Static and dynamic security analysis of apps for mobile devices
US-9811665-B1 · Nov 7, 2017 · US
Application pre-release report
US10025701B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10025701-B2 |
| Application number | US-201615207344-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 11, 2016 |
| Priority date | May 16, 2016 |
| Publication date | Jul 17, 2018 |
| Grant date | Jul 17, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Various embodiments provide an automated testing analysis tool, termed a “pre-release analysis tool”, that tests applications for functional and nonfunctional requirements. In at least some embodiments, the pre-release analysis tool can perform both static analysis and dynamic analysis on an application. A report module can provide rich feedback, including actionable feedback, to an application developer in order to enable the developer to make their applications more secure, reliable, efficient, and performant. Actionable feedback can include feedback that suggests various remedial measures that an application developer may put in place in order to improve their applications. Application analysis can be performed in various different categories with actionable feedback provided in each. These different categories can include, by way of example and not limitation, application crashes, performance, security, usability, application statistics, code warnings, localization issues, and network issues.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for generating an application report for an application, the method comprising: receiving the application; performing a static analysis of the application; performing a dynamic analysis of the application by loading the application onto a plurality of devices and using an automated robot tester to walk through the application on each of the devices via inputs to the application that are generated by the automated robot tester; and generating the application report based on the static and dynamic analysis, the application report comprising: responsive to the automated robot tester causing a crash of the application on one of the devices during the dynamic analysis, one or more of the inputs to the application that the automated robot tester performed to cause the crash of the application; and responsive to determining a security vulnerability of the application by either the static or dynamic analysis, information describing the security vulnerability of the application. 2. The method of claim 1 , wherein the application report further comprises a summary of the devices including device model name, operating system version, and language. 3. The method of claim 1 , wherein the application report further comprises a screenshot of the application on one of the devices. 4. The method of claim 3 , wherein the screenshot describes the crash of the application. 5. The method of claim 1 , wherein the application report further comprises a performance problem experienced by the automated robot tester during the dynamic analysis that is separate and distinct from the crash of the application and the security vulnerability. 6. The method of claim 1 , wherein the information describing the security vulnerability comprises severity information and information to remedy the security vulnerability. 7. The method of claim 6 , wherein the information to remedy the security vulnerability comprises a link to an article about the security vulnerability. 8. The method of claim 1 , wherein the application report further comprises a usability problem that is separate and distinct from the crash of the application and the security vulnerability. 9. The method of claim 8 , wherein the usability problem comprises a problem with a layout or user interface of the application on one of the devices. 10. The method of claim 9 , wherein the application report includes a screenshot of the layout or the user interface. 11. The method of claim 1 , wherein the application report further comprises statistics of the application that are separate and distinct from the crash of the application and the security vulnerability. 12. The method of claim 1 , wherein the application report further comprises a potential problem in the code of the application that is separate and distinct from the crash of the application or the security vulnerability. 13. The method of claim 1 , wherein the application report further comprises a missing or wrong translation of text on one of the plurality of devices. 14. The method of claim 1 , wherein the inputs are determined based upon a depth-first search approach that determines possible inputs that may cause the application to crash. 15. A system comprising: one or more processors; one or more computer readable storage media devices embodying computer readable instructions which, when executed by the one or more processors, cause the one or more processors to perform operations comprising: receiving an application; performing a static analysis of the application; performing a dynamic analysis of the application by loading the application onto a plurality of devices and using an automated robot tester to walk through the application on each of the devices via inputs to the application that are generated by the automated robot tester; and generating an application report based on the static and dynamic analysis, the application report comprising: responsive to the automated robot tester causing a crash of the application on one of the devices during the dynamic analysis, one or more of the inputs to the application that the automated robot tester performed to cause the crash of the application; and responsive to the static analysis or the dynamic analysis determining a security vulnerability of the application, information describing the security vulnerability of the application. 16. The system of claim 15 , wherein the application report further comprises a summary of the devices including device model name, operating system version, and language. 17. The system of claim 15 , wherein the application report further comprises a screenshot that describes the crash of the application. 18. The system of claim 15 , wherein the application report further comprises a performance problem experienced by the automated robot tester during the dynamic analysis that is separate and distinct from the crash of the application and the security vulnerability. 19. The system of claim 15 , wherein the inputs are determined based upon a depth-first search approach that determines possible inputs that may cause the application to crash. 20. The system of claim 15 , wherein the application report further comprises a problem with a layout or user interface of the application on one of the devices.
Assignees
Inventors
Classifications
- G06F11/3688Primary
for test execution, e.g. scheduling of test suites · CPC title
Test or assess software · CPC title
by runtime analysis (performance monitoring G06F11/3466) · CPC title
Assessing vulnerabilities and evaluating computer system security · CPC title
Testing of software · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10025701B2 cover?
- Various embodiments provide an automated testing analysis tool, termed a “pre-release analysis tool”, that tests applications for functional and nonfunctional requirements. In at least some embodiments, the pre-release analysis tool can perform both static analysis and dynamic analysis on an application. A report module can provide rich feedback, including actionable feedback, to an application…
- Who is the assignee on this patent?
- Google Inc, Google Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F11/3688. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jul 17 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).