Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


Update Notice May, 2021

Muse repository description is currently going through update.

There are two branches that require attention in terms of latest development. In chronologically ascending order, these are:

The website is also being updated accordingly.

Muse (alternatively µSE) is a mutation-based soundness evaluation framework which systematically evaluates Android static analysis tools to discover, document, and fix, flaws, by leveraging the well-founded practice of mutation analysis.

More information about Muse can be found in our TOPS'21 paper and on our website.

The original Muse tool was written by Richie Bonnett, done as a part of W&M's Software Engineering course, CSCI 435, year 2018, details of which can be found in USENIX Security'18 paper.


The source code of Muse is available in Code section of this repository. It is maintained using the open source Eclipse Java IDE. To compile, simply clone this repo, and then import the project as a Java project in Eclipse.

Pre compiled Binary

Alternatively, you can use the Muse.jar file by downloading it from the releases section.


Muse relies on MDroidPlus. You will need the libs4ast folder of that project in order to run Muse.

To run Muse, use the following command, specifying the required arguments:

java -jar Muse-1.0.0.jar <libs4ast> <AppSourceCode> <AppName> <OutputPath> <OperatorType>

If running Muse within a IDE like Eclipse, import only the Muse folder within the code subdirectory, or else you might get a java.lang.SecurityException error when running


Provide the following list of required arguments when running Muse:

  1. libs4ast: path of the lib4ast folder, from MDroidPlus
  2. AppSourceCode: path of the Android app source code folder, which you want to apply mutation on;
  3. AppName: Name of the App;
  4. Output: Path of the folder where the mutants will be created;
  5. OperatorType: Type of operator to be used while creating mutants. Currently supported arguments are: SOURCE, SINK, TAINT, REACHABILITY, TAINTSINK, and COMPLEXREACHABILITY.


java -jar Muse-1.0.0.jar MDroidPlus/libs4ast/ /tmp/AppFoo/src/ AppFoo /tmp/mutants/ TAINTSINK

This will create a folder called AppFoo under /tmp/mutants where the mutated source files will be stored.

Muse Processor Helper Utility

We have created the Muse processor utility using python, which makes it easier to mutate android projects by generating relevant shell script files. To work with it, you need to replace the file paths, and edit the file called input_folders. In the file, you need to provide the list of directories containing Android projects. The provided input_folders already contains sample values.


If you use Muse for academic purposes, please cite:

Amit Seal Ami, Kaushal Kafle, Kevin Moran, Adwait Nadkarni, and Denys Poshyvanyk. 2021. Systematic Mutation-Based Evaluation of the Soundness of Security-Focused Android Static Analysis Techniques. ACM Trans. Priv. Secur. 24, 3, Article 15 (April 2021), 37 pages. DOI:

author = {Ami, Amit Seal and Kafle, Kaushal and Moran, Kevin and Nadkarni, Adwait and Poshyvanyk, Denys},
title = {Systematic Mutation-Based Evaluation of the Soundness of Security-Focused Android Static Analysis Techniques},
year = {2021},
issue_date = {April 2021},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
volume = {24},
number = {3},
issn = {2471-2566},
url = {},
doi = {10.1145/3439802},
journal = {ACM Trans. Priv. Secur.},
month = feb,
articleno = {15},
numpages = {37},
keywords = {CryptoPAn, Network trace anonymization, semantic attacks}

Future Work

Currently Muse is oriented towards the evaluation of static analysis tools for Android data leak detection. We intend to expand Muse by developing additional security operators and mutation schemes for tools with other goals, e.g. SSL verification.

This repository is for a refactoring and expansion of the original muse tool built by Richie Bonnett, which is available here.

Team Members

  • Amit Seal Ami
  • Liz Weech
  • Yang Zhang