基于控件路径的跨设备UI自动化测试方法

随着移动应用的爆炸式增长,如何高效、正确地进行UI自动化测试成为了一个重要问题.传统自动化方法大多需手动编写测试脚本,自动化程度更高的录制回放方法则普遍具有跨设备能力不足的问题,而且现有断言机制已经不足以描述丰富的UI语义.针对上述问题,本文提出一种跨设备能力强且可以描述丰富UI语义的录制回放自动化测试方法.该方法使用控件路径精确定位控件,并结合跨设备UI自适应方法以提高跨设备能力;通过提出两种新的断言机制以支持与数字排序和图片相关的UI语义.在该方法基础上,本文面向Android和iOS应用程序实现了一种自动化测试框架RRF,实验结果表明RRF的回放成功率比其他自动化测试工具更高.     

基于hook机制的android自动化脚本录制回放框架的设计与实现

本文首先分析了当前Android应用测试以及Android自动化测试出现的背景以及需求。其次,本文介绍了传统的官方给出的Anroid自动化测试框架的基本原理及其测试方法。在此基础上,本文分析了Android自动化测试过程中测试脚本录制以及回放的必要性,然后分析传统自动化测试框架的不足之处,提出了基于hook机制的android自动化脚本录制回放框架的设计以及实现方案,改善Android自动化测试的效率,提高Android应用开发效率。最后,分析本框架的有点以及其不足之处,对全文做了总结。     

一种手绘制导的移动应用界面测试方法

软件测试在提高移动应用的安全性和可靠性方面扮演着重要角色.然而,目前主流的移动应用界面测试技术存在着许多不足：人工编写脚本和录制回放技术需要消耗大量的人力成本,自动化测试在移动应用界面测试的应用场景上受到了诸多限制.针对这些问题,提出一种基于手绘制导的移动应用界面测试方法.该方法通过设计一种简单直观且具有较强表达能力的手绘语言来帮助测试者轻松表达其测试意图,测试者仅需在待测应用的界面图像上做简单绘制,就能生成对应的测试模型,并以此为基础生成界面测试所需的测试用例.以近年来在相关文献中已经用作移动应用界面测试的评估用例集为基准来评估该方法的测试效果.评估结果表明：在提供很少人力成本的条件下,手绘图形所表达的用户测试意图在制导移动应用界面测试上能起到非常关键的作用.     

基于深度相机的三维空间测试脚本录制方法与工具

现有移动触屏设备可视化脚本录制工具大多是侵入式的,不适用于非常见系统以及系统封闭的设备,而少有的非侵入式的录制工具只支持屏幕能平放在桌面上的设备。因而提出了一种三维空间中基于深度相机的新型触屏设备可视化测试脚本自动录制方法和工具。该技术将记录手工测试操作的视频文件转化为表达动作类型和操作参数的可视化测试脚本。在不同实验环境下不同应用上的案例及其实验结果表明该方法具有一定的可视化脚本录制成功率,具有使用价值。     

基于GUI事件的安卓应用录制重放关键技术综述

基于GUI事件的安卓应用录制重放技术致力于以自动化的方式捕捉和回放人类和移动应用的交互轨迹,达到降低测试成本、提高测试用例复用率的目的. 录制重放技术面临的挑战来源于应用、版本和设备3个维度.试图从人类录制重放的角度, 将录制重放建模为一个搜索问题, 并提出模拟人类录制重放行为的通用框架. 框架包含3部分: 组件表示与...     

一种基于Android平台GUI录制回放工具的设计与实现

随着移动应用软件复杂性不断提高,高效的测试技术和工具逐渐成为高质量移动应用的必要保证。基于录制-回放技术提出一种Google Android平台上移动应用的自动化测试解决方案,并实现了一个黑盒测试工具。通过举例描述系统录制测试用例、生成脚本并回放的过程,详细分析了GUI自动化测试工具录制-回放模块关键技术的设计与实现。该GUI测试工具主要应用于回归测试阶段,能够提高测试效率。     

