DEVICE (LEVEL I) Who am I? Lo Chi Wing, Peter Lecture 1: Introduction to Android Development Email: Peter@Peter-Lo.com Facebook: http://www.facebook.com/peterlo111
More informationJava Application Developer Certificate Program Competencies
Java Application Developer Certificate Program Competencies After completing the following units, you will be able to: Basic Programming Logic Explain the steps involved in the program development cycle
More informationAndroid Application Model
Android Application Model Content - Activities - Intent - Tasks / Applications - Lifecycle - Processes and Thread - Services - Content Provider Dominik Gruntz IMVS dominik.gruntz@fhnw.ch 1 Android Software
More informationAndroid Java Live and In Action
Android Java Live and In Action Norman McEntire Founder, Servin Corp UCSD Extension Instructor norman.mcentire@servin.com Copyright (c) 2013 Servin Corp 1 Opening Remarks Welcome! Thank you! My promise
More informationCSCI 253. Object Oriented Programming (OOP) Overview. George Blankenship 1. Object Oriented Design: Java Review OOP George Blankenship.
CSCI 253 Object Oriented Design: Java Review OOP George Blankenship George Blankenship 1 Object Oriented Programming (OOP) OO Principles Abstraction Encapsulation Abstract Data Type (ADT) Implementation
More informationOperating System Support for Inter-Application Monitoring in Android
Operating System Support for Inter-Application Monitoring in Android Daniel M. Jackowitz Spring 2013 Submitted in partial fulfillment of the requirements of the Master of Science in Software Engineering
More informationAP Computer Science Java Subset
APPENDIX A AP Computer Science Java Subset The AP Java subset is intended to outline the features of Java that may appear on the AP Computer Science A Exam. The AP Java subset is NOT intended as an overall
More informationGenerating Run-Time Progress Reports for a Points-to Analysis in Eclipse
Generating Run-Time Progress Reports for a Points-to Analysis in Eclipse Jason Sawin Mariana Sharp Atanas Rountev ABSTRACT Eclipse plug-ins have access to a rich collection of GUI components. One such
More informationTesting Android Apps Through Symbolic Execution
Testing Android Apps Through Symbolic Execution Nariman Mirzaei *, Sam Malek *, Corina S. Păsăreanu, Naeem Esfahani *, Riyadh Mahmood * * Department of Computer Science George Mason University {nmirzaei,
More informationMobile Application Development Android
Mobile Application Development Android MTAT.03.262 Satish Srirama satish.srirama@ut.ee Goal Give you an idea of how to start developing Android applications Introduce major Android application concepts
More informationECWM511 MOBILE APPLICATION DEVELOPMENT Lecture 1: Introduction to Android
Why Android? ECWM511 MOBILE APPLICATION DEVELOPMENT Lecture 1: Introduction to Android Dr Dimitris C. Dracopoulos A truly open, free development platform based on Linux and open source A component-based
More informationGetting Started with the Internet Communications Engine
Getting Started with the Internet Communications Engine David Vriezen April 7, 2014 Contents 1 Introduction 2 2 About Ice 2 2.1 Proxies................................. 2 3 Setting Up ICE 2 4 Slices 2
More informationAppIntent: Analyzing Sensitive Data Transmission in Android for Privacy Leakage Detection
AppIntent: Analyzing Sensitive Data Transmission in Android for Privacy Leakage Detection Zhemin Yang Fudan University yangzhemin@fudan.edu.cn Guofei Gu Texas A&M University guofei@cse.tamu.edu Min Yang
More informationAutomated Validation & Verification of Software Paper Presentation
Regression Test Selection for Java Software Salvador Valencia Rodríguez Automated Validation & Verification of Software Paper Presentation Paper authors Mary Jean Harrold James A. Jones Tongyu Li Donglin
More information4. The Android System
4. The Android System 4. The Android System System-on-Chip Emulator Overview of the Android System Stack Anatomy of an Android Application 73 / 303 4. The Android System Help Yourself Android Java Development
