Skip to main content
Log in

API compatibility issues in Android: Causes and effectiveness of data-driven detection techniques

  • Published:
Empirical Software Engineering Aims and scope Submit manuscript

Abstract

Android fragmentation is a well-known issue referring to the adoption of different versions in the multitude of devices supporting such an operating system. Each Android version features a set of APIs provided to developers. These APIs are subject to changes and may cause compatibility issues. To support app developers, approaches have been proposed to automatically identify API compatibility issues. CiD, the state-of-the-art approach, is a data-driven solution learning how to detect those issues by analyzing the change history of Android APIs (“API side” learning). In this paper (extension of our MSR 2019 paper), we present an alternative data-driven approach, named ACRyL. ACRyL learns from changes implemented in apps in response to API changes (“client side” learning). When comparing these two solutions on 668 apps, for a total of 11,863 snapshots, we found that there is no clear winner, since the two techniques are highly complementary, and none of them provides a comprehensive support in detecting API compatibility issues: ACRyL achieves a precision of 7.0% (28.0%, when considering only the severe warnings), while CiD achieves a precision of 18.4%. This calls for more research in this field, and led us to run a second empirical study in which we manually analyze 500 pull-requests likely related to the fixing of compatibility issues, documenting the root cause behind the fixed issue. The most common causes are related to changes in the Android APIs (\(\sim \) 87%), while about 13% of the issues are related to external causes, such as build and distribution, dependencies, and the app itself. The provided empirical knowledge can inform the building of better tools for the detection of API compatibility issues.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Notes

  1. https://github.com/libgdx/libgdx/issues/5059

  2. A third attribute, android:maxSdkVersion, does also exist, but the Android documentation recommends to not declare it, since by default it is set to the latest available API version.

  3. https://developer.android.com/guide/topics/manifest/uses-sdk-element

  4. https://developer.android.com/reference/android/os/Build.VERSION_CODES

  5. https://developer.android.com/topic/libraries/support-library

  6. We used CiD instead of IctApiFinder since it is publicly available.

  7. http://code.google.com/p/dex2jar

  8. http://wala.sourceforge.net/

  9. We identified Android APIs by checking the package the class implementing the API comes from. The list of packages we consider as part of the Android APIs is available in our replication package.

  10. https://www.f-droid.org/

  11. https://github.com/andresth/Kandroid/commit/0b0d04

  12. https://github.com/gsantner/dandelion/commit/af0070

  13. https://github.com/no-go/RickApp/commit/05efde

  14. https://developer.android.com/preview

  15. https://github.com/ankidroid/Anki-Android/pull/4897

  16. https://developer.android.com/about/versions/marshmallow/android-6.0-changes

  17. https://developer.android.com/about/versions/nougat/android-7.0-changes

  18. https://github.com/SilenceIM/Silence/pull/45

  19. https://developer.android.com/about/versions/android-5.1

  20. https://github.com/andOTP/andOTP/pull/160

  21. https://github.com/tuskyapp/Tusky/pull/731

  22. https://github.com/lordi/tickmate/pull/76

  23. https://github.com/xargsgrep/PortKnocker/pull/15

  24. https://github.com/mozilla-mobile/focus-android/pull/3053

  25. https://developer.android.com/about/versions/marshmallow/android-6.0-changes

  26. https://developer.android.com/about/versions/oreo/android-8.0-changes

  27. https://github.com/sandsmark/QuasselDroid/pull/286

  28. https://github.com/openhab/openhab-android/pull/592

  29. https://developer.android.com/about/versions/pie/android-9.0-changes-28

  30. https://github.com/wallabag/android-app/pull/794

  31. https://github.com/wallabag/android-app/pull/311

  32. https://developer.android.com/about/versions/marshmallow/android-6.0-changes

  33. https://github.com/syncthing/syncthing-android/pull/918

References

  • Amann S, Nadi S, Nguyen HA, Nguyen TN, Mezini M (2016) MUBench: A benchmark for API-misuse detectors. In: Proceedings of the 13th IEEE/ACM Working Conference on Mining Software Repositories, MSR. https://doi.org/10.1109/MSR.2016.055, pp 464–467

  • Amann S, Nguyen HA, Nadi S, Nguyen TN, Mezini M (2018) A systematic evaluation of static API-misuse detectors. IEEE Transactions on Software Engineering, https://doi.org/10.1109/TSE.2018.2827384