基于用户会话的Web应用性能测试方法的研究

近年来,Web应用成为互联网时代基础设施中最重要的组成部分。随着互联网技术的不断进步以及使用用户数量的不断增长,Web应用也越发变得复杂。为了保证Web应用性能测试的有效性和真实性,提出一种利用服务器日志中的用户会话信息、结合经过序列匹配算法改进的层次凝聚算法来自动产生Web应用性能测试脚本的方法。提出的方法通过从服务器日志中提取出用户会话信息,分析用户真实的访问模式,通过聚类算法将同类型的用户访问模式进行聚集,自动产生相应的测试请求序列,生成测试集。相比于传统的基于录制/回访的测试方法,基于用户会话的性能测试方法通过对用户会话进行聚类分析,还原实际的用户访问模式,减少了设计测试用例时的人工参与,保证了测试结果的有效性和真实性。     

Android应用录制与回放工具设计

智能手机以及平板凭借其便捷的丰富的输入功能越来越受到用户的欢迎,但是它们丰富的输入功能增加了测试的复杂性.现有的基于GUI级别的录制与回放工具满足不了Android应用程序可以从设备上的各种传感器获取输入,识别GUI手势以及一些对时间有精确要求的录制和回放需求.本文设计并且实现了一个工具：RARA.RARA可通过直接捕获手机底层的GUI事件以及传感器事件进行应用的录制,并且以微秒时间精度回放.最后通过实验验证了：（1） RARA录制与回放功能是有效的;（2）回放的时间开销只有1%左右,不会对宿主APP的性能产生影响;（3）通过RARA的录制回放功能,可在多款应用程序的测试中重现应用Bug.     

基于静态分析的Android GUI遍历方法

针对传统软件安全测试方法（例如：符号执行、模糊测试、污点分析等）无法获得较高的Android程序图形用户界面（GUI）覆盖率的问题,提出动态和静态相结合的Android程序测试方法。该方法在静态分析Android应用程序数据流的基础之上,构建程序活动转换图和函数调用图,解析程序GUI元素,进而编写测试脚本动态遍历应用程序GUI元素。将该方法应用于订票日历、WiFi万能钥匙和360天气应用的实际测试,结果表明：Activity的平均覆盖率达到76%,明显高于人工测试的平均值30.08%和基于控件树遍历的42.05%~61.29%,该方法能够有效遍历Android应用程序GUI元素。     

基于模型驱动的功能测试平台研究

研究了基于模型驱动方式自动产生数据用例的功能测试平台,研究测试模型的建立,提出了基于Windows GUI环境下该功能测试的体系结构,分析了其中的测试脚本开发平台,设计并实现了一种基于模型驱动的功能测试的动作捕获与回放技术的原型工具,该工具能生成测试脚本,并能通过运行录制下的测试脚本动态回归测试基于图形用户接口程序,实际应用系统的测试效果验证了该工具的有效性.     

面向安卓应用建模的IFML扩展

随着智能机以及平板电脑的普及,安卓应用逐渐成为日常生活中不可或缺的重要元素之一,其复杂度也呈几何倍数增长.安卓平台存在的多设备类型、多操作系统版本问题,使得应用的设计和开发更为复杂.在这一现状下,提倡在安卓应用开发中使用模型来描述其开发需求与设计,以帮助开发人员更好地将注意力集中于应用,加深对开发意图的理解,更好地进行后续的开发工作.然而,当前对安卓应用的建模都采用了传统模型,无法满足安卓应用事件驱动和注重图形用户界面的特点.为此,将注重前端展示以及事件交互的交互流建模语言（IFML）应用于安卓应用的建模,描述应用中的GUI结构以及其中工作流的传递,从而指导应用的开发工作.考虑到安卓平台的特点,对IFML进行了相应的面向安卓的扩展,提高了其可用性与对安卓应用的适用性,并对IFML模型进行了形式化定义,使得IFML模型能以丰富而又精确的语义来刻画开发者对于安卓应用的设计,并在应用的实现和演化中不断发挥指导作用.另外,进一步探索了IFML模型在应用测试这一场景中的作用.基于模型的测试方法能够检验设计和实现的一致性,还能在应用的演化过程中避免测试用例的重复编写.在案例研究中,针对5个安卓应用进行了IFML建模与测试.实验结果表明,扩展后的IFML在安卓应用的建模上可行、有效,所建立的IFML模型可直接用于测试工作,用于检测应用实现与设计是否保持一致,从而保证应用的开发质量.     

