these-android-re/thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

implem
All checks were successful
/ test_checkout (push) Successful in 1m44s
Details

Browse source
This commit is contained in:
Jean-Marie Mineau 2025-10-01 18:02:35 +02:00
parent 4b0855b80e
commit f5fee56cab
Signed by: histausse
GPG key ID: B66AEEDA9B645AD2
3 changed files with 31 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

7
5_theseus/5_results.typ
View file

@ -7,8 +7,6 @@
== Results <sec:th-res>
#todo[better section name for @sec:th-res]
To study the impact of our transformation on analysis tools, we reused applications from the dataset we sampled in @sec:rasta/*-dataset*/.
Because we are running the application on a recent version of Android (#SDK 34), we only took the most recent applications: the one collected in 2023.
This represents #num(5000) applications over the #NBTOTALSTRING total of the initial dataset.
@ -35,12 +33,15 @@ In some cases, the application was just broken -- for instance, an application w
In other cases, Frida is to blame: we found some cases where calling a method from Frida can confuse the #ART.
`protected` methods cannot be called from a class other than the one that defined the method or one of its children.
The issue is that Frida might be considered by the #ART as another class, leading to the #ART aborting the application.
#todo[jfl was suppose to test a few other app #emoji.eyes]
@tab:th-dyn-visited shows the number of applications that we analysed, if we managed to start at least one activity and if we intercepted code loading or reflection.
It also shows the average number of activities visited (when at least one activity was started).
This average is slightly higher than 1, which seems reasonable: a lot of applications do not need more than one activity, but some do, and we did manage to explore at least some of those additional activities.
As shown in the table, even if the application fails to start an activity, sometimes it will still load external code or use reflection.
We later tested the applications on a real phone (model Nothing (2a), Android 15), without Frida but still using GroddRunner.
This time, we managed to visit at least one activity for #num(2130) applications, 3 times more than in our actual experiment.
This shows that our setup is indeed breaking applications, but also that there is still another issue we did not find: more than half of the tested applications did not display any activities at all.
#figure({
let nb_col = 7
table(