nach oben

Erschienen in:

07.10.2020

API compatibility issues in Android: Causes and effectiveness of data-driven detection techniques

verfasst von: Simone Scalabrino, Gabriele Bavota, Mario Linares-Vásquez, Valentina Piantadosi, Michele Lanza, Rocco Oliveto

Erschienen in: Empirical Software Engineering | Ausgabe 6/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Android fragmentation is a well-known issue referring to the adoption of different versions in the multitude of devices supporting such an operating system. Each Android version features a set of APIs provided to developers. These APIs are subject to changes and may cause compatibility issues. To support app developers, approaches have been proposed to automatically identify API compatibility issues. CiD, the state-of-the-art approach, is a data-driven solution learning how to detect those issues by analyzing the change history of Android APIs (“API side” learning). In this paper (extension of our MSR 2019 paper), we present an alternative data-driven approach, named ACRyL. ACRyL learns from changes implemented in apps in response to API changes (“client side” learning). When comparing these two solutions on 668 apps, for a total of 11,863 snapshots, we found that there is no clear winner, since the two techniques are highly complementary, and none of them provides a comprehensive support in detecting API compatibility issues: ACRyL achieves a precision of 7.0% (28.0%, when considering only the severe warnings), while CiD achieves a precision of 18.4%. This calls for more research in this field, and led us to run a second empirical study in which we manually analyze 500 pull-requests likely related to the fixing of compatibility issues, documenting the root cause behind the fixed issue. The most common causes are related to changes in the Android APIs (\(\sim \) 87%), while about 13% of the issues are related to external causes, such as build and distribution, dependencies, and the app itself. The provided empirical knowledge can inform the building of better tools for the detection of API compatibility issues.

Vorheriger Artikel How agile teams make self-assignment work: a grounded theory study

Nächster Artikel On the time-based conclusion stability of cross-project defect prediction models

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

https://github.com/libgdx/libgdx/issues/5059

A third attribute, android:maxSdkVersion, does also exist, but the Android documentation recommends to not declare it, since by default it is set to the latest available API version.

https://developer.android.com/guide/topics/manifest/uses-sdk-element

https://developer.android.com/reference/android/os/Build.VERSION_CODES

https://developer.android.com/topic/libraries/support-library

We used CiD instead of IctApiFinder since it is publicly available.

http://code.google.com/p/dex2jar

http://wala.sourceforge.net/

We identified Android APIs by checking the package the class implementing the API comes from. The list of packages we consider as part of the Android APIs is available in our replication package.

https://www.f-droid.org/

https://github.com/andresth/Kandroid/commit/0b0d04

https://github.com/gsantner/dandelion/commit/af0070

https://github.com/no-go/RickApp/commit/05efde

https://developer.android.com/preview

https://github.com/ankidroid/Anki-Android/pull/4897

https://developer.android.com/about/versions/marshmallow/android-6.0-changes

https://developer.android.com/about/versions/nougat/android-7.0-changes

https://github.com/SilenceIM/Silence/pull/45

https://developer.android.com/about/versions/android-5.1

https://github.com/andOTP/andOTP/pull/160

https://github.com/tuskyapp/Tusky/pull/731

https://github.com/lordi/tickmate/pull/76

https://github.com/xargsgrep/PortKnocker/pull/15

https://github.com/mozilla-mobile/focus-android/pull/3053

https://developer.android.com/about/versions/marshmallow/android-6.0-changes

https://developer.android.com/about/versions/oreo/android-8.0-changes

https://github.com/sandsmark/QuasselDroid/pull/286

https://github.com/openhab/openhab-android/pull/592

https://developer.android.com/about/versions/pie/android-9.0-changes-28

https://github.com/wallabag/android-app/pull/794

https://github.com/wallabag/android-app/pull/311

https://developer.android.com/about/versions/marshmallow/android-6.0-changes

https://github.com/syncthing/syncthing-android/pull/918

Amann S, Nadi S, Nguyen HA, Nguyen TN, Mezini M (2016) MUBench: A benchmark for API-misuse detectors. In: Proceedings of the 13th IEEE/ACM Working Conference on Mining Software Repositories, MSR. https://doi.org/10.1109/MSR.2016.055, pp 464–467

Amann S, Nguyen HA, Nadi S, Nguyen TN, Mezini M (2018) A systematic evaluation of static API-misuse detectors. IEEE Transactions on Software Engineering, https://doi.org/10.1109/TSE.2018.2827384