Component-based permission management of Android applications

Most Android applications include third-party libraries (3PLs) to make revenues, to facilitate their development, and to track user behaviors. 3PLs generally require specific permissions to realize their functionalities. Current Android systems manage permissions in app (process) granularity. As a result, the permission sets of apps with 3PLs (3PL-apps) may be augmented, introducing overprivilege risks. In this paper, we firstly study how severe the problem is by analyzing the permission sets of 27 718 real-world Android apps with and without 3PLs downloaded in both 2016 and 2017. We find that the usage of 3PLs and the permissions required by 3PL-apps have increased over time. As a result, the possibility of overprivilege risks increases. We then propose Perman, a fine-grained permission management mechanism for Android. Perman isolates the permissions of the host app and those of the 3PLs through dynamic code instrumentation. It allows users to manage permission requests of different modules of 3PL-apps during app runtime. Unlike existing tools, Perman does not need to redesign Android apps and systems. Therefore, it can be applied to millions of existing apps and various Android devices. We conduct experiments to evaluate the effectiveness and efficiency of Perman. The experimental results verify that Perman is capable of managing permission requests of the host app and those of the 3PLs. We also confirm that the overhead introduced by Perman is comparable to that by existing commercial permission management tools.     

Studying the consistency of star ratings and the complaints in 1 & 2-star user reviews for top free cross-platform Android and iOS apps

How users rate a mobile app via star ratings and user reviews is of utmost importance for the success of an app. Recent studies and surveys show that users rely heavily on star ratings and user reviews that are provided by other users, for deciding which app to download. However, understanding star ratings and user reviews is a complicated matter, since they are influenced by many factors such as the actual quality of the app and how the user perceives such quality relative to their expectations, which are in turn influenced by their prior experiences and expectations relative to other apps on the platform (e.g., iOS versus Android). Nevertheless, star ratings and user reviews provide developers with valuable information for improving the overall impression of their app. In an effort to expand their revenue and reach more users, app developers commonly build cross-platform apps, i.e., apps that are available on multiple platforms. As star ratings and user reviews are of such importance in the mobile app industry, it is essential for developers of cross-platform apps to maintain a consistent level of star ratings and user reviews for their apps across the various platforms on which they are available. In this paper, we investigate whether cross-platform apps achieve a consistent level of star ratings and user reviews. We manually identify 19 cross-platform apps and conduct an empirical study on their star ratings and user reviews. By manually tagging 9,902 1 & 2-star reviews of the studied cross-platform apps, we discover that the distribution of the frequency of complaint types varies across platforms. Finally, we study the negative impact ratio of complaint types and find that for some apps, users have higher expectations on one platform. All our proposed techniques and our methodologies are generic and can be used for any app. Our findings show that at least 79% of the studied cross-platform apps do not have consistent star ratings, which suggests that different quality assurance efforts need to be considered by developers for the different platforms that they wish to support.     

基于测试例生成的Android应用数据竞争验证方法

Android应用是一种事件驱动的并发程序。后台线程与异步事件执行顺序的不确定,导致数据竞争在Android应用中普遍存在。现有的针对Android应用的竞争检测工具会产生大量误报,且不能确定地重现竞争。针对以上问题,在现有的竞争检测结果的基础上,提出了一种基于测试用例生成的Android应用数据竞争验证方法。该方法首先构建应用的状态转化图,并基于状态转化图和现有竞争检测工具的检测结果自动生成包含潜在数据竞争的测试用例,然后在测试用例执行的过程中通过控制事件分发和线程的执行顺序来暴露竞争,观察竞争是否会引起程序异常。实验结果表明,该方法能有效地重现数据竞争引起的并发错误,并指出检测结果中的误报。     

Forensic taxonomy of android productivity apps

Android productivity apps have provided the facility of having a constantly accessible and productive workforce to the information and work capabilities needed by the users. With hundreds of productivity apps available in the Android app market, it is necessary to develop a taxonomy for the forensic investigators and the end users to allow them to know what personal data remnants are available from the productivity apps. In this paper, 30 popular Android productivity apps were examined. A logical extraction of the Android phone was collected by using a well-known mobile forensic tool- XRY to extract various information of forensic interest such as user email ID and list of tasks. Based on the findings, a two-dimensional taxonomy of the forensic artefacts of the productivity apps is proposed with the app categories in one dimension and the classes of artefacts in the other dimension. The artefacts identified in the study of the apps are summarised using the taxonomy. In addition, a comparison with the existing forensic taxonomies of different categories of Android apps is provided to facilitate timely collection and analysis of evidentiary materials from mobile devices.     

