Blogs (1) >>
ICSE 2019
Sat 25 - Fri 31 May 2019 Montreal, QC, Canada
Wed 29 May 2019 17:00 - 17:20 at Mansfield / Sherbrooke - Mobile Apps Chair(s): Sandeep Kuttal

Many mobile applications (i.e., apps) include UI widgets to use or collect users’ sensitive data. Thus, to identify suspicious sensitive data usage such as UI-permission mismatch, it is crucial to understand the intentions of UI widgets. However, many UI widgets leverage icons of specific shapes (object icons) and icons embedded with text (text icons) to express their intentions, posing challenges for existing detection techniques that analyze only textual data to identify sensitive UI widgets. In this work, we propose a novel app analysis framework, ICONINTENT, that synergistically combines program analysis and icon classification to identify sensitive UI widgets in Android apps. ICONINTENT automatically associates UI widgets and icons via static analysis on app’s UI layout files and code, and then adapts computer vision techniques to classify the associated icons into eight categories of sensitive data. Our evaluations of ICONINTENT on 150 apps from Google Play show that ICONINTENT can detect 248 sensitive UI widgets in 97 apps, achieving a precision of 82.4%. When combined with SUPOR, the state-of-the-art sensitive UI widget identification technique based on text analysis, SUPOR +ICONINTENT can detect 487 sensitive UI widgets (101.2% improvement over SUPOR only), and reduces suspicious permissions to be inspected by 50.7% (129.4% improvement over SUPOR only).

Wed 29 May
Times are displayed in time zone: Eastern Time (US & Canada) change

16:00 - 16:20
Large-scale Empirical Study on Industrial Fake AppsSEIPIndustry Program
Software Engineering in Practice
Chongbin TangEast China Normal University, Sen ChenNanyang Technological University, Singapore, Lingling FanNanyang Technological University, Singapore, Lihua Xu, Yang LiuNanyang Technological University, Singapore, Zhushou TangPwnzen Infotech Inc., Liang DouEast China Normal University
16:20 - 16:40
Practical Android Test Recording with Espresso Test RecorderSEIPIndustry Program
Software Engineering in Practice
Stas NegaraGoogle, Naeem EsfahaniGoogle LLC, USA, Raymond BuseGoogle
16:40 - 17:00
Mimic: UI Compatibility Testing System for Android AppsTechnical Track
Technical Track
Taeyeon KiSamsung Research America, Chang Min ParkUniversity at Buffalo, The State University of New York, Karthik DantuUniversity at Buffalo, The State University of New York, Steve KoUniversity at Buffalo, The State University of New York, Lukasz ZiarekSUNY Buffalo, USA
17:00 - 17:20
IconIntent: Automatic Identification of Sensitive UI Widgets based on Icon Classification for Android AppsTechnical Track
Technical Track
Xusheng XiaoCase Western Reserve University, Xiaoyin WangUniversity of Texas at San Antonio, USA, Zhihao CaoCase Western Reserve University, Hanlin WangCase Western Reserve University, Peng GaoPrinceton University
17:20 - 17:30
Studying Bad Updates of Top Free-to-Download Apps in the Google Play StoreIndustry ProgramJournal-First
Journal-First Papers
Safwat HassanQueens University, Kingston, Canada, Cor-Paul BezemerUniversity of Alberta, Canada, Ahmed E. HassanQueen's University
17:30 - 17:40
Navigation-aware and Personalized Prefetching of Network Requests in Android AppsIndustry ProgramNIER
New Ideas and Emerging Results
Ivano MalavoltaVrije Universiteit Amsterdam, Francesco NoceraPolytechnic University of Bari, Patricia LagoVrije Universiteit Amsterdam, Marina MongielloPolytechnic University of Bari, Italy
Pre-print Media Attached
17:40 - 18:00
Discussion Period