Parameter Values of Android APIs: A Preliminary Study on 100,000 Apps

Li, Li; Bissyandé, Tegawendé F.; Klein, Jacques; Traon, Yves Le

doi:10.1109/saner.2016.51

Cited by 15 publications

(7 citation statements)

References 12 publications

(15 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…With the evolution of APIs, some of them may no longer fit with the new requirements of the SDK, e.g., because of security or performance reasons [20]. SDK maintainers thus need to remove such APIs so as to prevent their usage in client apps.…”

Section: Deprecated Apismentioning

confidence: 99%

Characterising deprecated Android APIs

Gao

Bissyandé

et al. 2018

Proceedings of the 15th International Conference on Mining Software Repositories

Self Cite

View full text Add to dashboard Cite

Because of functionality evolution, or security and performancerelated changes, some APIs eventually become unnecessary in a software system and thus need to be cleaned to ensure proper maintainability. Those APIs are typically marked first as deprecated APIs and, as recommended, follow through a deprecated-replaceremove cycle, giving an opportunity to client application developers to smoothly adapt their code in next updates. Such a mechanism is adopted in the Android framework development where thousands of reusable APIs are made available to Android app developers. In this work, we present a research-based prototype tool called CDA and apply it to different revisions (i.e., releases or tags) of the Android framework code for characterising deprecated APIs. Based on the data mined by CDA, we then perform an exploratory study on API deprecation in the Android ecosystem and the associated challenges for maintaining quality apps. In particular, we investigate the prevalence of deprecated APIs, their annotations and documentation, their removal and consequences, their replacement messages, as well as developer reactions to API deprecation. Experimental results reveal several findings that further provide promising insights for future research directions related to deprecated Android APIs. Notably, by mining the source code of the Android framework base, we have identified three bugs related to deprecated APIs. These bugs have been quickly assigned and positively appreciated by the framework maintainers, who claim that these issues will be updated in future releases.

show abstract

Section: Deprecated Apismentioning

confidence: 99%

Characterising deprecated Android APIs

Gao

Bissyandé

et al. 2018

Proceedings of the 15th International Conference on Mining Software Repositories

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, instead of focusing on usage obstacles, they investigated the usage pattern of energygreedy APIs, attempting to answer the question whether the anomalous energy consumption is unavoidable or is due to sub-optimal usage or choice of APIs. Li et al [44] empirically investigated the parameter values of Android APIs. Their experimental results have shown that actually parameter values, harvested from a large scale of apps, could be leveraged to recommend practice usage of APIs.…”

Section: Related Workmentioning

confidence: 99%

Accessing Inaccessible Android APIs: An Empirical Study

Bissyandé

Traon

et al. 2016

2016 IEEE International Conference on Software Maintenance and Evolution (ICSME)

Self Cite

View full text Add to dashboard Cite

Abstract-As Android becomes a de-facto choice of development platform for mobile apps, developers extensively leverage its accompanying Software Development Kit to quickly build their apps. This SDK comes with a set of APIs which developers may find limited in comparison to what system apps can do or what framework developers are preparing to harness capabilities of new generation devices. Thus, developers may attempt to explore in advance the normally "inaccessible" APIs for building unique API-based functionality in their app.The Android programming model is unique in its kind. Inaccessible APIs, which however are used by developers, constitute yet another specificity of Android development, and is worth investigating to understand what they are, how they evolve over time, and who uses them. To that end, in this work, we empirically investigate 17 important releases of the Android framework source code base, and we find that inaccessible APIs are commonly implemented in the Android framework, which are further neither forward nor backward compatible. Moreover, a small set of inaccessible APIs can eventually become publicly accessible, while most of them are removed during the evolution, resulting in risks for such apps that have leveraged inaccessible APIs. Finally, we show that inaccessible APIs are indeed accessed by third-party apps, and the official Google Play store has tolerated the proliferation of apps leveraging inaccessible API methods.

show abstract

“…These studies tackled the negative effects of a library and host app running without isolation with the same privileges. Li et al indicated that piggybacked apps with a library containing malicious code can mislead security analysis [24]. Bhoraskar et al also mentioned that a host app as a whole can become vulnerable if there are bugs in the library [9].…”

Section: Library Analysismentioning

confidence: 99%

Study on the Vulnerabilities of Free and Paid Mobile Apps Associated with Software Library

Watanabe

Akiyama²,

Kanei³

et al. 2020

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

This paper reports a large-scale study that aims to understand how mobile application (app) vulnerabilities are associated with software libraries. We analyze both free and paid apps. Studying paid apps was quite meaningful because it helped us understand how differences in app development/maintenance affect the vulnerabilities associated with libraries. We analyzed 30k free and paid apps collected from the official Android marketplace. Our extensive analyses revealed that approximately 70%/50% of vulnerabilities of free/paid apps stem from software libraries, particularly from third-party libraries. Somewhat paradoxically, we found that more expensive/popular paid apps tend to have more vulnerabilities. This comes from the fact that more expensive/popular paid apps tend to have more functionality, i.e., more code and libraries, which increases the probability of vulnerabilities. Based on our findings, we provide suggestions to stakeholders of mobile app distribution ecosystems.

show abstract

Parameter Values of Android APIs: A Preliminary Study on 100,000 Apps

Cited by 15 publications

References 12 publications

Characterising deprecated Android APIs

Characterising deprecated Android APIs

Accessing Inaccessible Android APIs: An Empirical Study

Study on the Vulnerabilities of Free and Paid Mobile Apps Associated with Software Library

Contact Info

Product

Resources

About