MoonlightBox: Mining Android API Histories for Uncovering Release-Time Inconsistencies

Li Li; Tegawende Bissyande; Jacques Klein

doi:10.1109/ISSRE.2018.00031

MoonlightBox: Mining Android API Histories for Uncovering Release-Time Inconsistencies

Li Li
, Tegawende Bissyande
, Jacques Klein

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

24 Scopus citations

Abstract

In most of the approaches aiming at investigating Android apps, the release time of apps is not appropriately taken into account. Through three empirical studies, we demonstrate that the app release time is key for guaranteeing performance. Indeed, not considering time may result in serious threats to the validity of proposed approaches. Unfortunately, even approaches considering time could present some threats to validity when release times are erroneous. Symptoms of such erroneous release times appear in the form of inconsistencies with the APIs leveraged by the app. We present a tool called MoonlightBox for uncovering time inconsistencies by inferring the lower bound assembly time of a given app based on the used API lifetime information: any assembly time below this lower bound is considered as manipulated. We further perform several experiments and confirm that 1) over 7% of Android apps are subject to time inconsistency, 2) malicious apps are more likely to be targeted by time inconsistency, compared to benign apps, 3) time inconsistencies are favoured by some specific app lineages. We eventually revisit the three motivating empirical studies, leveraging MoonlightBox to compute a more realistic timeline of apps. The experimental results confirm that time indeed matters. The accuracy of release time is even crucial to achieve precise results.

Original language	English
Title of host publication	Proceedings - 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018
Editors	Sudipto Ghosh, Bojan Cukic, Robin Poston, Roberto Natella, Nuno Laranjeiro
Publisher	IEEE Computer Society
Pages	212-223
Number of pages	12
ISBN (Electronic)	9781538683217
DOIs	https://doi.org/10.1109/ISSRE.2018.00031
State	Published - 16 Nov 2018
Externally published	Yes
Event	29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018 - Memphis, United States Duration: 15 Oct 2018 → 18 Oct 2018

Publication series

Name	Proceedings - International Symposium on Software Reliability Engineering, ISSRE
Volume	2018-October
ISSN (Print)	1071-9458

Conference

Conference	29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018
Country/Territory	United States
City	Memphis
Period	15/10/18 → 18/10/18

Keywords

Android
API History
MoonlightBox
Release time Inconsistency

Access to Document

10.1109/ISSRE.2018.00031

Cite this

Li, L., Bissyande, T., & Klein, J. (2018). MoonlightBox: Mining Android API Histories for Uncovering Release-Time Inconsistencies. In S. Ghosh, B. Cukic, R. Poston, R. Natella, & N. Laranjeiro (Eds.), Proceedings - 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018 (pp. 212-223). Article 8539083 (Proceedings - International Symposium on Software Reliability Engineering, ISSRE; Vol. 2018-October). IEEE Computer Society. https://doi.org/10.1109/ISSRE.2018.00031

Li, Li ; Bissyande, Tegawende ; Klein, Jacques. / MoonlightBox : Mining Android API Histories for Uncovering Release-Time Inconsistencies. Proceedings - 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018. editor / Sudipto Ghosh ; Bojan Cukic ; Robin Poston ; Roberto Natella ; Nuno Laranjeiro. IEEE Computer Society, 2018. pp. 212-223 (Proceedings - International Symposium on Software Reliability Engineering, ISSRE).

@inproceedings{a57c08f01d1d448093183ac5b45a252c,

title = "MoonlightBox: Mining Android API Histories for Uncovering Release-Time Inconsistencies",

abstract = "In most of the approaches aiming at investigating Android apps, the release time of apps is not appropriately taken into account. Through three empirical studies, we demonstrate that the app release time is key for guaranteeing performance. Indeed, not considering time may result in serious threats to the validity of proposed approaches. Unfortunately, even approaches considering time could present some threats to validity when release times are erroneous. Symptoms of such erroneous release times appear in the form of inconsistencies with the APIs leveraged by the app. We present a tool called MoonlightBox for uncovering time inconsistencies by inferring the lower bound assembly time of a given app based on the used API lifetime information: any assembly time below this lower bound is considered as manipulated. We further perform several experiments and confirm that 1) over 7\% of Android apps are subject to time inconsistency, 2) malicious apps are more likely to be targeted by time inconsistency, compared to benign apps, 3) time inconsistencies are favoured by some specific app lineages. We eventually revisit the three motivating empirical studies, leveraging MoonlightBox to compute a more realistic timeline of apps. The experimental results confirm that time indeed matters. The accuracy of release time is even crucial to achieve precise results.",

keywords = "Android, API History, MoonlightBox, Release time Inconsistency",

author = "Li Li and Tegawende Bissyande and Jacques Klein",

note = "Publisher Copyright: {\textcopyright} 2018 IEEE.; 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018 ; Conference date: 15-10-2018 Through 18-10-2018",