  • Backes M, Bugiel S, Derr E, McDaniel P, Octeau D, Weisgerber S (2016) On demystifying the android application framework: Re-visiting android permission specification analysis. In: 25th {USENIX} security symposium ({USENIX} security 16), pp 1101–1118

  • Bartel A, Klein J, Le Traon Y, Monperrus M (2012) Automatically securing permission-based software by reducing the attack surface: An application to android. In: 2012 Proceedings of the 27th IEEE/ACM international conference on automated software engineering. IEEE, pp 274–277

  • Bavota G, Linares-Vásquez M, Bernal-Cárdenas CE, Penta MD, Oliveto R, Poshyvanyk D (2015) The impact of API change- and fault-proneness on the user ratings of Android apps. IEEE Trans Softw Eng 41(4):384–407. https://doi.org/10.1109/TSE.2014.2367027

    Article  Google Scholar 

  • Brito G, Hora A, Valente MT, Robbes R (2016) Do developers deprecate APIs with replacement messages? A large-scale analysis on java systems. In: Proceedings of the 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering, SANER. https://doi.org/10.1109/SANER.2016.99, vol 1, pp 360–369

  • Choudhary SR, Gorla A, Orso A (2015) Automated test input generation for Android: Are we there yet?. In: Proceedings of the 30th IEEE/ACM international conference on automated software engineering, IEEE Computer Society, ASE, pp 429–440, https://doi.org/10.1109/ASE.2015.89

  • Dilhara M, Cai H, Jenkins J (2018) Automated detection and repair of incompatible uses of runtime permissions in android apps. In: Proceedings of the 5th International Conference on Mobile Software Engineering and Systems. ACM, pp 67–71

  • Fazzini M, Orso A (2017) Automated cross-platform inconsistency detection for mobile apps. In: Proceedings of the 32Nd IEEE/ACM international conference on automated software engineering. IEEE Press, pp 308–318

  • Han D, Zhang C, Fan X, Hindle A, Wong K, Stroulia E (2012) Understanding android fragmentation with topic analysis of vendor-specific bugs. In: Proceedings of the 19th working conference on reverse engineering. WCRE, pp 83–92 https://doi.org/10.1109/WCRE.2012.18

  • He D, Li L, Wang L, Zheng H, Li G, Xue J (2018) Understanding and detecting evolution-induced compatibility issues in Android apps. In: Proceedings of the 33rd ACM/IEEE international conference on automated software engineering. ACM, ASE, pp 167–177, https://doi.org/10.1145/3238147.3238185

  • Joorabchi ME, Mesbah A, Kruchten P (2013) Real challenges in mobile app development. In: Proceedings of the ACM/IEEE International symposium on empirical software engineering and measurement. ESEM, pp 15–24 https://doi.org/10.1109/ESEM.2013.9

  • Li L, Bissyandé TF, Le Traon Y, Klein J (2016) Accessing inaccessible Android APIs: An empirical study. In: Proceedings of the IEEE international conference on software maintenance and evolution. ICSME, pp 411–422 https://doi.org/10.1109/ICSME.2016.35

  • Li L, Bissyandé TF, Wang H, Klein J (2018a) CiD: Automating the detection of API-related compatibility issues in Android apps. In: Proceedings of the 27th ACM SIGSOFT international symposium on software testing and analysis. ISSTA, pp 153–163

  • Li L, Gao J, Bissyandé TF, Ma L, Xia X, Klein J (2018b) Characterising deprecated Android APIs. In: Proceedings of the 15th international conference on mining software repositories. MSR, pp 254–264

  • Linares-Vásquez M, Bavota G, Bernal-Cárdenas C, Di Penta M, Oliveto R, Poshyvanyk D (2013) API change and fault proneness: A threat to the success of Android apps. In: Proceedings of the 9th Joint meeting on foundations of software engineering. ACM, ESEC/FSE, pp 477–487, https://doi.org/10.1145/2491411.2491428

  • Linares-Vásquez M, Bavota G, Di Penta M, Oliveto R, Poshyvanyk D (2014) How do API changes trigger stack overflow discussions? a study on the Android SDK. In: Proceedings of the 22nd International Conference on Program Comprehension. ACM, ICPC, pp 83–94, https://doi.org/10.1145/2597008.2597155

  • Linares-Vásquez M, Moran K, Poshyvanyk D (2017) Continuous, evolutionary and large-scale: A new perspective for automated mobile app testing. In: Proceedings of the IEEE International Conference on Software Maintenance and Evolution. ICSME, pp 399–410 https://doi.org/10.1109/ICSME.2017.27

