A Static Analysis of Android Source Code for Lifecycle Development Usage Patterns

Building robust Android apps is a non-trivial task that requires skilled developers to understand various Android platform peculiarities. However, among the Android developers community, a large fractions are considered to be novice and inexperienced developers. One of the main peculiarities in the Android app development is the activity lifecycle model. A developer needs to have deep understanding of the different lifecycle states and callback methods that an Android activity can go through during its runtime. These callback methods are called by the system whenever an app activity changes its state. The developer needs to override appropriate callback methods correctly to avoid app memory leaks and data loss or other phone resource compromise. Detailed static analysis of software applications provides actionable insights and helps us to understand how applications are actually built. Although there have been many studies focusing on static analysis of Android apps in the areas of testing, quality, design, privacy and security; no studies to date focus on lifecycle development practices and usage patterns thus far. In this paper, we analyzed 842 open-source Android apps containing 5577 activities to explore and understand how Android developers actually comply with best practices regarding the Android activity lifecycle model. We developed a tool named SAALC that is capable of analyzing Android activities and extracting valuable information about lifecycle callback methods usage. Our results show, which callback methods are implemented and the nature of the code they contain. The results also show incorrect implementation of the callback methods and incorrect acquiring and releasing of system resources in many Android apps and we argue that a relatively large fraction of Android developers do not sufficiently well understand the app lifecycle model. We also discuss our results in comparison to the Android app lifecycle model best practices.

[1]  Giuliano Antoniol,et al.  Would static analysis tools help developers with code reviews? , 2015, 2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER).

[2]  Sahin Albayrak,et al.  Static Analysis of Executables for Collaborative Malware Detection on Android , 2009, 2009 IEEE International Conference on Communications.

[3]  Alexander Ramos,et al.  Evaluating the ability of static code analysis tools to detect injection vulnerabilities , 2016 .

[4]  Anthony Desnos,et al.  Android: Static Analysis Using Similarity Distance , 2012, 2012 45th Hawaii International Conference on System Sciences.

[5]  Philippe Kruchten,et al.  Real Challenges in Mobile App Development , 2013, 2013 ACM / IEEE International Symposium on Empirical Software Engineering and Measurement.

[6]  Guohui Li,et al.  An evaluation of source code mining techniques , 2011, 2011 Eighth International Conference on Fuzzy Systems and Knowledge Discovery (FSKD).

[7]  Stefan Kowalewski,et al.  Testing Conformance of Life Cycle Dependent Properties of Mobile Applications , 2012, 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation.

[8]  P. Danphitsanuphan,et al.  Code Smell Detecting Tool and Code Smell-Structure Bug Relationship , 2012, 2012 Spring Congress on Engineering and Technology.

[9]  Bing Mao,et al.  DroidAlarm: an all-sided static analysis tool for Android privilege-escalation malware , 2013, ASIA CCS '13.

[10]  Étienne Payet,et al.  Static Analysis of Android Programs , 2011, CADE.

[11]  Ashish Sureka,et al.  Pravaaha: Mining Android Applications for Discovering API Call Usage Patterns and Trends , 2015, ISEC.

[12]  Zhang Haotian,et al.  Java Source Code Static Check Eclipse Plug-In Based on Common Design Pattern , 2013, 2013 Fourth World Congress on Software Engineering.

[13]  Isil Dillig,et al.  Apposcopy: semantics-based detection of Android malware through static analysis , 2014, SIGSOFT FSE.

[14]  John Grundy,et al.  Static analysis of android apps for lifecycle conformance , 2017, 2017 8th International Conference on Information Technology (ICIT).

[15]  Jacques Klein,et al.  Static Analysis for Extracting Permission Checks of a Large Scale Framework: The Challenges and Solutions for Analyzing Android , 2014, IEEE Transactions on Software Engineering.

[16]  Josh Dehlinger,et al.  Mobile Application Software Engineering : Challenges and Research Directions , 2011 .

[17]  Anthony I. Wasserman,et al.  Software engineering issues for mobile application development , 2010, FoSER '10.

[18]  Sahin Albayrak,et al.  Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications , 2011, 2011 6th International Conference on Malicious and Unwanted Software.

[19]  John Grundy,et al.  A systematic mapping study of mobile application testing techniques , 2016, J. Syst. Softw..

[20]  Stefan Kowalewski,et al.  Reverse Engineering of Mobile Application Lifecycles , 2011, 2011 18th Working Conference on Reverse Engineering.