Powered by
Conference Publishing Consulting

3rd International Workshop on Mobile Development Lifecycle (MobileDeLi 2015), October 26, 2015, Pittsburgh, PA, USA

MobileDeLi 2015 – Proceedings

Contents - Abstracts - Authors
Title Page


Foreword
Welcome to the proceedings for the Mobile Development Lifecycle 2015 (MobileDeLi 2015) workshop, which was co-located with SPLASH 2015. This third international MobileDeLi workshop took place in Pittsburgh, Pennsylvania (USA) on October 26, 2015. The main focus of the MobileDeLi workshop is on research intended to improve software engineering for mobile devices, over the entire software development lifecycle.

Mobile Device Security
Robert C. Seacord
(NCC Group, USA)
This paper provides an overview of the mobile device security ecosystem and identifies the top security challenges.

A Lightweight JavaScript Engine for Mobile Devices
Ryan H. Choi and Youngil Choi
(Samsung Electronics, South Korea)
We present Typed JS, a subset of JavaScript that supports AOT compilation by utilizing type-decorated syntax. Typed JS is designed for mobile devices with goals of having smaller memory footprint while achieving high-performance, which is accomplished by having static types and AOT compilable architecture. Experiments show that Typed JS requires significantly much less memory usage while performing better than industry-leading JavaScript engines on a mobile platform.

An Energy-Saving Framework for Mobile Devices Based on Crowdsourcing Intelligences
Guangtai Liang and Shaochun Li
(IBM Research, China)
Rich mobile apps make mobile devices increasingly pervasive in our daily life. However, energy consumptions of mobile devices brings lots of users’ frustrations. To guarantee good experiences of mobile users, we propose an energy-saving framework for mobile devices, which uses a set of coarse-grained and general-purpose energy-waste heuristics as a starting point and then smartly takes advantages of crowdsourcing intelligence to refine energy-waste related knowledge to help detect/resolve energy wastes in mobile devices. In return, summarized energy-waste related knowledge can be presented to the developers of related mobile apps and guide them to identify/fix related energy bugs. Through initial evaluations, we demonstrate the proposed framework is able to extend the lifetime of a mobile device with one full charge to a large degree (e.g., 30%-70%).

Improving the Android Development Lifecycle with the VALERA Record-and-Replay Approach
Yongjian Hu, Tanzirul Azim, and Iulian Neamtiu
(University of California at Riverside, USA)
As smartphones become more and more popular, developers are switching their focus from traditional desktop programs to mobile apps. Recording and replaying the execution of mobile apps is useful in development tasks, from reproducing bugs to profiling and testing. However, achieving effective record-and-replay on mobile devices is a balancing act between accuracy and overhead. Prior record-and-replay approaches have focused on replaying low-level instructions, which impose significant overhead. We propose a novel, stream-oriented record-and-replay approach which achieves high-accuracy and low-overhead by aiming at a sweet spot: recording and replaying sensor and network input, event schedules, and inter-app communication via intents. To demonstrate the versatility of our approach, we have constructed a tool named that supports record-and-replay on the Android platform. Through an evaluation on 50 popular Android apps, we show that: 's replay fidelity far exceeds current record-and-replay approaches for Android; 's low-overhead allows it to replay high-throughput, timing-sensitive apps; With the ability to deterministically replay event schedule, can help to reproduce and verify event-driven races.

Challenges in Transition from Web to App
Ranjan Kumar, Ashwin Nivangune, and Padmaja Joshi
(C-DAC Mumbai, India)
Ease of availability and handy nature of mobile devices have made accessing services through mobile apps more popular than that of web applications. The inclination of service providers also is towards using mobile apps instead of traditional web applications. This transition may not be smooth though and may face challenges. This paper lists the key differences between web & mobile apps and challenges in the transition from the web to mobile apps. We discuss/elaborate solutions to these challenges using app indexing, faster incremental downloading strategies and improved updating approaches.

Mobile Devices as Interfaces for Steering Cloud-Based High-Performance Computations
Young-Woo Kwon and Eli Tilevich
(Utah State University, USA; Virginia Tech, USA)
As mobile devices have been steadily overtaking the personal computer as a primary computing platform, mobile applications deliver increasingly complex functionality. Furthermore, for next generation mobile applications to be proactive in their functionality, they need to be able to collect and process massive amounts of context-sensitive information on the fly. Leveraging high-end computing resources offers a promising avenue to address these emerging computational needs of mobile computing, both improving performance and saving battery power. These computational resources can now be conveniently accessed via standardized cloud-based interfaces. However, several research challenges must be addressed to be able to seamlessly use mobile devices as convenient interfaces for steering cloud-based high-performance computations. This position paper presents our view of the research agenda that must be followed to achieve these objectives as well as reports on our initial efforts in this endeavor.