More informationTowards Verifying Android Apps for the Absence of No-Sleep Energy Bugs
Towards Verifying Android Apps for the Absence of No-Sleep Energy Bugs Panagiotis Vekris, Ranjit Jhala, Sorin Lerner and Yuvraj Agarwal University of California, San Diego {pvekris, jhala, lerner, yuvraj}
More informationCS 2112 Spring 2014. 0 Instructions. Assignment 3 Data Structures and Web Filtering. 0.1 Grading. 0.2 Partners. 0.3 Restrictions
CS 2112 Spring 2014 Assignment 3 Data Structures and Web Filtering Due: March 4, 2014 11:59 PM Implementing spam blacklists and web filters requires matching candidate domain names and URLs very rapidly
More informationAndroid. Learning Android Marko Gargenta. Tuesday, March 11, 14
Android Learning Android Marko Gargenta Materials Sams Teach Yourself Android Application Development in 24 Hours (Amazon) Android Apps for Absolute Beginners (Amazon) Android Development Tutorial (http://
More informationFrameworks & Android. Programmeertechnieken, Tim Cocx
Frameworks & Android Programmeertechnieken, Tim Cocx Discover thediscover world atthe Leiden world University at Leiden University Software maken is hergebruiken The majority of programming activities
More informationLecture 1 Introduction to Android
These slides are by Dr. Jaerock Kwon at. The original URL is http://kettering.jrkwon.com/sites/default/files/2011-2/ce-491/lecture/alecture-01.pdf so please use that instead of pointing to this local copy
More informationIntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware
IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware Michelle Y. Wong and David Lie Department of Electrical and Computer Engineering University of Toronto Abstract While
More informationChapter 2 Getting Started
Welcome to Android Chapter 2 Getting Started Android SDK contains: API Libraries Developer Tools Documentation Sample Code Best development environment is Eclipse with the Android Developer Tool (ADT)
More informationQ1. What method you should override to use Android menu system?
AND-401 Exam Sample: Q1. What method you should override to use Android menu system? a. oncreateoptionsmenu() b. oncreatemenu() c. onmenucreated() d. oncreatecontextmenu() Answer: A Q2. What Activity method
More informationAndroid 多 核 心 嵌 入 式 多 媒 體 系 統 設 計 與 實 作
Android 多 核 心 嵌 入 式 多 媒 體 系 統 設 計 與 實 作 Android Application Development 賴 槿 峰 (Chin-Feng Lai) Assistant Professor, institute of CSIE, National Ilan University Nov. 10 th 2011 2011 MMN Lab. All Rights Reserved
More informationTutorial #1. Android Application Development Advanced Hello World App
Tutorial #1 Android Application Development Advanced Hello World App 1. Create a new Android Project 1. Open Eclipse 2. Click the menu File -> New -> Other. 3. Expand the Android folder and select Android
More informationPresenting Android Development in the CS Curriculum
Presenting Android Development in the CS Curriculum Mao Zheng Hao Fan Department of Computer Science International School of Software University of Wisconsin-La Crosse Wuhan University La Crosse WI, 54601
More informationAdmin. Mobile Software Development Framework: Android Activity, View/ViewGroup, External Resources. Recap: TinyOS. Recap: J2ME Framework
Admin. Mobile Software Development Framework: Android Activity, View/ViewGroup, External Resources Homework 2 questions 10/9/2012 Y. Richard Yang 1 2 Recap: TinyOS Hardware components motivated design
More informationSpecialized Android APP Development Program with Java (SAADPJ) Duration 2 months
Specialized Android APP Development Program with Java (SAADPJ) Duration 2 months Our program is a practical knowledge oriented program aimed at making innovative and attractive applications for mobile
More informationCS193j, Stanford Handout #10 OOP 3
