安卓毕业设计(论文)外文翻译原文

桂林电子科技大学信息科技学院

毕业设计(论文)外文翻译

（原文）

系 （部）： 信息工程系 专 业： 软件工程 学生姓名： *** 学 号： **********

指导教师单位： 计算机科学与工程学院 *

名： ***

职 称： 教授

2016年 5月 26日

外文原文

How Android conquered the mobile world in just three years

Network World (Online), 2010

The advent of the Droid seen by many as turning point for Google in mobile market

It's easy to forget that not so long ago, no one was sure if Android would ever be relevant.

After all, the Android explosion has really only erupted over the past year, roughly two years after Android made its debut in the fall of 2007. Since January alone, Android has doubled its total market share in the mobile operating system market, and devices based on Android accounted for a whopping 44% of smartphones purchased in the third quarter of 2010, according to research firm ChangeWave. Research firm Gartner has projected that by the end of the year sales of Android devices will exceed those based on the BlackBerry OS and the iPhone OS, meaning that Android will trail only Symbian as the world's most-used mobile operating system.

But for the first two years of its existence, Android had a tough time making major waves. The first device to be based on Android, T-Mobile's HTC G1, made its debut in the fall of 2008 and was mostly overshadowed by more high-profile smartphones such as the Apple iPhone and the BlackBerry Storm. Morgan Slain, the CEO of mobile applications developer SplashData, says that this lack of initial success led a lot of application developers to hesitate before investing too many resources in developing for the platform, despite the fact that it was free and open source.

\"We started early doing Android development but at first it was all hype and no sales,\" he says. \"It was a new platform for us. It seemed to have a lot of potential but it was frustrating that there weren't any sales coming in for us.\"

Scott Webster, who has been covering Android for the past three year as one of the founders of the popular Android Guys blog, says he got a similar vibe from developers he talked to during Android's early years.

\"The initial buzz from developers was, 'We don't know what this is yet,'\" he says. \"There was a huge wait-and-see approach.\"

Google plugged a large chunk of cash into bringing application developers on board with Android by offering a total of $10 million in prizes as part of its Android Developer Challenge during Android's initial launch. Slain says that while his company and many others entered the challenge, they were still greatly unsure of Android's long-term potential since the operating system wasn't yet available on any marquee devices and there was a sense that Android was \"all buzz\" without anything to back it up.

That's not to say that Android as a development platform was not enticing. Since Android is a Linux platform that uses Java as its programming language, most software developers on the market found that writing programs for the operating system was a breeze. Google also went out of its way to make posting a new application on the Android Market a snap, as the company does not screen applications sent to the store and will only remove them if it has received legitimate customer complaints.

\"Google did a lot of things right when it designed Android,\" says IDC analyst Steve Drake. \"They made it open, they made it very clean, they tried to keep it simple in terms of its code and offerings and they moved very quickly to make sure each new version of the OS contained real improvements.\"

So the operating system itself was fine. Now all it needed was a device to drive popularity.

Enter the Droid

Android got its big break last November with the release of the Motorola Droid on the Verizon network. The Droid's release was important because it marked the first time that an Android-based device was being supported by either of the nation's two largest wireless carriers. Verizon decided to aggressively market the Droid as a better alternative to the Apple iPhone by pointing out that the Droid had a physical keyboard and the ability to run simultaneous applications. And while the Droid didn't sell as many units as the iPhone, it did sell well over 1 million, thus putting Android firmly on the mobile operating system map.

Slain says that the impact of the Droid on his company's sales was immediate and significant.

\"We noticed a difference literally overnight,\" he says. \"And ever since the Droid launch it's been a consistently strong platform.\"

Paul Carton, the vice president of research at ChangeWave, notes that interest in Motorola products among corporate users doubled between August 2009 and November 2009, as the number of corporate users surveyed by ChangeWave who planned to buy Motorola products surged from 5% to 10% over the span of three months.

\"We were surprised by the monstrous leap in Motorola interest last year,\" Carton says. \"Do you see anything else that looks like that a year ago? It's all because of Android.\"

Verizon decided to apply the \"Droid\" brand to several other Android phones on its network, including the HTC Droid Incredible, the Motorola Droid X and the Motorola Droid Pro. Couple this with the fact that the first WiMAX-based phone available in the United States was also based on Android and you have several high-profile devices that have made Android a national brand. And what's more, people seem to be very pleased with Android devices as 67% of Android users surveyed by ChangeWave said they were very satisfied with the operating system, second only to the 71% of iPhone users who said they were satisfied with the iPhone OS.

Looking ahead, it seems that Android will try to make headway into the rapidly growing

market for tablet computers that is currently being dominated by Apple's iPad. Although Android has already been used as the operating system for tablets such as the Samsung Galaxy, Google is working on a new version of the software that will be optimized for large-screen devices in ways that current versions aren't. Webster says it will be interesting to see how much Google tinkers with Android to make it a better fit for tablets.