An Evaluation Framework for Selection of Mobile App Development Platform
Arvind Hudli, Shrinidhi Hudli, and Raghu Hudli
(MSRIT, India; University of California at Los Angeles, USA; ObjectOrb Technologies, India)
Mobile app development is on a tremendous growth path. Almost every web application now has or needs a corresponding mobile app. There are many app development platforms available today. AppArchitect, EachScape, Form.com, iBuildApp,OutSystems, PhoneGap, RhoMobile, SenchaTouch are a few of dozens of platforms. The app developer faces the daunting task of picking the right platform. While many are based on HTML5 and Javascript, there are significant differences between them. The differences affect many aspects of the app in terms of the architecture, ability to access native resources, native look and feel, and others. In this paper, we propose a multi-perspective evaluation framework for such platforms. We consider factors that impact mobile apps during all stages of app life-cycle. We apply this framework to evaluate some popular platforms.

Assessing the Benefits of Computational Offloading in Mobile-Cloud Applications
Tahmid Nabi, Pranjal Mittal, Pooria Azimi, Danny Dig, and Eli Tilevich
(Oregon State University, USA; Virginia Tech, USA)
This paper presents the results of a formative study conducted to determine the effects of computation offloading in mobile applications by comparing “application performance” (chiefly energy consumption and response time). The study examined two general execution scenarios: (1) computation is performed locally on a mobile device, and (2) when it is offloaded entirely to the cloud. The study also carefully considered the underlying network characteristics as an important factor affecting the performance. More specifically, we refactored two mobile applications to offload their computationally intensive functionality to execute in the cloud. We then profiled these applications under different network conditions, and carefully measured “application performance” in each case. The results were not as conclusive as we had expected. On fast networks, offloading is almost always beneficial. However, on slower networks, the offloading cost-benefit analysis is not as clear cut. The characteristics of the data transferred between the mobile device and the cloud may be a deciding factor in determining whether offloading a computation would improve performance.

Implementing Real-Time Collaboration in TouchDevelop using AST Merges
Jonathan ProtzenkoORCID logo, Sebastian Burckhardt, Michał Moskal, and Jedidiah McClurg
(Microsoft Research, USA; University of Colorado at Boulder, USA)
Collaborating on a piece of code is notoriously difficult when the number of people involved goes above 1. In particular, every computer programmer dreads the "merge conflict", a brutal, unforgiving experience, where they must reconcile their changes with someone else's. If offline collaboration is already so painful, real-time collaboration seems even less of an option. It turns out, though, that by reasoning on changes at the level of the program AST, rather than the program text, we can devise a new conflict-free merge algorithm. The algorithm is particularly well-suited to real-time collaboration: we implemented it in the TouchDevelop web programming environment and dub the algorithm diffTree.

Enforcing Fine-Grained Security and Privacy Policies in an Ecosystem within an Ecosystem
Waqar Ahmad, Joshua SunshineORCID logo, Christian KaestnerORCID logo, and Adam Wynne
(Carnegie Mellon University, USA; Bosch Research and Technology Center, USA)
Smart home automation and IoT promise to bring many advantages but they also expose their users to certain security and privacy vulnerabilities. For example, leaking the information about the absence of a person from home or the medicine somebody is taking may have serious security and privacy consequences for home users and potential legal implications for providers of home automation and IoT platforms. We envision that a new ecosystem within an existing smartphone ecosystem will be a suitable platform for distribution of apps for smart home and IoT devices. Android is increasingly becoming a popular platform for smart home and IoT devices and applications. Built-in security mechanisms in ecosystems such as Android have limitations that can be exploited by malicious apps to leak users' sensitive data to unintended recipients. For instance, Android enforces that an app requires the Internet permission in order to access a web server but it does not control which servers the app talks to or what data it shares with other apps. Therefore, sub-ecosystems that enforce additional fine-grained custom policies on top of existing policies of the smartphone ecosystems are necessary for smart home or IoT platforms. To this end, we have built a tool that enforces additional policies on inter-app interactions and permissions of Android apps. We have done preliminary testing of our tool on three proprietary apps developed by a future provider of a home automation platform. Our initial evaluation demonstrates that it is possible to develop mechanisms that allow definition and enforcement of custom security policies appropriate for ecosystems of the like smart home automation and IoT.

Automatic Detection, Correction, and Visualization of Security Vulnerabilities in Mobile Apps
Marco Pistoia, Omer Tripp, Pietro Ferrara, and Paolina Centonze
(IBM Research, USA; Iona College, USA)
Mobile devices have revolutionized many aspects of our lives. We use them as portable computers and, often without realizing it, we run various types of security-sensitive programs on them, such as personal and enterprise email and instant-messaging applications, as well as social, banking, insurance and retail programs. These applications access and transmit over the network numerous pieces of private information. Guaranteeing that such information is not exposed to unauthorized observers is very challenging given the level of complexity that these applications have reached. Furthermore, using program-analysis tools with out-of-the-box configurations in order to detect confidentiality violations may not yield the desired results because only a few pieces of private data, such as the device's ID and geographical location, are obtained from standard sources. The majority of confidentiality sources (such as credit-card and bank-account numbers) are application-specific and require careful configuration.
This paper presents Astraea, a privacy-enforcement system for Android and iOS that dynamically detects and repairs leakage of private data originating from standard as well as application-specific sources. Astraea features several novel contributions: (i) it allows for visually configuring, directly atop the application's User Interface (UI), the fields that constitute custom sources of private data; (ii) it relies on application-level instrumentation, without interfering with the underlying operating system; (iii) it performs an enhanced form of value-similarity analysis to detect and repair data leakage even when sensitive data has been encoded or hashed, and (iv) it displays the results of the privacy analysis on top of a visual representation of the application's UI.