A study of the relation of mobile device attributes with the user-perceived quality of Android apps

The number of mobile applications (apps) and mobile devices has increased considerably over the past few years. Online app markets, such as the Google Play Store, use a star-rating mechanism to quantify the user-perceived quality of mobile apps. Users may rate apps on a five point (star) scale where a five star-rating is the highest rating. Having considered the importance of a high star-rating to the success of an app, recent studies continue to explore the relationship between the app attributes, such as User Interface (UI) complexity, and the user-perceived quality. However, the user-perceived quality reflects the users’ experience using an app on a particular mobile device. Hence, the user-perceived quality of an app is not solely determined by app attributes. In this paper, we study the relation of both device attributes and app attributes with the user-perceived quality of Android apps from the Google Play Store. We study 20 device attributes, such as the CPU and the display size, and 13 app attributes, such as code size and UI complexity. Our study is based on data from 30 types of Android mobile devices and 280 Android apps. We use linear mixed effect models to identify the device attributes and app attributes with the strongest relationship with the user-perceived quality. We find that the code size has the strongest relationship with the user-perceived quality. However, some device attributes, such as the CPU, have stronger relationships with the user-perceived quality than some app attributes, such as the number of UI inputs and outputs of an app. Our work helps both device manufacturers and app developers. Manufacturers can focus on the attributes that have significant relationships with the user-perceived quality. Moreover, app developers should be careful about the devices for which they make their apps available because the device attributes have a strong relationship with the ratings that users give to apps.     

Android应用中Exported Activity测试途径研究

Android系统提供了多种应用间交互机制,其中开放活动（Exported Activity,EA）不需要复杂的跨进程交互就可以被其他应用在运行时调用.现在很多研究主要关注GUI组件的功能性测试,但是在Android应用本身往往不会启动内部的开放活动,所以开放活动有时候很难被覆盖到.本文提出了一种系统化测试开放活动的方法,使用该方法可以生成一组代理应用作为测试驱动程序启动应用中的开放活动.首先,使用静态分析技术解析APK文件,提取出开放活动列表和启动它们需要数据的键值和类型;其次,将相应的数据填充到预先设置好的模板中,生成测试驱动应用.本文基于提出的测试方法开发了一款原型工具——EASTER,使用一些真实的应用进行了实验.实验结果显示,所有测试应用共有65个开放活动,其中有20个开放活动在被外部应用启动过程中存在漏洞.     

Automated generation of colluding apps for experimental research

Colluding apps bypass the security measures enforced by sandboxed operating systems such as Android. App collusion can be a real threat in cloud environments as well. Research in detecting and protecting against app collusion requires a variety of colluding apps for experimentation. Presently the number of (real or manually crafted) apps available to researchers is very limited. In this paper we propose a system called Application Collusion Engine (ACE) to automatically generate combinations of colluding and non-colluding Android apps to help researchers fairly evaluate different collusion detection and protection methods. Our initial implementation includes a variety of components that enable the system to create more than 5,000 different colluding and non-colluding app sets. ACE can be extended with more functional components to create even more colluding apps. To show the usefulness of our system, we have applied different risk evaluation and collusion detection methods to the created set of colluding apps.     

Android mobile VoIP apps: a survey and examination of their security and privacy

Voice over Internet Protocol (VoIP) has become increasingly popular among individuals and business organisations, with millions of users communicating using VoIP applications (apps) on their smart mobile devices. Since Android is one of the most popular mobile platforms, this research focuses on Android devices. In this paper we survey the research that examines the security and privacy of mVoIP published in English from January 2009 to January 2014. We also examine the ten most popular free mVoIP apps for Android devices, and analyse the communications to determine whether the voice and text communications using these mVoIP apps are encrypted. The results indicate that most of the apps encrypt text communications, but voice communications may not have been encrypted in Fring, ICQ, Tango, Viber, Vonage, WeChat and Yahoo. The findings described in this paper contribute to an in-depth understanding of the potential privacy risks inherent in the communications using these apps, a previously understudied app category. Six potential research topics are also outlined.