Static Analysis for Android: GUIs, Callbacks, and Beyond
The widespread use of Android software presents exciting new challenges for program analysis researchers. Traditional static control-flow and data-flow analyses cannot be directly used for Android applications because the programs are framework-based and event-driven. This talk describes recent advances in solving important static analysis problems for Android and outlines several open questions for program analysis researchers in this area.
An Android application is driven by a graphical user interface (GUI), with GUI objects responding to user actions. These objects and the event handlers associated with them ultimately determine the possible flow of control and data. We developed the first static analysis to model GUI-related Android objects, their flow through the application, and their interactions with each other. Building on this work, we also developed a control-flow analysis of GUI-driven callbacks from the Android framework to the application code. The talk will describe these two analyses and their role as building blocks of a foundation for control-flow and data-flow analyses for Android. The rest of the talk will focus on open questions that present new opportunities for program analysis research in this increasingly important area.
Sun 14 JunDisplayed time zone: Tijuana, Baja California change
09:00 - 11:00 | |||
09:00 10mDay opening | Opening remarks SOAP | ||
09:10 50mTalk | Static Analysis for Android: GUIs, Callbacks, and Beyond SOAP | ||
10:00 20mTalk | Using Targeted Symbolic Execution for Reducing False-Positives in Dataflow Analysis SOAP | ||
10:20 20mTalk | Design Your Analysis: A Case Study on Implementation Reusability of Data-Flow Functions SOAP | ||
10:40 20mTalk | Combining Type-Analysis with Points-To Analysis for Analyzing Java Library Source-Code SOAP |