Automatic Code Generation for Cross-Platform, Multi-device Mobile Apps: Some Reflections from an Industrial Experience
Eric Umuhoza, Hamza Ed-douibi, Marco Brambilla, Jordi CabotORCID logo, and Aldo Bongio
(Politecnico di Milano, Italy; AtlanMod, France; ICREA, Spain; Open University of Catalonia, Spain; WebRatio, Italy)
With the continuously increasing adoption of mobile devices, software development companies have new business opportunities through direct sales in app stores and delivery of business to employee (B2E) and business to business (B2B) solutions. However, cross-platform and multi-device development is a barrier for today's IT solution providers, especially small and medium enterprises (SMEs), due to the high cost and technical complexity of targeting development to a wide spectrum of devices, which differ in format, interaction paradigm, and software architecture. So far, several authors have proposed the application of model driven approaches to mobile apps development following a variety of strategies. In this paper we present the results of a research study conducted to find the best strategy for WebRatio, a software development company, interested in producing a MDD tool for designing and developing mobile apps to enter the mobile apps market. We report on a comparative study conducted to identify the best trade-offs between various automatic code generation approaches.

An Interactive Approach to Mobile App Verification
Osbert Bastani, Saswat Anand, and Alex AikenORCID logo
(Stanford University, USA)
Static explicit information flow analysis can help human auditors find malware. We propose a process for eliminating false positive flows due to imprecision in the reachability analysis: the developer provides tests cases, and only tested code is analyzed. Then, the app is instrumented so that executing untested code terminates the app. We use abductive inference to minimize the instrumentation, and interact with the developer to ensure that only unreachable code is instrumented. Our verification process successfully discharges 11 out of the 12 false positives in a corpus of 77 Android apps.

Program Analysis for Mobile: How and Why to Run WALA on Your Phone
Julian DolbyORCID logo
(IBM Research, USA)
As mobile devices become ubiquitous, security of such devices has become a serious concern. Attacks on the devices themselves are a danger, as is theft of data they contain. Static analysis of the devices' software is one approach to verifying the absence of security, and several tools have been created to analyze apps for potential attacks and vulnerabilities. Many tools focus on single apps, but there are starting to be tools that look for possible vulnerabilities or attacks due to multiple apps on a single device that can communicate. Such analysis depends on having access to the relevant apps, and hence has been proposed to be performed on app stores. One challenge in the Android environment is that apps are often installed from multiple sources, such as development builds of apps installed from developer sites, e.g. Mozilla Aurora pre-released of Firefox. Ultimately, sometimes the device itself is the only place with the full set of apps used on that device.
This suggests that running analysis on the device itself is attractive, at least in terms of having all the relevant code. Furthermore, app communication can be configured on the device itself, raising the possibility of analyzing communication risk when it is configured. However, this approach has a variety of challenges: 1) analysis tools are not typically mobile apps themselves, yet they somehow need to be built for and deployed on mobile devices. 2) Analysis tools are often resources intensive, and mobile devices need the resources to perform analysis. 3) Analysis can also be a major drain on battery life, so care must be taken not to heedlessly drain power. We describe our preliminary work toward running program analysis on mobile devices, focusing on running the WALA framework on Android devices. We describe how WALA can be built and deployed for Android; since WALA is Java code, it is actually straightforward to do this, both using Eclipse and Maven-based command-line tools. We also provide some evidence that performance is reasonable.

Gaps and Future Directions in Mobile Security Research
Violetta Vylegzhanina, Douglas C. Schmidt, and Jules White
(Vanderbilt University, USA)
The ease with which security flaws in today’s mobile devices can be exploited underscores the need for mobile security research. The advent of the Internet of Things (IoT) increases the need for robust security mechanisms that can withstand a range of attacks. This paper analyzes the current state of the mobile security research related to supporting the IoT. We survey existing approaches and identify gaps that motivate future research.

Mobile Security: Challenges, Tools, and Techniques (Panel)
Aharon Abadi, Lori Flynn, and Jeff Gray
(IBM Research, Israel; CERT, USA; University of Alabama, USA)
During the MobileDeli’15 workshop held at the SPLASH’15 conference we facilitated a panel, comprised of four distinguished, senior participants from industry. They started by presenting their position with respect to a set of predefined questions, and then we opened the floor to questions from the audience.

Mobile Computing to Support Sustainability
Aharon Abadi, Lori Flynn, Jeff Gray, and Aaron Gordon
(IBM Research, Israel; CERT, USA; University of Alabama, USA; Metropolitan State University, USA)
This report documents the Mobile Sustainability activity that was facilitated at the end of the Workshop on Mobile Development Lifecycle (MobileDeLi), in conjunction with SPLASH 2015. The workshop attendees were presented with several discussion questions and were charged with the task of listing the challenges in Mobile Sustainability. Participants were asked to outline a research agenda that could address the core challenges.

proc time: 1.21