MiniMon: Minimizing Android applications with intelligent monitoring-based debloating

Author

Jiakun LIU, Singapore Management UniversityFollow
Zicheng ZHANG, Singapore Management UniversityFollow
Xing HU
Thung Ferdian, Singapore Management UniversityFollow
Shahar MAOZ
Debin GAO, Singapore Management UniversityFollow
Eran TOCH
Zhipeng ZHAO, Singapore Management UniversityFollow
David LO, Singapore Management UniversityFollow

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

4-2024

Abstract

The size of Android applications is getting larger to fulfill the requirements of various users. However, not all the features of the applications are needed and desired by a specific user. The unnecessary and non-desired features can increase the attack surface and consume system resources such as storage and memory. To address this issue, we propose a framework, MiniMon, to debloat unnecessary features from an Android app based on the logs of specific users' interactions with the app.However, rarely used features may not be recorded during the data collection, and users' preferences may change slightly over time. To address these challenges, we embed several solutions in our framework that can uncover user-desired features by learning and generalizing from the logs of how users interact with an application. MiniMon first collects the application methods that are executed when users interact with it. Then, given the collected executed methods and the call graph of the application, MiniMon applies 10 techniques to generalize from logs. These include three program analysis-based techniques, two graph clustering-based techniques, and five graph embedding-based techniques to identify the additional methods in an app that are similar to the logged executed methods. Finally, MiniMon generates a debloated application by removing methods that are not similar to the executed methods. To evaluate the performance of variants of MiniMon that use different generalization techniques, we create a benchmark for a controlled experiment. The results show that the graph embedding-based generalization technique that considers the information of all nodes in the call graph is the best, and can correctly uncover 75.5% of the unobserved but desired behaviors and still debloat more than half of the app. We also conducted a user study that uncovers that the use of the intelligent (generalization) method of MiniMon boosts the overall user satisfaction rate by 37.6%.

Keywords

Android, Software Debloating, Log Analysis

Discipline

Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

ICSE '24: Proceedings of the IEEE/ACM 46th International Conference on Software Engineering, Lisbon, Portugal, April 14-20

First Page

1

Last Page

13

ISBN

9798400702174

Identifier

10.1145/3597503.3639113

Publisher

ACM

City or Country

New York

Citation

LIU, Jiakun; ZHANG, Zicheng; HU, Xing; Ferdian, Thung; MAOZ, Shahar; GAO, Debin; TOCH, Eran; ZHAO, Zhipeng; and David LO. MiniMon: Minimizing Android applications with intelligent monitoring-based debloating. (2024). ICSE '24: Proceedings of the IEEE/ACM 46th International Conference on Software Engineering, Lisbon, Portugal, April 14-20. 1-13.
Available at: https://ink.library.smu.edu.sg/sis_research/9233

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1145/3597503.3639113