-
eclipse (for staticAnalysis)
-
AndroidStudio (for dynamicAnalysis)
-
Mysql (5.6<version <8.0)
-
Android emulator (version >=6.0)
-
Android SDK
-
Import staticAnalysis into eclipse.The dependence jars files are in the "libs_soot" and "libs_flowdroid" folders.
-
Create a database named 'STG' in Mysql. Import the given three MySQL files (in the folder MySQL files) into the database 'STG'. Open src/mySql/DBUtil.java in static analysis module, and set the values of these two variables: 'USERNAME','PASSWORD'.
-
Open "src/zzg.staticanalysis/Main.java".
3.1 Set the values of these three variables: 'apk path','apk name',and 'androidPlaformLocation'.
3.2 Run "Main.java". This step takes about one minute.
1.Import dynamicAnalysis into AndroidStudio.
2.Connect to Android emulator to install APK with “_resigned” suffix obtained after step 3.2. Then open the tested app.
3.Make sure your MySQL account has remote access rights. open src/androidTest/java/com/soal/PRBDroid/sqlUtils/DBUtil.java, and replace the IP address in the URL with your local IP address.
4.Open "PerDroid.java",and then run "testBFS12()" function.
5.When the forth step is executed, the dynamic explorer can be run again in the following two ways.
(1) Adb command line:
"adb shell am instrument -w -r -e debug false -e class 'com.soal.PRBDroid.PerDroid#testBFS12' com.soal.PRBDroid.test/androidx.test.runner.AndroidJUnitRunner".
(2)open "src/dynamic_Test_util/startMyDynamic.java" in static analysis module, to set the values of these three variables: 'apkname','pkgname',and 'outputLogDir'. Then you can run it. When this step is executed, you can get CoveragedAPI.txt and ErrorLog.txt in the output path. It will take about ten minutes.
This paper proposes an automatic testing method of permission association behavior, PermDroid, which is compared with three methods (monkey, ape, gesda) and three strategies (all and none, pairwise, empirical). These experimental results are analyzed based on the permission-related API invocation statement coverage rate (SCR), defect detection ability, and testing efficiency, which can demonstrate effectiveness and efficiency.
The apps used in our evaluation are available at: https://figshare.com/s/57a699e248cc58ee6460
This paper identifies all permission-related APIs calling statements and sets them as targets. Assume that the aggregate S represents the four-tuple information of all permission-related APIs call statements obtained during static analysis. By running the instrumented application, this paper collects the logs of the triggered API call statements through the monitor and uses it as a aggregate S’..
After running step 3.2 in Static Analysis Module, there will be APILocation.txt in the output path. This file will record the four-tuple information of all permission-related APIs call statements. We can get the aggregate S from this file. After running step 5.2 in Dynamic Analysis Module, there will be CoveragedAPI.txt in the output path, which records the triggered API call statement, from which the aggregate S’ can be obtained. Then we can calculate SCR and compare it with other tools. Higher SCR means higher effectiveness.
This paper analyzes and reproduces the discovered application defects through the output of PermDroid, including the logs output by the Error monitor and the Runtime monitor.
After running step 5.2 in Dynamic Analysis Module, there will be ErrorLog.txt in the output path, from which you can get the number of defects of this tested app and compare it with other tools. The higher the number of defects found, the more effective.
This paper records the final test time of the three comparison tools and PermDroid for comparison. The shorter the test time, the more efficient.