Tracking API calls of an Android application (app) has significant value for deeply understanding the app's running behaviors, so that to detect security damages, sensitive information leakages, energy consumptions, system resources occupations of the app, etc. However, existing methods track API calls of a target app through launching and manipulating the app in a real or simulated operating environment. The entire process is time consuming, which leads to low efficiency for practical system executing batch analysis for a considerable scale of apps. In order to enhance the speed of API calls tracking, in this paper, we propose a static analysis method, called EstiDroid, to estimate API calls of Android apps by statically analyzing the apps without actually running them. EstiDroid is composed of a static analyzer and an estimation algorithm. To analyze a target app, EstiDroid first obtains several types of static information from the app's .APK file via the static analyzer, then, the estimation algorithm is employed to establish the estimation model for the app based on the static information. Finally, according to the model, the proportion of each API's calls in the total number of calls is estimated. In experiments, 300 apps are tested via EstiDroid and manual operation in smartphone, the results show that EstiDroid only consumed 49242ms on average compared with manual testing, and it reached 84.06% average similarity and 90.74% maximum similarity compared with the API calls tracked in real environments.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.