Towards Automated Testing of WebViews in Android Applications

The Hong Kong University of Science and Technology
Department of Computer Science and Engineering


PhD Thesis Defence


Title: "Towards Automated Testing of WebViews in Android Applications"

By

Mr. Jiajun HU


Abstract:

WebView is a graphical user interface (GUI) widget that helps integrate web
applications into the native context of Android apps. It provides powerful
mechanisms to support bi-directional interactions between the native-end (Java)
and the web-end (JavaScript) of an Android app. WebViews are widely adopted in
real-world Android apps. Various studies have demonstrated that 83%-90% of the
most-popular apps in the Google Play Store use WebViews in some fashion. Modern
app-in-app ecosystems (e.g., WeChat Mini-Programs) are also built on top of
WebViews.

Despite its popularity among developers, WebView-induced bugs (wBugs for short)
are common in Android apps due to WebView's complicated cross-language
interaction mechanisms. However, little is known about the characteristics of
these WebView-induced bugs. To bridge the gap, we conduct an empirical study on
124 wBugs collected from 51 popular open-source Android apps. Our study
characterizes wBugs from a wide range of perspectives, including their root
causes, consequences, and manifestation. We conclude interesting observations
that can be leveraged for detecting and diagnosing wBugs. Base on our empirical
findings, we further propose an automated test generation technique, wDroid,
that is equipped with effective oracles to expose wBugs in Android apps. An
evaluation on 146 open-source Android apps demonstrated its effectiveness in
detecting previously-unknown wBugs that are of the developers' concern.

Although wDroid can effectively manifest wBugs, its test inputs generation
procedure is based on a stress-testing tool Monkey, which generates a random
sequence of user events (e.g., clicks, touches, or gestures) to exercise an app
under test. Such random test inputs generation approach is not effective in
exploring diverse WebView behaviors in an app. In our second work, we study the
problem of test inputs generation for WebViews in Android apps. Effective test
inputs generation for WebViews requires identifying essential program
properties to be covered by the generated tests. The coverage of these
properties provides an effective measure of test adequacy for the WebView
behaviors. Properties adopted by existing test generation techniques (e.g.,
program statements/branches) are not suitable for testing WebViews since none
of them are specifically designed to model WebView behaviors. In this work, we
propose WebView-specific properties to formally characterize WebView behaviors
in an Android app. We also devise a cross-language dynamic analysis method to
identify these properties. We further develop wTest+, a fully-automated
WebView-oriented test inputs generation technique that combines static and
dynamic analysis. wTest+ relies on a statically-built GUI component transition
graph, in which GUI components that are helpful to reach WebViews are
highlighted, as well as the coverage of WebView-specific properties to guide
test inputs generation, in order to reach WebViews and exercise diverse WebView
behaviors. We apply wTest+ to test 38 real-world open-source Android apps. The
results show that wTest+ outperforms eight baseline methods in terms of the
coverage of WebView-specific properties and the number of detected wBugs.


Date:                   Wednesday, 10 January 2024

Time:                   9:30am - 11:30am

Venue:                  Room 3494
                        Lifts 25/26

Chairman:               Prof. Jun ZHANG (ECE)

Committee Members:      Prof. Shing Chi CHEUNG (Supervisor)
                        Prof. Lionel PARREAUX
                        Prof. Raymond WONG
                        Prof. Rong TANG (MATH)
                        Prof. Leonardo MARIANI (University of Milano-Bicocca)


**** ALL are Welcome ****