Abstract
When developing new software, third-party libraries are commonly used to reduce implementation efforts. However, even these libraries undergo evolution activities to offer new functionalities and fix bugs or security issues. The research community has mainly investigated third-party libraries in the context of desktop applications, while only little is known regarding the mobile context. In this paper, we bridge this gap by investigating when, how, and why mobile developers update third-party libraries. By mining 2752 mobile apps, we study (i) whether mobile developers update third-party libraries, (ii) how much such apps lag behind the latest version of their dependencies, (iii) which are the categories of libraries that are more prone to be updated, and (iv) what are the common patterns followed by developers when updating a library. Then, we perform a survey with 73 mobile developers that aims at shedding lights on the reasons why they update (or not) third-party libraries. We find that mobile developers rarely update libraries, and when they do, they mainly tend to update libraries related to the Graphical User Interface. Avoiding bug propagation and making the app compatible with new Android releases are the top reasons why developers update their libraries.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
In this paper we refer to version change to indicate every type of change performed by developers of a mobile app in the usage of a third-party library, i.e., a version change can be an upgrade toward a newer version of a library or downgrade toward a lower one.
References
Antoine JY, Villaneau J, Lefeuvre A (2014) Weighted Krippendorff’s alpha is a more reliable metrics for multi-coders ordinal annotations: experimental studies on emotion, opinion and coreference annotation. In: European chapter of the association for computational linguistics (EACL), pp 550–559
Azad SA (2015) Empirical studies of android API usage: suggesting related API calls and detecting license violations. PhD thesis, Concordia University
Backes M, Bugiel S, Derr E (2016) Reliable third-party library detection in android and its security applications. In: ACM Conference on computer and communications security (CCS), pp 356–367
Bauer V, Heinemann L, Deissenboeck F (2012) A structured approach to assess third-party library usage. In: IEEE international conference on software maintenance (ICSM), pp 483–492
Bavota G, Linares-Vasquez M, Bernal-Cardenas CE, Di Penta M, Oliveto R, Poshyvanyk D (2015) The impact of API change- and fault-proneness on the user ratings of android Apps. IEEE Trans Softw Eng 41(4):384–407
Black S (2001) Computing ripple effect for software maintenance. J Softw Maintenance 13(4):263–279
Borges HS, Valente MT (2015) Mining usage patterns for the android API. PeerJ Comput Sci 1:e12
Catolino G (2018) Does source code quality reflect the ratings of Apps? In: IEEE/ACM International conference on mobile software engineering and systems (MOBILESoft), pp 43–44
Chen N, Lin J, Hoi SC, Xiao X, Zhang B (2014) AR-miner: mining informative reviews for developers from mobile App marketplace. In: IEEE/ACM International conference on software engineering (ICSE), pp 767–778
Chow K, Notkin D (1996) Semi-automatic update of applications in response to library changes. In: International conference on software maintenance (ICSM), pp 359–368
Coelho J, Valente MT (2017) Why modern open source projects fail. In: ACM Joint European software engineering conference and symposium on the foundations of software engineering (ESEC/FSE), pp 186–196
Decan A, Mens T, Constantinou E (2018) On the evolution of technical lag in the npm package dependency network. In: IEEE International conference on software maintenance and evolution (ICSME), pp 404–414
Dering ML, McDaniel P (2014) Android market reconstruction and analysis. In: IEEE Military communications conference (MILCOM), pp 300–305
Derr E, Bugiel S, Fahl S, Acar Y, Backes M (2017) Keep me updated: an empirical study of third-party library updatability on android. In: ACM SIGSAC conference on computer and communications security (CCS), pp 2187–2200
Dig D, Johnson R (2006) How do APIs evolve? A story of refactoring. J Softw Maint Evol Res Pract 18(2):83–107
Fu B, Lin J, Li L, Faloutsos C, Hong J, Sadeh N (2013) Why people hate your App: making sense of user feedback in a mobile App store. In: ACM SIGKDD conference on knowledge discovery and data mining (KDD), pp 1276–1284
Geiger FX, Malavolta I, Pascarella L, Palomba F, Di Nucci D, Bacchelli A (2018) A graph-based dataset of commit history of real-world android Apps. In: IEEE Working conference on mining software repositories (MSR), pp 30–33
Given LM (2008) The sage encyclopedia of qualitative research methods. Sage Publications
Grandcolas U, Rettie R, Marusenko K (2003) Web survey bias: sample or mode effect? J Mark Manag 19(5–6):541–561