\"Will they change the experience for swiping and for dragging and dropping?\" he wonders. \"We'll have to wait until next year, though, because it could be six months before we see tablet optimization for Android.\"

VulHunter: Toward Discovering Vulnerabilities in Android Applications

IEEE Micro 2015 Vol.35 No.1 P44-53

With the prosperity of the Android app economy, many apps have been published and sold in various markets. However, short development cycles and insufficient security development guidelines have led to many vulnerable apps. Although some systems have been developed for automatically discovering specific vulnerabilities in apps, their effectiveness and efficiency are usually restricted because of the exponential growth of paths to examine and simplified assumptions. In this article, the authors propose a new static-analysis framework for facilitating security analysts to detect vulnerable apps from three aspects. First, they propose an app property graph (APG), a new data structure containing detailed and precise information from apps. Second, by modeling app-related vulnerabilities as graph traversals, the authors conduct graph traversals over APGs to identify vulnerable apps for easing the identification process. Third, they reduce the workload of manual verification by removing infeasible paths and generating attack inputs whenever possible. They have implemented the framework in a system named VulHunter with 9,145 lines of Java code and modeled five types of vulnerabilities. Checking 557 popular apps that are randomly collected from Google Play and have at least 1 million installations, the authors found that 375 apps (67.3 percent) have at least one vulnerability.

With the mobile Internet's prosperity, recent years have witnessed an unprecedented number of Android applications (“apps”) published and sold in app markets. However, short development cycles and insufficient security development guidelines have led to many vulnerable apps. After analyzing 2,107 apps from companies on the Forbes Global 2000, HP research recently found that 90 percent of apps are vulnerable (http://zd.net/1FK7I5b).

Motivated by recent research1, we propose a new static-analysis framework to facilitate vulnerability discovery for apps by extracting detailed and precise information from apps, easing the identification process, and reducing the manual-verification workload. More precisely, we design a novel data structure called the app property graph (APG), which smoothly integrates abstract syntax trees (ASTs), an interprocedure control-flow graph (ICFG), a method-call graph (MCG), and a system dependency graph (SDG) to represent each app. Although the APG is motivated by the code property graph (CPG)1, the APG differs from the CPG due to the significant difference between apps and C source codes (see the “Related Work in Vulnerability Discovery” sidebar for details). For example, the APG employs the ICFG, MCG, and SDG to characterize the frequent interprocedure and intercomponent communications in apps. The APG also incorporates permissions and other unique features in apps as properties. To ease the identification process, we model common vulnerabilities of apps reported in the Common Vulnerabilities and Exposures (CVE) system as graph traversals and detect vulnerable apps by conducting graph traversals over APGs. Note that each app needs to be processed just once for extracting APG and then we can conduct various graph traversals, including those extracted from new vulnerability patterns. Moreover, to reduce the manual-verification workload, we employ symbolic execution to filter out infeasible paths and suggest attack inputs whenever possible.

In creating the APG, we tackled many challenges, including dealing with object references and inheritance in Shimple IR codes and handling Android's event-driven mechanism. Also, we propose an approach to convert Shimple IR codes to SMT-Lib2 codes so that the existing SMT solver can be used. Finally, we implemented the framework in VulHunter with 9,145 lines of Java codes. We modeled five common vulnerabilities as graph traversals and checked

the security of 577 popular apps, each of which has more than 1 million installations. The result shows that 375 apps have at least one vulnerability.

Figure 1 depicts the major steps in our framework, which has three necessary steps and three optional steps, depending on the type of vulnerability. VulHunter has implemented all these steps. We use a real vulnerable app, GoSMS Pro (com.jb.gosms, v3.72), to illustrate how VulHunter works. This app has an exported service, CellValidateService, which sends a short message service (SMS) according to incoming intents. Because this service does not sanitize incoming intents, an adversary can send a crafted intent for triggering GoSMS to send an SMS to an arbitrary destination address. Figure 2 illustrates the vulnerable code snippet, the corresponding Shimple IR code, and its APG.

VulHunter first constructs an app's APG according to its AndroidManifest.xml and classes.dex and then stores it in a graph data-base, which uses graph structures (including nodes, edges, and properties) to represent and store data. AndroidManifest.xml provides essential information about an app, such as required permissions and intent filters.

We use Soot (http://bit.ly/1veFjB8) to disassemble classes.dex into Shimple IR code (http://bit.ly/1zbB3BM) and then construct the AST, MCG, ICFG, and SDG. These data structures compose an app's APG, denoted as Formula. Formula is the set of nodes that denote classes, methods, statements, class fields, instance fields, operands, and operators. Different kinds of nodes have different labels. Formula is the set of edges (or relationships) that represent connections among classes, methods, and statements, such as the data dependency and control dependency in the SDG, syntax relations in the AST, and control flow in the CFG. Formula is the set of properties that represent the attributions of nodes and relationships. For instance, the properties of a class node include method signature, name, modifier, argument count, and whether it is an entry of certain component. The properties of dependency relationships record the condition (“true” or “false”) of If-Stmt, or the lookup value of TableSwitch-Stmt and PackedSwitch-Stmt.