  • Luo T, Wu J, Yang M, Zhao S, Wu Y, Wang Y (2018) MAD-API: Detection, Correction and explanation of API misuses in distributed android applications. In: Proceedings of the 7th International conference on artificial intelligence and mobile services. Springer International Publishing, pp 123–140

  • McDonnell T, Ray B, Kim M (2013 ) An empirical study of API stability and adoption in the Android ecosystem. In: Proceedings of the IEEE international conference on software maintenance. https://doi.org/10.1109/ICSM.2013.18. IEEE Computer Society, ICSM, pp 70–79

  • Mutchler P, Safaei Y, Doupé A, Mitchell J (2016) Target fragmentation in Android apps. In: Proceedings of the IEEE Security and Privacy Workshops, SPW, pp 204–213, https://doi.org/10.1109/SPW.2016.31

  • Robbes R, Lungu M, Röthlisberger D (2012) How do developers react to API deprecation?: The case of a Smalltalk ecosystem. In: Proceedings of the 20th ACM SIGSOFT International Symposium on the Foundations of Software Engineering. ACM, FSE, pp 56:1–56:11 https://doi.org/10.1145/2393596.2393662

  • Sawant AA, Robbes R, Bacchelli A (2016) On the reaction to deprecation of 25,357 clients of 4 + 1 popular java APIs. In: Proceedings of the IEEE International Conference on Software Maintenance and Evolution, ICSME, pp 400–410 https://doi.org/10.1109/ICSME.2016.64

  • Scalabrino S, Bavota G, Linares-Vásquez M, Lanza M, Oliveto R (2019) Data-driven solutions to detect API compatibility issues in android: an empirical study. In: Proceedings of the 16th International Conference on Mining Software Repositories, MSR 2019, 26–27 May 2019, Montreal, Canada pp 288–298

  • Scalabrino S, Bavota G, Linares-Vásquez M, Piantadosi V, Lanza M, Oliveto R (2020) Replication package. https://dibt.unimol.it/report/acryl-emse/

  • Spencer D (2009) Card sorting: Designing usable categories. Rosenfeld Media

  • Wei L, Liu Y, Cheung SC (2016) Taming Android fragmentation: Characterizing and detecting compatibility issues for Android apps. In: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, ASE, pp 226–237

  • Wu D, Liu X, Xu J, Lo D, Gao D (2017) Measuring the declared SDK versions and their consistency with API calls in Android apps. In: Proceedings of the International Conference on Wireless Algorithms, Systems, and Applications. Springer International Publishing, pp 678–690

  • Zhang Z, Cai H (2019) A look into developer intentions for app compatibility in android. In: 2019 IEEE/ACM 6th international conference on mobile software engineering and systems, MOBILESoft. IEEE, pp 40–44

  • Zhou J, Walker R J (2016) API Deprecation: a retrospective analysis and detection method for code examples on the web. In: Proceedings of the 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM, FSE, pp 266-277, https://doi.org/10.1145/2950290.2950298

  • Zhou X, Lee Y, Zhang N, Naveed M, Wang X (2014) The peril of fragmentation: Security hazards in Android device driver customizations. In: Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, SP, pp 409–423, https://doi.org/10.1109/SP.2014.33

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Simone Scalabrino.

Additional information

Communicated by: Yasutaka Kamei and Andy Zaidman

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Scalabrino and Oliveto gratefully acknowledge the financial support of the Italian Ministry of Education and Research for the PON-ARS01 00860 project on “Ambient-intelligent Tele-monitoring and Telemetry for Incepting and Catering over hUman Sustainability -ATTICUS”.

Bavota gratefully acknowledges the financial support of the Swiss National Science Foundation for the CCQR project (SNF Project No. 175513).

Lanza gratefully acknowledges the financial support of the Swiss National Science Foundation for the SNF-NRP 75 project on “Exploratory Visual Analytics for Interaction Graphs”.

This article belongs to the Topical Collection: Mining Software Repositories (MSR)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Scalabrino, S., Bavota, G., Linares-Vásquez, M. et al. API compatibility issues in Android: Causes and effectiveness of data-driven detection techniques. Empir Software Eng 25, 5006–5046 (2020). https://doi.org/10.1007/s10664-020-09877-w

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10664-020-09877-w

Keywords

Navigation