Grano G, Ciurumelea A, Panichella S, Palomba F, Gall HC (2018) Exploring the integration of user feedback in automated testing of android applications. In: IEEE International conference on software analysis, evolution and reengineering (SANER)
Gwet KL (2014) Handbook of inter-rater reliability: the definitive guide to measuring the extent of agreement among raters. Advanced Analytics
Haney FM (1972) Module connection analysis: a tool for scheduling software debugging activities. In: Fall joint computer conference, pp 173–179
Hou D, Yao X (2011) Exploring the intent behind Api evolution: a case study. In: Working conference on reverse engineering (WCRE), pp 131–140
Joorabchi ME, Mesbah A, Kruchten P (2013) Real challenges in mobile App development. In: ACM/IEEE International symposium on empirical software engineering and measurement (ESEM), pp 15–24
Khalid H, Shihab E, Nagappan M, Hassan AE (2015) What do mobile App users complain about? IEEE Softw 32(3):70–77
Khandkar SH (2009) Open coding. Tech. rep., University of Calgary
Khondhu J, Capiluppi A, Stol KJ (2013) Is it all lost? A study of inactive open source projects. In: IFIP international conference on open source systems, pp 61–79
Kirubakaran B, Karthikeyani V (2013) Mobile application testing: challenges and solution approach through automation. In: International conference on pattern recognition, informatics and mobile engineering (PRIME), pp 79–84
Krippendorff K (2004) Content analysis: an introduction to its methodology, 2nd edn. Sage Publications
Krippendorff K (2011) Computing Krippendorff’s alpha-reliability. Tech. rep., University of Pennsylvania
Kruchten P, Nord RL, Ozkaya I (2012) Technical debt: from metaphor to theory and practice. IEEE Softw 29(6):18–21
Krutz DE, Mirakhorli M, Malachowsky SA, Ruiz A, Peterson J, Filipski A, Smith J (2015) A dataset of open-source android applications. In: IEEE working conference on mining software repositories (MSR), pp 522–525
Kula RG, German DM, Ouni A, Ishio T, Inoue K (2017) Do developers update their library dependencies? Empir Softw Eng, 1–34
Lämmel R, Pek E, Starek J (2011) Large-scale, AST-based API-usage analysis of open-source java projects. In: ACM/SIGAPP symposium on applied computing (SAC), pp 1317–1324
Lehman MM, Belady LA (eds) (1985) Program Evolution: Processes of Software Change. Academic Press Professional, Cambridge
Linares-Vásquez M (2014) Supporting evolution and maintenance of android Apps. In: Doctoral symposium of IEEE/ACM international conference on software engineering (ICSE), pp 714–717
Linares-Vásquez M, Bavota G, Bernal-Cárdenas C, Di Penta M, Oliveto R, Poshyvanyk D (2013) API change and fault proneness: a threat to the success of android Apps. In: ACM Joint European software engineering conference and symposium on the foundations of software engineering (ESEC/FSE), pp 477–487
Linares-Vásquez M, Holtzhauer A, Bernal-Cárdenas C, Poshyvanyk D (2014) Revisiting android reuse studies in the context of code obfuscation and library usages. In: IEEE Working conference on mining software repositories (MSR), pp 242–251
Martin W, Sarro F, Jia Y, Zhang Y, Harman M (2017) A survey of App store analysis for software engineering. IEEE Trans Softw Eng 43(9):817–847
Mileva YM, Dallmeier V, Burger M, Zeller A (2009) Mining trends of library usage. In: International workshop on principles of software evolution and annual workshop on software evolution (IWPSE/EVOL), pp 57–62
Minelli R, Lanza M (2013a) SAMOA: a visual software analytics platform for mobile applications. In: IEEE International conference on software maintenance (ICSM), pp 476–479
Minelli R, Lanza M (2013b) Software analytics for mobile applications: insights & lessons learned. In: European conference on software maintenance and reengineering (CSMR), pp 144–153
Mojica Ruiz IJ, Nagappan M, Adams B, Hassan AE (2012) Understanding reuse in the android market. In: IEEE International conference on program comprehension (ICPC), pp 113–122
Mojica Ruiz IJ, Adams B, Nagappan M, Dienst S, Berger T, Hassan AE (2014) A large-scale empirical study on software reuse in mobile Apps. IEEE Softw 31(2):78–86
Mojica Ruiz IJ, Nagappan M, Adams B, Berger T, Dienst S, Hassan AE (2016) Analyzing Ad library updates in android Apps. IEEE Softw 33(2):74–80
Montandon JE, Borges H, Felix D, Valente MT (2013) Documenting APIs with examples: lessons learned with the APIMiner platform. In: Working conference on reverse engineering (WCRE), pp 401–408
Muccini H, Di Francesco A, Esposito P (2012) Software testing of mobile applications: challenges and future research directions. In: International workshop on automation of software test (AST), pp 29–35
Nickerson RS (1998) Confirmation bias: a ubiquitous phenomenon in many guises. Rev Gen Psychol 2(2):175–220
Pagano D, Maalej W (2013) User feedback in the Appstore: an empirical study. In: IEEE International requirements engineering conference (RE), pp 125–134