CS193j, Stanford Handout #10 Summer, 2003 Manu Kumar OOP 3 Abstract Superclass Factor Common Code Up Several related classes with overlapping code Factor common code up into a common superclass Examples
More informationIntro to Android Development 2. Accessibility Capstone Nov 23, 2010
Intro to Android Development 2 Accessibility Capstone Nov 23, 2010 Outline for Today Application components Activities Intents Manifest file Visual user interface Creating a user interface Resources TextToSpeech
More informationGetting Started: Creating a Simple App
Getting Started: Creating a Simple App What You will Learn: Setting up your development environment Creating a simple app Personalizing your app Running your app on an emulator The goal of this hour is
More informationObfuscation: know your enemy
Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON sguelton@quarkslab.com Prelude Prelude Plan 1 Introduction What is obfuscation? 2 Control flow obfuscation 3 Data flow
More informationJava Interview Questions and Answers
1. What is the most important feature of Java? Java is a platform independent language. 2. What do you mean by platform independence? Platform independence means that we can write and compile the java
More informationCombining Static and Dynamic Data in Code Visualization
Combining Static and Dynamic Data in Code Visualization David Eng Sable Research Group McGill University, Montreal flynn@sable.mcgill.ca ABSTRACT The task of developing, tuning, and debugging compiler
More informationKITES TECHNOLOGY COURSE MODULE (C, C++, DS)
KITES TECHNOLOGY 360 Degree Solution www.kitestechnology.com/academy.php info@kitestechnology.com technologykites@gmail.com Contact: - 8961334776 9433759247 9830639522.NET JAVA WEB DESIGN PHP SQL, PL/SQL
More informationA Case Study of an Android* Client App Using Cloud-Based Alert Service
A Case Study of an Android* Client App Using Cloud-Based Alert Service Abstract This article discusses a case study of an Android client app using a cloud-based web service. The project was built on the
More informationGoogle s Android: An Overview
Google s Android: An Overview Yoni Rabkin yonirabkin@member.fsf.org This work is licensed under the Creative Commons Attribution 2.5 License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/.
More informationInformation-Flow Analysis of Android Applications in DroidSafe
Information-Flow Analysis of Android Applications in DroidSafe Michael I. Gordon, Deokhwan Kim, Jeff Perkins, Limei Gilham, Nguyen Nguyen, and Martin Rinard Massachusetts Institute of Technology mgordon@mit.edu,
More informationTUTORIAL. BUILDING A SIMPLE MAPPING APPLICATION
Cleveland State University CIS493. Mobile Application Development Using Android TUTORIAL. BUILDING A SIMPLE MAPPING APPLICATION The goal of this tutorial is to create a simple mapping application that
More informationAndroid Studio Application Development
Android Studio Application Development Belén Cruz Zapata Chapter No. 4 "Using the Code Editor" In this package, you will find: A Biography of the author of the book A preview chapter from the book, Chapter
More informationAndroid Application Repackaging
ISA 564, Laboratory 4 Android Exploitation Software Requirements: 1. Android Studio http://developer.android.com/sdk/index.html 2. Java JDK http://www.oracle.com/technetwork/java/javase/downloads/index.html
More informationAndroid App Development. Rameel Sethi
Android App Development Rameel Sethi Relevance of Android App to LFEV Would be useful for technician at Formula EV race course to monitor vehicle conditions on cellphone Can serve as useful demo of LFEV
More informationEfficient Points-To Analysis for Partial Call Graph Construction
Efficient Points-To Analysis for Partial Call Graph Construction Zhiyuan Wan 1, Bo Zhou 1, Ye Wang 2, Yuanhong Shen 1 1 College of Computer Science and Technology, Zhejiang University, China 2 School of
More informationHandout 1. Introduction to Java programming language. Java primitive types and operations. Reading keyboard Input using class Scanner.
