these-android-re/thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions
thesis/3_rasta/9_conclusion.typ
Jean-Marie 'Histausse' Mineau 4e38131df5
All checks were successful
/ test_checkout (push) Successful in 1m58s
Details
typos in ch 3
2025-09-29 16:36:54 +02:00

34 lines
2.3 KiB
Typst
Raw Blame History

#import "@local/template-thesis-matisse:0.0.1": etal
#import "../lib.typ": todo, jfl-note
#import "../lib.typ": pb1, pb1-text, APKs, SDK, highlight-block
#import "X_var.typ": *
== Conclusion <sec:rasta-conclusion>
Since the release of Android, many tools have been published in order to analyse Android applications.
In @sec:bg, we went through contributions that benchmark and compare some of those tools.
Those contributions suggested that analysing real-world applications might be more challenging than expected.
This led us to question the reusability of those tools (#pb1).
This chapter has assessed the suggested results of the literature~@luoTaintBenchAutomaticRealworld2022 @pauckAndroidTaintAnalysis2018 @reaves_droid_2016 about the reliability of static analysis tools for Android applications.
With a dataset of #NBTOTALSTRING applications, we established that #resultunusable of #nbtoolsselectedvariations tools are not reusable.
2 of those were due to the fact that we did not manage to use the tools, even with the help of the author.
We consider the 10 other tools to be unusable due to the fact that they fail to finish their analysis more than 50% of the time..
In total, the analysis success rate of the tools that we could run for the entire dataset is #resultratio.
The characteristics that have the most influence on the success rate are the bytecode size and the min #SDK version.
Finally, we showed that malware #APKs generate fewer fatal errors than goodware when analysed.
Following Reaves #etal recommendations~@reaves_droid_2016, we publish the Docker and Singularity images we built to run our experiments alongside the Docker files.
This will allow the research community to use the tools directly without the build and installation penalty.
#v(2em)
#align(center, highlight-block(inset: 15pt, width: 75%, breakable: false, block(align(left)[
#pb1: #pb1-text
#v(0.75em)
More than half the tools we selected were not usable.
In some cases, it was due to our inability to set up the tool correctly.
Mostly, it was due to the high failure rate when analysing real-world applications.
Results show that large applications cause more crashes, as do applications with a higher min #SDK target.
Goodware also appear to generate more analysis failures than malware.
])))
Reference in a new issue View git blame Copy permalink