Powered by
Conference Publishing Consulting

2nd International Workshop on Software Development Lifecycle for Mobile (DeMobile), November 17, 2014, Hong Kong, China

DeMobile 2014 – Proceedings

Contents - Abstracts - Authors

2nd International Workshop on Software Development Lifecycle for Mobile (DeMobile)

Frontmatter

Title Page


Foreword
Mobile application usage and development is experiencing exponential growth. According to Gartner, by 2016 more than 300 billion applications will be downloaded annually. The mobile domain presents new challenges to software engineering. Mobile platforms are rapidly changing, including diverse capabilities as GPS, sensors, and input modes. Applications must be omni-channel and work on all platforms. Activated on mobile platforms, modern applications must be elastic and scale on demand according to the hardware abilities. Applications often need to support and use third-party services. Therefore, during development, security and authorization processes for the dataflow must be applied. Bring your own device (BYOD) policies bring new security data leaks challenges. Developing such applications requires suitable practices and tools e.g., architecture techniques that relate to the complexity at hand; improved refactoring tools for hybrid applications using dynamic languages and polyglot development and applications; and testing techniques for applications that run on different devices. This workshop aims at establishing a community of researchers and practitioners to share their work and lead further research in the mobile software engineering. The workshop has several goals. First, we want to develop relationships to create a vibrant research community in the area of mobile software development. Second, we want to identify the most important research problems for mobile software development.

Session 1
Mon, Nov 17, 09:45 - 10:30, Hall 5

Responsiveness Analysis Tool for Android Application
Thanaporn Ongkosit and Shingo Takada
(Keio University, Japan)
Responsiveness is an important type of quality factor in Android application because it directly affects user experience. When the user interface thread performs lengthy operations, the user may feel that the application has become sluggish or frozen. This may lead to a negative user experience, poor review, and loss in market success. This paper proposes a static responsiveness analysis tool for Android applications to find potentially poor responsiveness defects which are difficult to detect by conventional testing methods as they are sensitive to the user environment. This tool finds responsiveness defects by discovering operations invoked in the user interface thread that may block the execution of other operations. We collect these operations according to Android developer guideline and previous related work. The proposed tool successfully found 45 potential responsiveness defects in seven open source Android applications.

Attack Surfaces for Mobile Devices
Mark Sherman
(SEI, USA)
Mobile platforms represent an increasing valuable target for adversaries. This paper discusses attack surfaces – points of attack – that mobile devices present. Several important mobile device capabilities in communication, computation and sensors enable attack surfaces not usually seen in desktop or server systems. These attack surfaces are not generally considered in recommendations from current secure software development lifecycles. Mitigation of the threats or reduction of the attack surfaces is needed when constructing secure mobile software.

Session 2
Mon, Nov 17, 11:00 - 12:00, Hall 5

Improving Responsiveness in Mobile Apps via Refactoring for Asynchrony (Invited Talk)
Danny Dig
(Oregon State University, USA)
One contemporary development task is refactoring long-running, blocking synchronous code (e.g., accessing the web, database, or file system) into non-blocking asynchronous code. Asynchronous programming is in demand today because responsiveness is especially important on mobile devices. While major programming languages make asynchronous programming possible, they do not make it easy.
In this invited talk we present our growing refactoring toolset that enables Android and Windows Phone developers to retrofit asynchrony. There are several challenges that our toolset addresses: reasoning about a programming model which inverts the flow of control, determining non-interference of asynchronous operations with the main thread of execution, converting from legacy callback-based idioms to the newer style, etc. Our empirical evaluation shows that our toolset is (i) highly applicable, (ii) accurate, (iii) safer than manual refactoring, (iv) it saves development effort, (v) its results have been accepted by the open-source developers, thus it is useful.

Perspectives on Task Ownership in Mobile Operating System Development (Invited Talk)
Subhajit Datta
(Singapore University of Technology and Design, Singapore)
There can be little contention about Stroustrup's epigrammatic remark: our civilization runs on software. However a caveat is increasingly due, much of the software that runs our civilization, runs on mobile devices today. Mobile operating systems have come to play a preeminent role in the ubiquity and utility of such devices. The development ecosystem of Android - one of the most popular mobile operating systems - presents an interesting context for studying whether and how collaboration dynamics in mobile development differ from conventional software development. In this paper, we examine factors that influence task ownership in Android development. Our results can inform project governance decisions at the individual and organizational levels.

Apposcopy: Automated Detection of Android Malware (Invited Talk)
Yu Feng, Isil Dillig ORCID logo, Saswat Anand, and Alex AikenORCID logo
(University of Texas at Austin, USA; Stanford University, USA)
We present Apposcopy, a new semantics-based approach for detecting Android malware that steal private information. Apposcopy incorporates (i) a high-level language for specifying malware signatures and (ii) a static analysis for deciding if a given application matches a given signature. We have evaluated Apposcopy on a corpus of real-world Android applications and show that it can effectively pinpoint malicious applications that belong to certain malware families.

Session 3
Mon, Nov 17, 14:50 - 15:30, Hall 5

Energy-Aware Design Patterns for Mobile Application Development (Invited Talk)
Abhijeet Banerjee and Abhik RoychoudhuryORCID logo
(National University of Singapore, Singapore)
Developing energy-efficient application is crucial for mobile platforms such as smartphone and tablets, since such devices operate on a limited amount of battery power. However, until recently most of the smartphone applications have been developed in an energy-oblivious fashion. This is increasingly becoming a concern due to the fact that smartphone applications are progressively becoming complex and energy-intensive, whereas the battery technology is unable to keep up. Existing studies have proposed a number of testing and re-factoring techniques that can be used to increase the energy-efficiency of such applications, after the development has been completed. However, we feel that maximum level of energy-efficiency can be achieved only if energy-efficient design practices are used in the software development process. In this study, we propose a set of energy-aware design patterns, specifically targeted at smartphone applications. These design patterns can be applied to huge number of real-life scenarios for energy-efficient information gathering and processing, within the smartphone application. We also present some examples of design patterns for application development for the Android platform.

Automated Detection and Mitigation of Inter-application Security Vulnerabilities in Android (Invited Talk)
Sam Malek, Hamid Bagheri, and Alireza Sadeghi
(George Mason University, USA)
Android is the most popular platform for mobile devices. It facilitates sharing data and services between applications by providing a rich inter-application communication system. While such sharing can be controlled by the Android permission system, enforcing permissions is not sufficient to prevent security violations, since permissions may be mismanaged, intentionally or unintentionally, which can compromise user privacy. In this paper, we provide an overview of a novel approach for compositional analysis of Android inter-application vulnerabilities, entitled COVERT. Our analysis is modular to enable incremental analysis of applications as they are installed on an Android device. It extracts security specifications from application packages, captures them in an analyzable formal specification language, and checks whether it is safe for a combination of applications - holding certain permissions and potentially interacting with each other - to install simultaneously. To our knowledge, our work is the first formally-precise analysis tool for automated compositional analysis of Android applications.

proc time: 2.97