Aladdin: Automating Release of Deep-Link APIs on Android.

WWW '18: The Web Conference 2018 Lyon France April, 2018, pp. 1469-1478, 2018.

被引用5|浏览38
EI
微博一下
We have presented an empirical study of deep links on 25,000 Android apps and proposed the Aladdin approach to help developers automatically release deep-link APIs

摘要

Compared to the Web where each web page has a global URL for external access, a specific 'page' inside a mobile app cannot be easily accessed unless the user performs several steps from the landing page of this app. Recently, the concept of 'deep link' is expected to be a promising solution and has been advocated by major service provider...更多

代码

数据

0
ZH
下载 PDF 全文
引用
微博一下
简介
  • One key factor leading to the great success of the Web is that there are hyperlinks to access web pages and even to specific pieces of “deep” web contents.
  • Other advantages from traditional Web hyperlinks are naturally missing as well
  • After such limitation is realized, the concept of “Deep Link” has been proposed to enable directly opening a specific page/location inside an app from outside of this app by means of a uniform resource identifier (URI) [9].
  • Activities can be regarded as web pages because both of them are basic blocks for apps and websites, respectively, providing user interfaces.
  • The main activity is just like the home page of a website
重点内容
  • One key factor leading to the great success of the Web is that there are hyperlinks to access web pages and even to specific pieces of “deep” web contents
  • In order to reduce the developer efforts of supporting deep links, we propose Aladdin, a novel approach that helps developers automate release of Android app’s deep-link APIs based on
  • Given the benefits of deep links for mobile apps, we present an empirical study to understand the state of practice of deep links in current Android apps
  • We focus on three aspects: (1) the trend of deep links with version evolution of apps; (2) the number of deep links in popular apps; (3) how deep links are realized in current Android apps
  • We have presented an empirical study of deep links on 25,000 Android apps and proposed the Aladdin approach to help developers automatically release deep-link APIs
  • We find that deep links have quite low coverage, e.g., more than 70% and 90% of the apps do not have deep links on app stores Wandoujia and Google Play, respectively
  • The evaluations on 579 apps have demonstrated that the coverage of deep links can be increased by 60% on average while incurring minimal developer efforts
结果
  • The authors find that deep links have quite low coverage, e.g., more than 70% and 90% of the apps do not have deep links on app stores Wandoujia and Google Play, respectively.
  • Among the top 20,000 and 5,000 popular apps on Wandoujia and Google Play, more than 70% and 90% do not have deep links, respectively.
  • Similar to the preceding results, more than 70% and 90% of the apps do not have deep links on Wandoujia and Google Play, respectively.
  • Aladdin can release deep-link APIs for more than 90% of these apps.
  • It is observed that for more than 90% of the apps, all the reached activities are released with deep-link APIs by Aladdin.
  • Such results indicate that more than 70% of the desired fragments can be identified and no more than half of the identified results are redundant
结论
  • As the first effort of deep-link automation up to date, the authors realize that there are some issues worth discussing to improve the real-world applicability of Aladdin. Access to arbitrary locations.
  • The authors are applying Aladdin to more apps to get feedback from app developers for further evaluation
总结
  • Introduction:

    One key factor leading to the great success of the Web is that there are hyperlinks to access web pages and even to specific pieces of “deep” web contents.
  • Other advantages from traditional Web hyperlinks are naturally missing as well
  • After such limitation is realized, the concept of “Deep Link” has been proposed to enable directly opening a specific page/location inside an app from outside of this app by means of a uniform resource identifier (URI) [9].
  • Activities can be regarded as web pages because both of them are basic blocks for apps and websites, respectively, providing user interfaces.
  • The main activity is just like the home page of a website
  • Results:

    The authors find that deep links have quite low coverage, e.g., more than 70% and 90% of the apps do not have deep links on app stores Wandoujia and Google Play, respectively.
  • Among the top 20,000 and 5,000 popular apps on Wandoujia and Google Play, more than 70% and 90% do not have deep links, respectively.
  • Similar to the preceding results, more than 70% and 90% of the apps do not have deep links on Wandoujia and Google Play, respectively.
  • Aladdin can release deep-link APIs for more than 90% of these apps.
  • It is observed that for more than 90% of the apps, all the reached activities are released with deep-link APIs by Aladdin.
  • Such results indicate that more than 70% of the desired fragments can be identified and no more than half of the identified results are redundant
  • Conclusion:

    As the first effort of deep-link automation up to date, the authors realize that there are some issues worth discussing to improve the real-world applicability of Aladdin. Access to arbitrary locations.
  • The authors are applying Aladdin to more apps to get feedback from app developers for further evaluation
表格
  • Table1: Conceptual comparison between Android apps and the Web
  • Table2: LoC changes when adding deep links of open-source apps on GitHub
Download tables as Excel
相关工作
  • In this section, we summarize the related work. • Deep Link. Deep link [9] is an emerging concept for mobile apps. Recently, some major companies, especially search engine ones, have made many efforts on deep links and proposed their criteria for deep links. Google App Indexing [7] allows people to click from listings in Google’s search results into apps on their Android and iOS devices. Bing App Linking [4] associates apps with Bing’s search results on Windows devices. Facebook App Links [6] is an open cross platform solution for deep linking to content in mobile apps. However, these state-of-the-art solutions all require the need-to-bedeep-linked apps to have corresponding webpages, narrowing their application scope. The research community is at the early stage of studying deep links and very few efforts have been proposed. Azim et al [18] designed and implemented uLink, a lightweight approach to generating user-defined deep links. uLink is implemented as an Android library with which developers can refactor their apps. At runtime, uLink captures intents to pages and actions on each page, and then generates a deep link dynamically, just as bookmarking. Compared to uLink, Aladdin releases deep-link APIs that are the underlying support for deep links, and requires zero coding efforts and no obtrusion to apps’ original code. Besides, Aladdin computes the shortest path to each activity in order to open a page more quickly than uLink, as shown in Section 6.3.
基金
  • This work was supported by the National Key Research and Development Program under the grant numbers 2016YFB1000105 and 2017YFB1003000, the National Natural Science Foundation of China under grant numbers 61725201, 61528201, 61529201, and in part by National Science Foundation under grants no
引用论文
  • Android guide. http://developer.android.com/guide/components/index.html.
    Findings
  • App links in Android 6. https://developer.android.com/training/app-links/index.
    Findings
  • Baidu app link. http://applink.baidu.com.
    Findings
  • Bing app linking. https://msdn.microsoft.com/en-us/library/dn614167.
    Findings
  • Deeplinkdispatch. https://github.com/airbnb/DeepLinkDispatch.
    Findings
  • Facebook app links. https://developers.facebook.com/docs/applinks.
    Findings
  • Google app indexing. https://developers.google.com/app-indexing/.
    Findings
  • IFTTT. https://ifttt.com/.
    Findings
  • Mobile deep linking. https://en.wikipedia.org/wiki/Mobile_deep_linking.
    Findings
  • Mobile deep linking. http://mobiledeeplinking.org/.
    Findings
  • Mobile Internet use passes desktop. https://techcrunch.com/2016/11/01/
    Findings
  • Monkey. http://developer.android.com/tools/help/monkey.html.
    Findings
  • MonkeyRunner. http://developer.android.com/tools/help/MonkeyRunner.html.
    Findings
  • Ranorex. http://www.ranorex.com/.
    Findings
  • Robotium. https://github.com/RobotiumTech/robotium.
    Findings
  • Universal links in iOS 9. https://developer.apple.com/library/ios/documentation/
    Findings
  • T. Azim and I. Neamtiu. Targeted and depth-first exploration for systematic testing of Android apps. In Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA 2013, pages 641–660, 2013.
    Google ScholarLocate open access versionFindings
  • T. Azim, O. Riva, and S. Nath. uLink: Enabling user-defined deep linking to app content. In Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, MobiSys 2016, pages 305–318, 2016.
    Google ScholarLocate open access versionFindings
  • P. Barros, R. Just, S. Millstein, P. Vines, W. Dietl, M. dAmorim, and M. D. Ernst. Static analysis of implicit control flow: Resolving Java reflection and Android intents. In Proceedings of the 30th IEEE/ACM International Conference on Automated Software Engineering, ASE 2015, pages 669–679, 2015.