year = "2018",

month = nov,

day = "16",

doi = "10.1109/ISSRE.2018.00031",

language = "英语",

series = "Proceedings - International Symposium on Software Reliability Engineering, ISSRE",

publisher = "IEEE Computer Society",

pages = "212--223",

editor = "Sudipto Ghosh and Bojan Cukic and Robin Poston and Roberto Natella and Nuno Laranjeiro",

booktitle = "Proceedings - 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018",

address = "美国",

}

Li, L, Bissyande, T & Klein, J 2018, MoonlightBox: Mining Android API Histories for Uncovering Release-Time Inconsistencies. in S Ghosh, B Cukic, R Poston, R Natella & N Laranjeiro (eds), Proceedings - 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018., 8539083, Proceedings - International Symposium on Software Reliability Engineering, ISSRE, vol. 2018-October, IEEE Computer Society, pp. 212-223, 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018, Memphis, United States, 15/10/18. https://doi.org/10.1109/ISSRE.2018.00031

MoonlightBox: Mining Android API Histories for Uncovering Release-Time Inconsistencies. / Li, Li; Bissyande, Tegawende; Klein, Jacques.
Proceedings - 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018. ed. / Sudipto Ghosh; Bojan Cukic; Robin Poston; Roberto Natella; Nuno Laranjeiro. IEEE Computer Society, 2018. p. 212-223 8539083 (Proceedings - International Symposium on Software Reliability Engineering, ISSRE; Vol. 2018-October).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - MoonlightBox

T2 - 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018

AU - Li, Li

AU - Bissyande, Tegawende

AU - Klein, Jacques

PY - 2018/11/16

Y1 - 2018/11/16

N2 - In most of the approaches aiming at investigating Android apps, the release time of apps is not appropriately taken into account. Through three empirical studies, we demonstrate that the app release time is key for guaranteeing performance. Indeed, not considering time may result in serious threats to the validity of proposed approaches. Unfortunately, even approaches considering time could present some threats to validity when release times are erroneous. Symptoms of such erroneous release times appear in the form of inconsistencies with the APIs leveraged by the app. We present a tool called MoonlightBox for uncovering time inconsistencies by inferring the lower bound assembly time of a given app based on the used API lifetime information: any assembly time below this lower bound is considered as manipulated. We further perform several experiments and confirm that 1) over 7% of Android apps are subject to time inconsistency, 2) malicious apps are more likely to be targeted by time inconsistency, compared to benign apps, 3) time inconsistencies are favoured by some specific app lineages. We eventually revisit the three motivating empirical studies, leveraging MoonlightBox to compute a more realistic timeline of apps. The experimental results confirm that time indeed matters. The accuracy of release time is even crucial to achieve precise results.

AB - In most of the approaches aiming at investigating Android apps, the release time of apps is not appropriately taken into account. Through three empirical studies, we demonstrate that the app release time is key for guaranteeing performance. Indeed, not considering time may result in serious threats to the validity of proposed approaches. Unfortunately, even approaches considering time could present some threats to validity when release times are erroneous. Symptoms of such erroneous release times appear in the form of inconsistencies with the APIs leveraged by the app. We present a tool called MoonlightBox for uncovering time inconsistencies by inferring the lower bound assembly time of a given app based on the used API lifetime information: any assembly time below this lower bound is considered as manipulated. We further perform several experiments and confirm that 1) over 7% of Android apps are subject to time inconsistency, 2) malicious apps are more likely to be targeted by time inconsistency, compared to benign apps, 3) time inconsistencies are favoured by some specific app lineages. We eventually revisit the three motivating empirical studies, leveraging MoonlightBox to compute a more realistic timeline of apps. The experimental results confirm that time indeed matters. The accuracy of release time is even crucial to achieve precise results.

KW - Android

KW - API History

KW - MoonlightBox

KW - Release time Inconsistency

UR - https://www.scopus.com/pages/publications/85059608986

U2 - 10.1109/ISSRE.2018.00031

DO - 10.1109/ISSRE.2018.00031

M3 - 会议稿件

AN - SCOPUS:85059608986

T3 - Proceedings - International Symposium on Software Reliability Engineering, ISSRE

SP - 212

EP - 223

BT - Proceedings - 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018

A2 - Ghosh, Sudipto

A2 - Cukic, Bojan

A2 - Poston, Robin

A2 - Natella, Roberto

A2 - Laranjeiro, Nuno

PB - IEEE Computer Society

Y2 - 15 October 2018 through 18 October 2018

ER -

Li L, Bissyande T, Klein J. MoonlightBox: Mining Android API Histories for Uncovering Release-Time Inconsistencies. In Ghosh S, Cukic B, Poston R, Natella R, Laranjeiro N, editors, Proceedings - 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018. IEEE Computer Society. 2018. p. 212-223. 8539083. (Proceedings - International Symposium on Software Reliability Engineering, ISSRE). doi: 10.1109/ISSRE.2018.00031

MoonlightBox: Mining Android API Histories for Uncovering Release-Time Inconsistencies

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this