Palomba F, Bavota G, Di Penta M, Oliveto R, De Lucia A (2014) Do they really smell bad? A study on developers’ perception of bad code smells. In: IEEE International conference on software maintenance and evolution (ICSME), pp 101–110
Palomba F, Salza P, Ciurumelea A, Panichella S, Gall H, Ferrucci F, De Lucia A (2017) Recommending and localizing change requests for mobile Apps based on user reviews. In: IEEE/ACM International conference on software engineering (ICSE), pp 106–117
Palomba F, Linares-Vásquez M, Bavota G, Oliveto R, Di Penta M, Poshyvanyk D, De Lucia A (2018a) Crowdsourcing user reviews, to support the evolution of mobile Apps. J Syst Softw 137:143–162
Palomba F, Panichella A, Zaidman A, Oliveto R, De Lucia A (2018b) The scent of a smell: an extensive comparison between textual and structural smells. IEEE Trans Softw Eng 44:10
Palomba F, Di Nucci D, Panichella A, Zaidman A, De Lucia A (2019) On the impact of code smells on the energy consumption of mobile applications. Inf Softw Technol 105:43–55
Pascarella L, Geiger FX, Palomba F, Di Nucci D, Malavolta I, Bacchelli A (2018) Self-reported activities of android developers. In: IEEE/ACM International conference on mobile software engineering and systems (MOBILESoft), pp 144–155
Raemaekers S, van Deursen A, Visser J (2012) Measuring software library stability through historical version analysis. In: IEEE International conference on software maintenance (ICSM), pp 378–387
Robbes R, Lungu M, Röthlisberger D (2012) How do developers react to API deprecation? The case of a smalltalk ecosystem. In: ACM SIGSOFT international symposium on the foundations of software engineering (FSE), p 56
Salza P, Palomba F, Di Nucci D, D’Uva C, De Lucia A, Ferrucci F (2018) Do Developers update third-party libraries in mobile Apps? In: IEEE/ACM International conference on program comprehension (ICPC), pp 255–265
Salza P, Palomba F, Di Nucci D, De Lucia A, Ferrucci F (2019) Third-party libraries in mobile Apps: when, how, and why developers update them - appendix. https://doi.org/10.6084/m9.figshare.9366341
Scalabrino S, Bavota G, Russo B, Oliveto R, Di Penta M (2017) Listening to the crowd for the release planning of mobile Apps. IEEE Trans Softw Eng, 68–86
Seneviratne S, Kolamunna H, Seneviratne A (2015) A measurement study of tracking in paid mobile applications. In: ACM Conference on security & privacy in wireless and mobile networks (WiSec), p 7
Sommerville I (2006) Software engineering. Addison-Wesley
Strauss A, Corbin J (1998) Basics of qualitative research techniques. Sage Publications
Syer MD, Nagappan M, Hassan AE, Adams B (2013) Revisiting prior empirical findings for mobile Apps: an empirical case study on the 15 most popular open-source android Apps. In: Conference of the center for advanced studies on collaborative research (CASCON), pp 283–297
Tian Y, Nagappan M, Lo D, Hassan AE (2015) What are the characteristics of high-rated Apps? A case study on free android applications. In: IEEE International conference on software maintenance and evolution (ICSME), pp 301–310
Vassallo C, Panichella S, Palomba F, Proksch S, Zaidman A, Gall HC (2018) Context is King: the developer perspective on the usage of static analysis tools. In: IEEE International conference on software analysis, evolution and reengineering (SANER), pp 38–49
Viennot N, Garcia E, Nieh J (2014) A measurement study of Google Play. ACM SIGMETRICS Perform Evalu Rev 42:221–233
Yau SS, Collofello JS, MacGregor TM (1993) Ripple effect analysis of software maintenance. In: Shepperd M (ed) Software engineering metrics I: measures and validations, pp 71–82
Zerouali A, Constantinou E, Mens T, Robles G, González-Barahona J (2018) An empirical analysis of technical lag in Npm package dependencies. In: International conference on software reuse (ICSR), pp 95–110
Zerouali A, Mens T, González-Barahona J, Decan A, Constantinou E, Robles GA (2019) Formal framework for measuring technical lag in component repositories and its application to NPM. Journal of Software: Evolution and Process, e2157
Zhang J, Sagar S, Shihab E (2013) The evolution of mobile Apps: an exploratory study. In: International workshop on software development lifecycle for mobile (DeMobile), pp 1–8
Acknowledgments
The authors would like to thank the Associate Editor and anonymous reviewers for the constructive feedback that has been instrumental to improve the quality of our work. Fabio Palomba gratefully acknowledges the support of the Swiss National Science Foundation through the SNF Project No. PP00P2_170529. Dario Di Nucci is partially supported by the Excellence of Science Project SECO-Assist (O015718F, FWO-Vlaanderen and F.R.S.-FNRS).
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by: Chanchal Roy, Janet Siegmund, and David Lo
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Salza, P., Palomba, F., Di Nucci, D. et al. Third-party libraries in mobile apps. Empir Software Eng 25, 2341–2377 (2020). https://doi.org/10.1007/s10664-019-09754-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10664-019-09754-1