these-ammii/thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

rasta

Browse source
This commit is contained in:
Jean-Marie Mineau 2025-08-17 00:10:58 +02:00
parent fe6dbb1d22
commit e794c037e8
Signed by: histausse
GPG key ID: B66AEEDA9B645AD2
10 changed files with 377 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

33
3_rasta/9_conclusion.typ Normal file
View file

@ -0,0 +1,33 @@
#import "@local/template-thesis-matisse:0.0.1": etal
#import "../lib.typ": todo, jfl-note, pb1, APKs, SDK, highlight-block
#import "X_var.typ": *
== Conclusion <sec:rasta-conclusion>
Since the release of Android, many tools have been published in order to analyse Android application.
In @sec:bg, we went through contributions benchmarking and comparing some of those tools.
Those contributions suggested that analysing real-world applications might be more of a challenged than expected.
This led us to question the reusability of those tools (#pb1).
This chapter has assessed the suggested results of the literature~@luoTaintBenchAutomaticRealworld2022 @pauckAndroidTaintAnalysis2018 @reaves_droid_2016 about the reliability of static analysis tools for Android applications.
With a dataset of #NBTOTALSTRING applications we established that #resultunusable of #nbtoolsselectedvariations tools are not reusable.
2 of those where due to the fact that whe did not managed to use the tools, even with the help of the author.
We consider the 10 other tools the be unusable due to the fact that they fail to finish their analysis more than 50% of the time..
In total, the analysis success rate of the tools that we could run for the entire dataset is #resultratio.
The characteristics that have the most influence on the success rate is the bytecode size and min #SDK version.
Finally, we showed that malware #APKs generate less fatal errors than goodware when analysed.
Following Reaves #etal recommendations~@reaves_droid_2016, we publish the Docker and Singularity images we built to run our experiments alongside the Docker files.
This will allow the research community to use directly the tools without the build and installation penalty.
#v(1.5em)
#align(center, highlight-block(inset: 15pt, width: 75%, breakable: false, block(align(left)[
#pb1: _To what extent are previously published Android analysis tools still usable today, and what factors impact their reusability?_
#v(0.75em)
More than half the tools we selected were not usable.
In some cases, it was due to our inability to setup the tool correctly.
Mostly, it was due to the high failure rate when analysing real-world applications.
Results show that large applications cause more crashes, as does applications with higher min #SDK target.
Goodware also appear to generate more analysis failure than malware.
])))