    Google ScholarLocate open access versionFindings
  • O. Bastani, S. Anand, and A. Aiken. Interactively verifying absence of explicit information flows in Android apps. In Proceedings of the 2015 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2015, pages 299–315, 2015.
    Google ScholarLocate open access versionFindings
  • R. Bhoraskar, S. Han, J. Jeon, T. Azim, S. Chen, J. Jung, S. Nath, R. Wang, and D. Wetherall. Brahmastra: Driving apps to test the security of third-party components. In Proceedings of the 23rd USENIX Security Symposium, USENIX Security 2014, pages 1021–1036, 2014.
    Google ScholarLocate open access versionFindings
  • N. Boushehrinejadmoradi, V. Ganapathy, S. Nagarakatte, and L. Iftode. Testing cross-platform mobile app development frameworks. In Proceedings of the 30th IEEE/ACM International Conference on Automated Software Engineering, ASE 2015, pages 441–451, 2015.
    Google ScholarLocate open access versionFindings
  • W. Choi, G. Necula, and K. Sen. Guided GUI testing of Android apps with minimal restart and approximate learning. In Proceedings of the 2013 ACM SIGPLAN International Conference on Object Oriented Programming Systems Languages and Applications, OOPSLA 2013, pages 623–640, 2013.
    Google ScholarLocate open access versionFindings
  • S. R. Choudhary, A. Gorla, and A. Orso. Automated test input generation for Android: Are we there yet? In Proceedings of the 30th IEEE/ACM International Conference on Automated Software Engineering, ASE 2015, pages 429–440, 2015.
    Google ScholarLocate open access versionFindings
  • J. Flinn and Z. M. Mao. Can deterministic replay be an enabling tool for mobile computing? In Proceedings of the 12th Workshop on Mobile Computing Systems and Applications, HotMobile 2011, pages 84–89, 2011.
    Google ScholarLocate open access versionFindings
  • L. Gomez, I. Neamtiu, T. Azim, and T. D. Millstein. RERAN: timing- and touchsensitive record and replay for Android. In Proceedings of the 35th International Conference on Software Engineering, ICSE 2013, pages 72–81, 2013.
    Google ScholarLocate open access versionFindings
  • S. Hao, B. Liu, S. Nath, W. G. J. Halfond, and R. Govindan. PUMA: programmable ui-automation for large-scale dynamic analysis of mobile apps. In Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services, MobiSys 2014, pages 204–217, 2014.
    Google ScholarLocate open access versionFindings
  • C. Hu and I. Neamtiu. A GUI bug finding framework for Android applications. In Proceedings of the 2011 ACM Symposium on Applied Computing, SAC 2011, pages 1490–1491, 2011.
    Google ScholarLocate open access versionFindings
  • Y. Hu, T. Azim, and I. Neamtiu. Versatile yet lightweight record-and-replay for Android. In Proceedings of the 2015 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA 2015, pages 349–366, 2015.
    Google ScholarLocate open access versionFindings
  • W. Lam, Z. Wu, D. Li, W. Wang, H. Zheng, H. Luo, P. Yan, Y. Deng, and T. Xie. Record and replay for Android: are we there yet in industrial cases? In Proceedings of the 11th Joint Meeting on the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE 2017, pages 854–859, 2017.
    Google ScholarLocate open access versionFindings
  • H. Li, X. Lu, X. Liu, T. Xie, K. Bian, F. X. Lin, Q. Mei, and F. Feng. Characterizing smartphone usage patterns from millions of Android users. In Proceedings of the ACM SIGCOMM Conference on Internet Measurement, IMC 2015, pages 459–472, 2015.
    Google ScholarLocate open access versionFindings
  • L. Li, A. Bartel, T. F. Bissyandé, J. Klein, Y. L. Traon, S. Arzt, S. Rasthofer, E. Bodden, D. Octeau, and P. McDaniel. IccTA: Detecting inter-component privacy leaks in Android apps. In Proceedings of the 37th International Conference on Software Engineering, ICSE 2015, pages 280–291, 2015.
    Google ScholarLocate open access versionFindings
  • F. Liu, C. Wang, A. Pico, D. Yao, and G. Wang. Measuring the insecurity of mobile deep links of Android. In Proceedings of the 26th USENIX Security Symposium, USENIX Security 2017, pages 953–969, 2017.