Backes M, Bugiel S, Derr E, McDaniel P, Octeau D, Weisgerber S (2016) On demystifying the android application framework: Re-visiting android permission specification analysis. In: 25th {USENIX} security symposium ({USENIX} security 16), pp 1101–1118

Bartel A, Klein J, Le Traon Y, Monperrus M (2012) Automatically securing permission-based software by reducing the attack surface: An application to android. In: 2012 Proceedings of the 27th IEEE/ACM international conference on automated software engineering. IEEE, pp 274–277

Bavota G, Linares-Vásquez M, Bernal-Cárdenas CE, Penta MD, Oliveto R, Poshyvanyk D (2015) The impact of API change- and fault-proneness on the user ratings of Android apps. IEEE Trans Softw Eng 41(4):384–407. https://doi.org/10.1109/TSE.2014.2367027CrossRef

Brito G, Hora A, Valente MT, Robbes R (2016) Do developers deprecate APIs with replacement messages? A large-scale analysis on java systems. In: Proceedings of the 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering, SANER. https://doi.org/10.1109/SANER.2016.99, vol 1, pp 360–369

Choudhary SR, Gorla A, Orso A (2015) Automated test input generation for Android: Are we there yet?. In: Proceedings of the 30th IEEE/ACM international conference on automated software engineering, IEEE Computer Society, ASE, pp 429–440, https://doi.org/10.1109/ASE.2015.89

Dilhara M, Cai H, Jenkins J (2018) Automated detection and repair of incompatible uses of runtime permissions in android apps. In: Proceedings of the 5th International Conference on Mobile Software Engineering and Systems. ACM, pp 67–71

Fazzini M, Orso A (2017) Automated cross-platform inconsistency detection for mobile apps. In: Proceedings of the 32Nd IEEE/ACM international conference on automated software engineering. IEEE Press, pp 308–318

Han D, Zhang C, Fan X, Hindle A, Wong K, Stroulia E (2012) Understanding android fragmentation with topic analysis of vendor-specific bugs. In: Proceedings of the 19th working conference on reverse engineering. WCRE, pp 83–92 https://doi.org/10.1109/WCRE.2012.18

He D, Li L, Wang L, Zheng H, Li G, Xue J (2018) Understanding and detecting evolution-induced compatibility issues in Android apps. In: Proceedings of the 33rd ACM/IEEE international conference on automated software engineering. ACM, ASE, pp 167–177, https://doi.org/10.1145/3238147.3238185

Joorabchi ME, Mesbah A, Kruchten P (2013) Real challenges in mobile app development. In: Proceedings of the ACM/IEEE International symposium on empirical software engineering and measurement. ESEM, pp 15–24 https://doi.org/10.1109/ESEM.2013.9

Li L, Bissyandé TF, Le Traon Y, Klein J (2016) Accessing inaccessible Android APIs: An empirical study. In: Proceedings of the IEEE international conference on software maintenance and evolution. ICSME, pp 411–422 https://doi.org/10.1109/ICSME.2016.35

Li L, Bissyandé TF, Wang H, Klein J (2018a) CiD: Automating the detection of API-related compatibility issues in Android apps. In: Proceedings of the 27th ACM SIGSOFT international symposium on software testing and analysis. ISSTA, pp 153–163

Li L, Gao J, Bissyandé TF, Ma L, Xia X, Klein J (2018b) Characterising deprecated Android APIs. In: Proceedings of the 15th international conference on mining software repositories. MSR, pp 254–264

Linares-Vásquez M, Bavota G, Bernal-Cárdenas C, Di Penta M, Oliveto R, Poshyvanyk D (2013) API change and fault proneness: A threat to the success of Android apps. In: Proceedings of the 9th Joint meeting on foundations of software engineering. ACM, ESEC/FSE, pp 477–487, https://doi.org/10.1145/2491411.2491428

Linares-Vásquez M, Bavota G, Di Penta M, Oliveto R, Poshyvanyk D (2014) How do API changes trigger stack overflow discussions? a study on the Android SDK. In: Proceedings of the 22nd International Conference on Program Comprehension. ACM, ICPC, pp 83–94, https://doi.org/10.1145/2597008.2597155

