TY - GEN
T1 - Property-Based Testing for Validating User Privacy-Related Functionalities in Social Media Apps
AU - Sun, Jingling
AU - Su, Ting
AU - Sun, Jun
AU - Li, Jianwen
AU - Wang, Mengfei
AU - Pu, Geguang
N1 - Publisher Copyright:
© 2024 Copyright held by the owner/author(s). Publication rights licensed to ACM.
PY - 2024/7/10
Y1 - 2024/7/10
N2 - Social media apps implement many user privacy-related functionalities. For example, TikTok allows users to upload videos that record their daily activities and specify which users can view these videos. Ensuring the correctness of these functionalities is thus crucial. Otherwise, it may threaten the users’ privacy or disrupt user experience. Due to the lack of appropriate automated testing techniques, manual testing remains the primary practice for validating these functionalities, which is cumbersome, error-prone, and inadequate. To this end, we adapt property-based testing to validate such functionalities against the properties described by the given privacy specifications. Our key idea is that privacy specifications can be transformed into the Büchi automata, which can (1) determine whether the app has reached unexpected states, and (2) guide the testing process. To support the application of our approach, we implemented an automated GUI testing tool, PDTDroid, which can detect the app behaviors that are inconsistent with the privacy specifications. Our evaluation on TikTok, involving 125 real privacy specifications, shows that PDTDroid can efficiently validate privacy-related functionality and reduce manual effort by an average of 95.2% before each app release. Our further experiments on six popular social media apps show the generability and applicability of PDTDroid. PDTDroid has found 22 previously unknown inconsistencies issues in these extensively tested apps (including four user privacy leakage bugs, nine user privacy-related functional bugs, and nine specification issues).
AB - Social media apps implement many user privacy-related functionalities. For example, TikTok allows users to upload videos that record their daily activities and specify which users can view these videos. Ensuring the correctness of these functionalities is thus crucial. Otherwise, it may threaten the users’ privacy or disrupt user experience. Due to the lack of appropriate automated testing techniques, manual testing remains the primary practice for validating these functionalities, which is cumbersome, error-prone, and inadequate. To this end, we adapt property-based testing to validate such functionalities against the properties described by the given privacy specifications. Our key idea is that privacy specifications can be transformed into the Büchi automata, which can (1) determine whether the app has reached unexpected states, and (2) guide the testing process. To support the application of our approach, we implemented an automated GUI testing tool, PDTDroid, which can detect the app behaviors that are inconsistent with the privacy specifications. Our evaluation on TikTok, involving 125 real privacy specifications, shows that PDTDroid can efficiently validate privacy-related functionality and reduce manual effort by an average of 95.2% before each app release. Our further experiments on six popular social media apps show the generability and applicability of PDTDroid. PDTDroid has found 22 previously unknown inconsistencies issues in these extensively tested apps (including four user privacy leakage bugs, nine user privacy-related functional bugs, and nine specification issues).
KW - Android app testing
KW - Non-crashing bugs
KW - Property-based testing
UR - https://www.scopus.com/pages/publications/85199048287
U2 - 10.1145/3663529.3663863
DO - 10.1145/3663529.3663863
M3 - 会议稿件
AN - SCOPUS:85199048287
T3 - FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering
SP - 440
EP - 451
BT - FSE Companion - Companion Proceedings of the 32nd ACM International Conference on the Foundations of Software Engineering
A2 - d�Amorim, Marcelo
PB - Association for Computing Machinery, Inc
T2 - 32nd ACM International Conference on the Foundations of Software Engineering, FSE Companion
Y2 - 15 July 2024 through 19 July 2024
ER -