On mobile operating systems, apps may access resources that are not be needed for their primary functionality. Which are the resources an app actually needs for its core functionality? And what happens if we deny access to other resources? Using a test generator for user interaction, we systematically explore app behavior under varied resource constraints and determine the impact of access restrictions, yielding a minimal set of required privileges for each app and functionality. In our proof of concept on Android apps, our TIARA prototype could block up to 69% of resource accesses while retaining all previously explored functionality.
International Conference on Software Testing Verification and Validation (ICST)
2019-04-27
2024-11-21