Linares-Vásquez M, Moran K, Poshyvanyk D (2017) Continuous, evolutionary and large-scale: A new perspective for automated mobile app testing. In: Proceedings of the IEEE International Conference on Software Maintenance and Evolution. ICSME, pp 399–410 https://doi.org/10.1109/ICSME.2017.27

Luo T, Wu J, Yang M, Zhao S, Wu Y, Wang Y (2018) MAD-API: Detection, Correction and explanation of API misuses in distributed android applications. In: Proceedings of the 7th International conference on artificial intelligence and mobile services. Springer International Publishing, pp 123–140

McDonnell T, Ray B, Kim M (2013 ) An empirical study of API stability and adoption in the Android ecosystem. In: Proceedings of the IEEE international conference on software maintenance. https://doi.org/10.1109/ICSM.2013.18. IEEE Computer Society, ICSM, pp 70–79

Mutchler P, Safaei Y, Doupé A, Mitchell J (2016) Target fragmentation in Android apps. In: Proceedings of the IEEE Security and Privacy Workshops, SPW, pp 204–213, https://doi.org/10.1109/SPW.2016.31

Robbes R, Lungu M, Röthlisberger D (2012) How do developers react to API deprecation?: The case of a Smalltalk ecosystem. In: Proceedings of the 20th ACM SIGSOFT International Symposium on the Foundations of Software Engineering. ACM, FSE, pp 56:1–56:11 https://doi.org/10.1145/2393596.2393662

Sawant AA, Robbes R, Bacchelli A (2016) On the reaction to deprecation of 25,357 clients of 4 + 1 popular java APIs. In: Proceedings of the IEEE International Conference on Software Maintenance and Evolution, ICSME, pp 400–410 https://doi.org/10.1109/ICSME.2016.64

Scalabrino S, Bavota G, Linares-Vásquez M, Lanza M, Oliveto R (2019) Data-driven solutions to detect API compatibility issues in android: an empirical study. In: Proceedings of the 16th International Conference on Mining Software Repositories, MSR 2019, 26–27 May 2019, Montreal, Canada pp 288–298

Scalabrino S, Bavota G, Linares-Vásquez M, Piantadosi V, Lanza M, Oliveto R (2020) Replication package. https://dibt.unimol.it/report/acryl-emse/

Spencer D (2009) Card sorting: Designing usable categories. Rosenfeld Media

Wei L, Liu Y, Cheung SC (2016) Taming Android fragmentation: Characterizing and detecting compatibility issues for Android apps. In: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, ASE, pp 226–237

Wu D, Liu X, Xu J, Lo D, Gao D (2017) Measuring the declared SDK versions and their consistency with API calls in Android apps. In: Proceedings of the International Conference on Wireless Algorithms, Systems, and Applications. Springer International Publishing, pp 678–690

Zhang Z, Cai H (2019) A look into developer intentions for app compatibility in android. In: 2019 IEEE/ACM 6th international conference on mobile software engineering and systems, MOBILESoft. IEEE, pp 40–44

Zhou J, Walker R J (2016) API Deprecation: a retrospective analysis and detection method for code examples on the web. In: Proceedings of the 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM, FSE, pp 266-277, https://doi.org/10.1145/2950290.2950298

Zhou X, Lee Y, Zhang N, Naveed M, Wang X (2014) The peril of fragmentation: Security hazards in Android device driver customizations. In: Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, SP, pp 409–423, https://doi.org/10.1109/SP.2014.33

Titel: API compatibility issues in Android: Causes and effectiveness of data-driven detection techniques
verfasst von: Simone Scalabrino
Gabriele Bavota
Mario Linares-Vásquez
Valentina Piantadosi
Michele Lanza
Rocco Oliveto
Publikationsdatum: 07.10.2020
Verlag: Springer US
Erschienen in: Empirical Software Engineering / Ausgabe 6/2020
Print ISSN: 1382-3256
Elektronische ISSN: 1573-7616
DOI: https://doi.org/10.1007/s10664-020-09877-w

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 6/2020

A feature location approach for mapping application features extracted from crowd-based screencasts to source code

Correction to: On the feasibility of automated prediction of bug and non-bug issues

Testing machine learning based systems: a systematic mapping

Security analysis of permission re-delegation vulnerabilities in Android apps

Correction to: Software engineering whispers: The effect of textual vs. graphical software design descriptions on software design communication

Publish or perish, but do not forget your software artifacts

Premium Partner