Handout 1 CS603 Object-Oriented Programming Fall 15 Page 1 of 11 Handout 1 Introduction to Java programming language. Java primitive types and operations. Reading keyboard Input using class Scanner. Java
More informationCrash Course in Java
Crash Course in Java Based on notes from D. Hollinger Based in part on notes from J.J. Johns also: Java in a Nutshell Java Network Programming and Distributed Computing Netprog 2002 Java Intro 1 What is
More informationDesigning with Exceptions. CSE219, Computer Science III Stony Brook University http://www.cs.stonybrook.edu/~cse219
Designing with Exceptions CSE219, Computer Science III Stony Brook University http://www.cs.stonybrook.edu/~cse219 Testing vs. Debugging Testing Coding Does the code work properly YES NO 2 Debugging Testing
More informationImproving Test Case Generation for Web Applications Using Automated Interface Discovery
Improving Test Case Generation for Web Applications Using Automated Interface Discovery William G.J. Halfond and Alessandro Orso College of Computing Georgia Institute of Technology {whalfond, orso}@cc.gatech.edu
More informationCLAPP: Characterizing Loops in Android Applications
CLAPP: Characterizing Loops in Android Applications Yanick Fratantonio UC Santa Barbara, USA yanick@cs.ucsb.edu Christopher Kruegel UC Santa Barbara, USA chris@cs.ucsb.edu Aravind Machiry UC Santa Barbara,
More informationRegression Test Selection for Java Software
Proc. of the ACM Conf. on OO Programming, Systems, Languages, and Applications (OOPSLA ), ACM Copyright. Regression Test Selection for Java Software Mary Jean Harrold harrold@cc.gatech.edu Alessandro Orso
More informationSample CSE8A midterm Multiple Choice (circle one)
Sample midterm Multiple Choice (circle one) (2 pts) Evaluate the following Boolean expressions and indicate whether short-circuiting happened during evaluation: Assume variables with the following names
More informationLogin with Amazon Getting Started Guide for Android. Version 2.0
Getting Started Guide for Android Version 2.0 Login with Amazon: Getting Started Guide for Android Copyright 2016 Amazon.com, Inc., or its affiliates. All rights reserved. Amazon and the Amazon logo are
More informationELET4133: Embedded Systems. Topic 15 Sensors
ELET4133: Embedded Systems Topic 15 Sensors Agenda What is a sensor? Different types of sensors Detecting sensors Example application of the accelerometer 2 What is a sensor? Piece of hardware that collects
More informationDeveloping Android Apps: Part 1
: Part 1 d.schmidt@vanderbilt.edu www.dre.vanderbilt.edu/~schmidt Institute for Software Integrated Systems Vanderbilt University Nashville, Tennessee, USA CS 282 Principles of Operating Systems II Systems
More informationHP AppPulse Mobile. Adding HP AppPulse Mobile to Your Android App
HP AppPulse Mobile Adding HP AppPulse Mobile to Your Android App Document Release Date: April 2015 How to Add HP AppPulse Mobile to Your Android App How to Add HP AppPulse Mobile to Your Android App For
More informationOfficial Android Coding Style Conventions
2012 Marty Hall Official Android Coding Style Conventions Originals of Slides and Source Code for Examples: http://www.coreservlets.com/android-tutorial/ Customized Java EE Training: http://courses.coreservlets.com/
More informationAgenda. What is and Why Polymorphism? Examples of Polymorphism in Java programs 3 forms of Polymorphism
Polymorphism 1 Agenda What is and Why Polymorphism? Examples of Polymorphism in Java programs 3 forms of Polymorphism 2 What is & Why Polymorphism? 3 What is Polymorphism? Generally, polymorphism refers
More information06 Team Project: Android Development Crash Course; Project Introduction
M. Kranz, P. Lindemann, A. Riener 340.301 UE Principles of Interaction, 2014S 06 Team Project: Android Development Crash Course; Project Introduction April 11, 2014 Priv.-Doz. Dipl.-Ing. Dr. Andreas Riener
More informationNow that we have the Android SDK, Eclipse and Phones all ready to go we can jump into actual Android development.
Android Development 101 Now that we have the Android SDK, Eclipse and Phones all ready to go we can jump into actual Android development. Activity In Android, each application (and perhaps each screen
More information