Understanding and Detecting Evolution-Induced Compatibility Issues in Android Apps

The frequent release of Android OS and its various versions bring many compatibility issues to Android Apps. This paper studies and addresses such evolution-induced compatibility problems. We conduct an extensive empirical study over 11 different Android versions and 4,936 Android Apps. Our study shows that there are drastic API changes between adjacent Android versions, with averagely 140.8 new types, 1,505.6 new methods, and 979.2 new fields being introduced in each release. However, the Android Support Library (provided by the Android OS) only supports less than 23% of the newly added methods, with much less support for new types and fields. As a result, 91.84% of Android Apps write additional code to support different OS versions. Furthermore, 88.65% of the supporting codes share a common pattern, which directly compares variable android.os.Build.VERSION.SDK_INT with a constant version number, to use an API of particular versions. Based on our findings, we develop a new tool called IctApiFinder, to detect incompatible API usages in Android applications. IctApiFinder effectively computes the OS versions on which an API may be invoked, using an inter-procedural data-flow analysis frame-work. It detects numerous incompatible API usages in 361 out of 1,425 Apps. Compared to Android Lint, IctApiFinder is sound and able to reduce the false positives by 82.1%. We have reported the issues to 13 Apps developers. At present, 5 of them have already been confirmed by the original developers and 3 of them have already been fixed.

[1]  David Lo,et al.  Understanding the Test Automation Culture of App Developers , 2015, 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST).

[2]  Jacques Klein,et al.  AndroZoo: Collecting Millions of Android Apps for the Research Community , 2016, 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR).

[3]  Yajin Zhou,et al.  The impact of vendor customizations on android security , 2013, CCS.

[4]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[5]  Yifei Zhang,et al.  Launch-Mode-Aware Context-Sensitive Activity Transition Analysis , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE).

[6]  Jie Liu,et al.  TDroid: Exposing App Switching Attacks in Android with Control Flow Specialization , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[7]  Young Bom Park,et al.  Mobile Application Compatibility Test System Design for Android Fragmentation , 2011, FGIT-ASEA/DRBC/EL.

[8]  Serge Abiteboul,et al.  Foundations of Databases: The Logical Level , 1995 .

[9]  Je-Ho Park,et al.  Fragmentation Problem in Android , 2013, 2013 International Conference on Information Science and Applications (ICISA).

[10]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[11]  Eric Bodden,et al.  Inter-procedural data-flow analysis with IFDS/IDE and Soot , 2012, SOAP '12.

[12]  Lian Li,et al.  Precise and scalable context-sensitive pointer analysis via value flow graph , 2013, ISMM '13.

[13]  Ahmed E. Hassan,et al.  A Large-Scale Empirical Study on Software Reuse in Mobile Apps , 2014, IEEE Software.

[14]  Jacques Klein,et al.  CiD: automating the detection of API-related compatibility issues in Android apps , 2018, ISSTA.

[15]  Miryung Kim,et al.  An Empirical Study of API Stability and Adoption in the Android Ecosystem , 2013, 2013 IEEE International Conference on Software Maintenance.

[16]  Eleni Stroulia,et al.  Understanding Android Fragmentation with Topic Analysis of Vendor-Specific Bugs , 2012, 2012 19th Working Conference on Reverse Engineering.

[17]  Yepang Liu,et al.  Taming Android fragmentation: Characterizing and detecting compatibility issues for Android apps , 2016, 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE).

[18]  Ahmed E. Hassan,et al.  Understanding reuse in the Android Market , 2012, 2012 20th IEEE International Conference on Program Comprehension (ICPC).

[19]  Laurie Hendren,et al.  Soot: a Java bytecode optimization framework , 2010, CASCON.

[20]  Yannis Smaragdakis,et al.  Using Datalog for Fast and Easy Program Analysis , 2010, Datalog.

[21]  Todd J. Green,et al.  LogicBlox, Platform and Language: A Tutorial , 2012, Datalog.

[22]  Steven Arzt Static Data Flow Analysis for Android Applications , 2017 .

[23]  Nan Zhang,et al.  The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations , 2014, 2014 IEEE Symposium on Security and Privacy.

[24]  Jingling Xue,et al.  Efficient and precise points-to analysis: modeling the heap by merging equivalent automata , 2017, PLDI.

[25]  Lian Li,et al.  Boosting the performance of flow-sensitive points-to analysis using value flow , 2011, ESEC/FSE '11.

[26]  Debin Gao,et al.  Measuring the Declared SDK Versions and Their Consistency with API Calls in Android Apps , 2017, WASA.

[27]  Ondrej Lhoták,et al.  Scaling Java Points-to Analysis Using SPARK , 2003, CC.

[28]  Gabriele Bavota,et al.  API change and fault proneness: a threat to the success of Android apps , 2013, ESEC/FSE 2013.

[29]  Ying Zou,et al.  Exploring the Development of Micro-apps: A Case Study on the BlackBerry and Android Platforms , 2011, 2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation.

[30]  Gabriele Bavota,et al.  The Impact of API Change- and Fault-Proneness on the User Ratings of Android Apps , 2015, IEEE Transactions on Software Engineering.

[31]  Yifei Zhang,et al.  Ripple: Reflection Analysis for Android Apps in Incomplete Information Environments , 2017, CODASPY.

[32]  Jacques Klein,et al.  Accessing Inaccessible Android APIs: An Empirical Study , 2016, 2016 IEEE International Conference on Software Maintenance and Evolution (ICSME).

[33]  Meiyappan Nagappan,et al.  Future Trends in Software Engineering Research for Mobile Apps , 2016, 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER).

[34]  Jingling Xue,et al.  On-demand strong update analysis via value-flow refinement , 2016, SIGSOFT FSE.

[35]  Gabriele Bavota,et al.  How do API changes trigger stack overflow discussions? a study on the Android SDK , 2014, ICPC 2014.

[36]  Philippe Kruchten,et al.  Real Challenges in Mobile App Development , 2013, 2013 ACM / IEEE International Symposium on Empirical Software Engineering and Measurement.