Abstract:
Every Android application runs in its own virtual machine, with its own Linux user account
and corresponding permissions. Although this ensures that permissions are given as per each
application’s requirements, each permission itself is still broad enough to possible exploitation.
The heap memory can be accessed by default by all apps and can be misutilized to unimaginable
extents. Such exploitations may result in an over consumption of phone’s resources, in terms
of memory, battery, and communication bandwidth. In this work, we propose a tool called
R3, for the app developers and users to control application’s permissions at a fine granularity
thereby reducing the exploitation of permissions. We provide the developers an opportunity to
recycle the objects that are short lived and created in large numbers so that they can be reused
instead of getting garbage collected. The framework is based on static code analysis and code
instrumentation. It takes in compiled code and so does not require access to source code of
the application. As a case study, we passed publicly available applications through R3 to fine
tune their performance. We compared energy, data and memory consumed by these applications
before and after the code injection to corroborate our claims of improvement in performance. The
data consumption reduced by a factor of 12.2 after removing advertisements, energy consumption
reduced by a factor of 1.88 by optimizing the wake lock type and energy consumption reduced by
a factor of 3.7 after optimizing GPS location update frequency. The pause times due to garbage
collection reduced from 184 ms to 80 ms as the object pool size was increased from 0 to 1000.