CiD: automating the detection of API-related compatibility issues in Android apps

Li, Li; Bissyandé, Tegawendé F.; Wang, Haoyu; Klein, Jacques

doi:10.1145/3213846.3213857

Cited by 116 publications

(51 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Similar to our work, other works such as the one done by McDonnell et al [24] and the ones completed by Li et al [31], [32], [33] have also attempted to map API calls to their exact releases so as to resolve various API-related issues, e.g., study the stability and adoption of Android APIs [24]. Allix et al [4] have experimentally discussed the importance of considering history information (i.e., time) for ML-based malware detection of Android apps.…”

Section: Related Worksupporting

confidence: 89%

MoonlightBox: Mining Android API Histories for Uncovering Release-Time Inconsistencies

Bissyandé

Klein

2018

2018 IEEE 29th International Symposium on Software Reliability Engineering (ISSRE)

Self Cite

View full text Add to dashboard Cite

In most of the approaches aiming at investigating Android apps, the release time of apps is not appropriately taken into account. Through three empirical studies, we demonstrate that the app release time is key for guaranteeing performance. Indeed, not considering time may result in serious threats to the validity of proposed approaches. Unfortunately, even approaches considering time could present some threats to validity when release times are erroneous. Symptoms of such erroneous release times appear in the form of inconsistencies with the APIs leveraged by the app. We present a tool called MoonlightBox for uncovering time inconsistencies by inferring the lower bound assembly time of a given app based on the used API lifetime information: any assembly time below this lower bound is considered as manipulated. We further perform several experiments and confirm that 1) over 7% of Android apps are subject to time inconsistency, 2) malicious apps are more likely to be targeted by time inconsistency, compared to benign apps, 3) time inconsistencies are favoured by some specific app lineages. We eventually revisit the three motivating empirical studies, leveraging MoonlightBox to compute a more realistic timeline of apps. The experimental results confirm that time indeed matters. The accuracy of release time is even crucial to achieve precise results.

show abstract

Section: Related Worksupporting

confidence: 89%

MoonlightBox: Mining Android API Histories for Uncovering Release-Time Inconsistencies

Bissyandé

Klein

2018

2018 IEEE 29th International Symposium on Software Reliability Engineering (ISSRE)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Insight 7: Identifiers are the basic knowledge of code understanding, thus, more context information (e.g., method implementation should be considered to name method identifiers) should be considered to address fixing inconsistent identifiers. Changing identifiers, however, is not a trivial endeavor: it may break the backward compatibility of applications, and developers' understanding of code might be impacted by identifier changes [63]. This challenge may thus be a relevant and worthy target for APR research.…”

Section: B Rq2: Fault-prone Parts In Statementsmentioning

confidence: 99%

A Closer Look at Real-World Patches

Liu

Kim

Koyuncu

et al. 2018

2018 IEEE International Conference on Software Maintenance and Evolution (ICSME)

Self Cite

View full text Add to dashboard Cite

Bug fixing is a time-consuming and tedious task. To reduce the manual efforts in bug fixing, researchers have presented automated approaches to software repair. Unfortunately, recent studies have shown that the state-of-the-art techniques in automated repair tend to generate patches only for a small number of bugs even with quality issues (e.g., incorrect behavior and nonsensical changes). To improve automated program repair (APR) techniques, the community should deepen its knowledge on repair actions from real-world patches since most of the techniques rely on patches written by human developers. Previous investigations on real-world patches are limited to statement level that is not sufficiently fine-grained to build this knowledge. In this work, we contribute to building this knowledge via a systematic and fine-grained study of 16,450 bug fix commits from seven Java open-source projects. We find that there are opportunities for APR techniques to improve their effectiveness by looking at code elements that have not yet been investigated. We also discuss nine insights into tuning automated repair tools. For example, a small number of statement and expression types are recurrently impacted by real-world patches, and expression-level granularity could reduce search space of finding fix ingredients, where previous studies never explored.

show abstract

“…Despite most testing approaches are not made publicly available, it is nevertheless gratifying to observe that some of them have been leveraged in industry. For example, research tool TEMA has now been integrated into the RATA project 16 , where researchers (from Tampere University of 16. http://wiki.tut.fi/RATA/WebHome Technology) and practitioners (from Intel Finland, OptoFidelity, and VTT) work together to provide robot-assisted test automation for mobile apps.…”

Section: Research Output Usabilitymentioning

confidence: 99%

“…Second, Android fragmentation, in terms of the diversity of available OS versions and target devices (e.g., screen size varieties), is becoming acuter as now testing strategies have to take into account different execution contexts [16], [17].…”

mentioning

confidence: 99%

Automated Testing of Android Apps: A Systematic Literature Review

et al. 2019

Self Cite

View full text Add to dashboard Cite

Automated testing of Android apps is essential for app users, app developers and market maintainer communities alike. Given the widespread adoption of Android and the specificities of its development model, the literature has proposed various testing approaches for ensuring that not only functional requirements but also non-functional requirements are satisfied. In this paper, we aim at providing a clear overview of the state-of-the-art works around the topic of Android app testing, in an attempt to highlight the main trends, pinpoint the main methodologies applied and enumerate the challenges faced by the Android testing approaches as well as the directions where the community effort is still needed. To this end, we conduct a Systematic Literature Review (SLR) during which we eventually identified 103 relevant research papers published in leading conferences and journals until 2016. Our thorough examination of the relevant literature has led to several findings and highlighted the challenges that Android testing researchers should strive to address in the future. After that, we further propose a few concrete research directions where testing approaches are needed to solve recurrent issues in app updates, continuous increases of app sizes, as well as the Android ecosystem fragmentation. 1 INTRODUCTION Android smart devices have become pervasive after gaining tremendous popularity in recent years. As of July 2017, Google Play, the official app store, is distributing over 3 million Android applications (i.e., apps), covering over 30 categories ranging from entertainment and personalisation apps to education and financial apps. Such popularity among developer communities can be attributed to the accessible development environment based on familiar Java programming language as well as the availability of libraries implementing diverse functionalities [1]. The app distribution ecosystem around the official store and other alternative stores such as Anzhi and AppChina is further attractive for users to find apps and organisations to market their apps [2]. Unfortunately, the distribution ecosystem of Android is porous to poorly-tested apps [3]-[5]. Yet, as reported • ξ The corresponding author.

show abstract

CiD: automating the detection of API-related compatibility issues in Android apps

Cited by 116 publications

References 33 publications

MoonlightBox: Mining Android API Histories for Uncovering Release-Time Inconsistencies

MoonlightBox: Mining Android API Histories for Uncovering Release-Time Inconsistencies

A Closer Look at Real-World Patches

Automated Testing of Android Apps: A Systematic Literature Review

Contact Info

Product

Resources

About