Property-based Testing for Validating User Privacy-Related Functionalities in Social Media Apps
There are various privacy-related functionalities in social media apps. For example, users of TikTok can upload videos that record their daily activities and specify which users can view these videos. Ensuring the correctness of these functionalities is crucial. Otherwise, it may threaten the users’ privacy or frustrate users. Due to the absence of appropriate automated testing techniques, manual testing remains the primary approach for validating these functionalities in the industrial setting, which is cumbersome, error-prone, and inadequate due to its small-scale validation. To this end, we adapt property-based testing to validate app behaviors against the properties described by the given privacy specifications. Our key idea is that privacy specifications maintained by testers written in natural language can be transformed into the Büchi automata, which can be used to determine whether the app has reached unexpected states as well as guide the test case generation. To support the application of our approach, we implemented an automated GUI testing tool, PDTDroid, which can detect the app behavior that is inconsistent with the checked privacy specifications. Our evaluation on TikTok, involving 125 real privacy specifications, shows that PDTDroid can efficiently validate privacy-related functionality and reduce manual effort by an average of 95.2% before each app release. Our further experiments on six popular social media apps show the generability and applicability of PDTDroid. During the evaluation, PDTDroid also found 22 previously unknown inconsistencies between the specification and implementation in these extensively tested apps (including four privacy leakage bugs, nine privacy-related functional bugs, and nine specification issues).
Fri 19 JulDisplayed time zone: Brasilia, Distrito Federal, Brazil change
11:00 - 12:30 | Testing 4Research Papers / Industry Papers at Pitanga Chair(s): Antonia Bertolino National Research Council, Italy | ||
11:00 18mTalk | Partial Solution Based Constraint Solving Cache in Symbolic Execution Research Papers Ziqi Shuai School of Computer, National University of Defense Technology, China, Zhenbang Chen College of Computer, National University of Defense Technology, Kelin Ma School of Computer, National University of Defense Technology, China, Kunlin Liu School of Computer, National University of Defense Technology, China, Yufeng Zhang Hunan University, Jun Sun School of Information Systems, Singapore Management University, Singapore, Ji Wang School of Computer, National University of Defense Technology, China Pre-print | ||
11:18 18mTalk | Natural Symbolic Execution-based Testing for Big Data Analytics Research Papers Yaoxuan Wu UCLA, Ahmad Humayun Virginia Tech, Muhammad Ali Gulzar Virginia Tech, Miryung Kim UCLA and Amazon Web Services Pre-print | ||
11:36 18mTalk | MTAS: A Reference-Free Approach for Evaluating Abstractive Summarization Systems Research Papers Xiaoyan Zhu Zhejiang Sci-Tech University, Mingyue Jiang Zhejiang Sci-Tech University, Xiao-Yi Zhang University of Science and Technology Beijing, Liming Nie Nanyang Technological University, Zuohua Ding Zhejiang Sci-Tech University | ||
11:54 18mTalk | Observation-based unit test generation at Meta Industry Papers Mark Harman Meta Platforms, Inc. and UCL, Rotem Tal Meta platforms, Alexandru Marginean Meta platforms, Eddy Wang Meta platforms, Nadia Alshahwan Meta Platforms | ||
12:12 18mTalk | Property-based Testing for Validating User Privacy-Related Functionalities in Social Media Apps Industry Papers Jingling Sun University of Electronic Science and Technology of China, Ting Su East China Normal University, Jun Sun School of Information Systems, Singapore Management University, Singapore, Jianwen Li East China Normal University, China, Mengfei Wang ByteDance, Geguang Pu East China Normal University, China | ||