Summarizing Control Flow of Callbacks for Android API Methods

Ensuring the reliability and security of Android apps is important considering the large Android market and the critical usage of Android apps. To analyze and test Android apps, we need to know program paths, i.e., the control flow of callbacks implemented in the apps. One of the challenges to identify such information is the extensive use of the Android API methods in the apps. These methods can invoke multiple callbacks, and the control flow of these callbacks is context-sensitive in that different callback sequences may be invoked at different API call sites. To address the challenge, in this paper, we design a summary representation for an Android API method that aims to capture the control flow of callbacks in the API methods as well as the conditions under which the callbacks are invoked. We developed a static demand-driven analysis to automatically generate such summaries. To show the usefulness of the summaries, we construct the apps’ control flow graphs (CFGs) and apply infeasible path detection on the CFGs. Our experiments show that we are able to generate the API summaries that are compact and reusable, and by replacing the API calls with the summaries we generated, we obtained the apps’ CFGs with paths up to 10 callbacks for a set of Android apps under study. Comparing to the dynamic traces generated, we verified that such paths contain valid callback sequences. The API summaries and the CFGs of the apps computed for this work are all available at: http: //www.cs.iastate.edu/~weile/research/lithium.html