Automated coverage monitoring of mobile applications

摘要

Embedded devices, such as smart phones, can execute an application for performing a set of discrete tasks. To evaluate applications for security vulnerabilities, a coverage monitoring system generates a directed graph of the application running on the embedded device. The directed graph is generated by logging gestures submitted by a user of the application and logging one or more actions taken by the application in response to the gesture. The gesture can include a click, a text input, or a more complex gesture. In response to the gesture, the application can change a current view, or screen, or can transition to a different view. The coverage monitoring system logs the gestures and logs a screenshot or other data about the response of the application. The logged data is used to generate the directed graph which can be accessed by application analysts and analyzed for security vulnerabilities.

主权项

1. A data processing system comprising:
one or more processors; one or more non-transitory computer-readable media storing instructions stored which, when executed, cause the one or more processors to perform: establishing a monitoring connection to an embedded device over a network and causing the embedded device to concurrently execute a gesture recognizer and an executable application having a plurality of views; using the gesture recognizer executed by the embedded device, detecting a first gesture in a first view of the plurality of views that has been received via a touchscreen interface of the embedded device; using the embedded device, creating and storing a log record that identifies the first gesture in the first view and a first action that was performed by the application in response to the first gesture; using the embedded device, determining that the first action caused the application to provide a second view of the plurality of views; using the embedded device, creating and storing a second log record that identifies the second view of the plurality of views; using the gesture recognizer executed by the embedded device, detecting a second gesture in the second view of the plurality of views that was received via the touchscreen interface of the embedded device; using the embedded device, logging the second gesture in the second view and a second action performed by the application in response to the second gesture; using the embedded device, generating a directed graph representing an execution flow of the application, wherein the directed graph comprises: nodes representing the first view, the first gesture, the second view, and the second gesture; and edges representing that the first gesture in the first view causes the application to transition from the first view to the second view.