    Google ScholarLocate open access versionFindings
  • X. Lu, X. Liu, H. Li, T. Xie, Q. Mei, G. Huang, and F. Feng. PRADA: Prioritizing Android devices for apps by mining large-scale usage data. In Proceedings of the 38th International Conference on Software Engineering, ICSE 2016, pages 3–13, 2016.
    Google ScholarLocate open access versionFindings
  • Y. Ma, X. Liu, M. Yu, Y. Liu, Q. Mei, and F. Feng. Mash Droid: An approach to mobile-oriented dynamic services discovery and composition by in-app search. In Proceedings of 2015 IEEE International Conference on Web Services, ICWS 2015, pages 725–730, 2015.
    Google ScholarLocate open access versionFindings
  • A. Machiry, R. Tahiliani, and M. Naik. Dynodroid: An input generation system for Android apps. In Proceedings of the 9th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, ESEC/FSE 2013, pages 224–234, 2013.
    Google ScholarLocate open access versionFindings
  • D. Octeau, S. Jha, M. Dering, P. McDaniel, A. Bartel, L. Li, J. Klein, and Y. Le Traon. Combining static analysis with probabilistic models to enable market-scale Android inter-component analysis. In Proceedings of the 43rd Annual ACM SIGPLANSIGACT Symposium on Principles of Programming Languages, POPL 2016, pages 469–484, 2016.
    Google ScholarLocate open access versionFindings
  • D. Octeau, D. Luchaup, M. Dering, S. Jha, and P. McDaniel. Composite constant propagation: Application to Android inter-component communication analysis. In Proceedings of the 37th IEEE/ACM International Conference on Software Engineering, ICSE 2015, pages 77–88, 2015.
    Google ScholarLocate open access versionFindings
  • D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein, and Y. L. Traon. Effective inter-component communication mapping in Android: An essential step towards holistic security analysis. In Proceedings of the 22th USENIX Security Symposium, USENIX Security 2013, pages 543–558, 2013.
    Google ScholarLocate open access versionFindings
  • R. Pandita, X. Xiao, W. Yang, W. Enck, and T. Xie. WHYPER: Towards automating risk assessment of mobile applications. In Proceedings of the 22th USENIX Security Symposium, USENIX Security 2013, pages 527–542, 2013.
    Google ScholarLocate open access versionFindings
  • H. Wang, Z. Liu, Y. Guo, X. Chen, M. Zhang, G. Xu, and J. Hong. An explorative study of the mobile app ecosystem from app developers’ perspective. In Proceedings of the 26th International Conference on World Wide Web, WWW 2017, pages 163–172, 2017.
    Google ScholarLocate open access versionFindings
  • M. Xu, Y. Ma, X. Liu, F. X. Lin, and Y. Liu. AppHolmes: Detecting and characterizing app collusion among third-party Android markets. In Proceedings of the 26th International Conference on World Wide Web, WWW 2017, pages 143–152, 2017.
    Google ScholarLocate open access versionFindings
  • W. Yang, M. R. Prasad, and T. Xie. A grey-box approach for automated GUImodel generation of mobile applications. In Proceedings of the 16th International Conference on Fundamental Approaches to Software Engineering, FASE 2013, pages 250–265, 2013.
    Google ScholarLocate open access versionFindings
  • X. Zeng, D. Li, W. Zheng, F. Xia, Y. Deng, W. Lam, W. Yang, and T. Xie. Automated test input generation for Android: Are we really there yet in an industrial case? In Proceedings of the 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, FSE 2016, pages 987–992, 2016.
    Google ScholarLocate open access versionFindings
  • B. Zhang, E. Hill, and J. Clause. Automatically generating test templates from test names. In Proceedings of the 30th IEEE/ACM International Conference on Automated Software Engineering, ASE 2015, pages 506–511, 2015.
    Google ScholarLocate open access versionFindings
  • H. Zheng, D. Li, B. Liang, X. Zeng, W. Zheng, Y. Deng, W. Lam, W. Yang, and T. Xie. Automated test input generation for Android: Towards getting there in an industrial case. In Proceedings of the 39th International Conference on Software Engineering: Software Engineering in Practice Track, ICSE-SEIP 2017, pages 253–262, 2017.
    Google ScholarLocate open access versionFindings
您的评分 :
0

 

标签
评论