Abstract
Android fragmentation is a well-known issue referring to the adoption of different versions in the multitude of devices supporting such an operating system. Each Android version features a set of APIs provided to developers. These APIs are subject to changes and may cause compatibility issues. To support app developers, approaches have been proposed to automatically identify API compatibility issues. CiD, the state-of-the-art approach, is a data-driven solution learning how to detect those issues by analyzing the change history of Android APIs (“API side” learning). In this paper (extension of our MSR 2019 paper), we present an alternative data-driven approach, named ACRyL. ACRyL learns from changes implemented in apps in response to API changes (“client side” learning). When comparing these two solutions on 668 apps, for a total of 11,863 snapshots, we found that there is no clear winner, since the two techniques are highly complementary, and none of them provides a comprehensive support in detecting API compatibility issues: ACRyL achieves a precision of 7.0% (28.0%, when considering only the severe warnings), while CiD achieves a precision of 18.4%. This calls for more research in this field, and led us to run a second empirical study in which we manually analyze 500 pull-requests likely related to the fixing of compatibility issues, documenting the root cause behind the fixed issue. The most common causes are related to changes in the Android APIs (\(\sim \) 87%), while about 13% of the issues are related to external causes, such as build and distribution, dependencies, and the app itself. The provided empirical knowledge can inform the building of better tools for the detection of API compatibility issues.
Similar content being viewed by others
Notes
A third attribute, android:maxSdkVersion, does also exist, but the Android documentation recommends to not declare it, since by default it is set to the latest available API version.
We used CiD instead of IctApiFinder since it is publicly available.
We identified Android APIs by checking the package the class implementing the API comes from. The list of packages we consider as part of the Android APIs is available in our replication package.
References
Amann S, Nadi S, Nguyen HA, Nguyen TN, Mezini M (2016) MUBench: A benchmark for API-misuse detectors. In: Proceedings of the 13th IEEE/ACM Working Conference on Mining Software Repositories, MSR. https://doi.org/10.1109/MSR.2016.055, pp 464–467
Amann S, Nguyen HA, Nadi S, Nguyen TN, Mezini M (2018) A systematic evaluation of static API-misuse detectors. IEEE Transactions on Software Engineering, https://doi.org/10.1109/TSE.2018.2827384
Backes M, Bugiel S, Derr E, McDaniel P, Octeau D, Weisgerber S (2016) On demystifying the android application framework: Re-visiting android permission specification analysis. In: 25th {USENIX} security symposium ({USENIX} security 16), pp 1101–1118
Bartel A, Klein J, Le Traon Y, Monperrus M (2012) Automatically securing permission-based software by reducing the attack surface: An application to android. In: 2012 Proceedings of the 27th IEEE/ACM international conference on automated software engineering. IEEE, pp 274–277
Bavota G, Linares-Vásquez M, Bernal-Cárdenas CE, Penta MD, Oliveto R, Poshyvanyk D (2015) The impact of API change- and fault-proneness on the user ratings of Android apps. IEEE Trans Softw Eng 41(4):384–407. https://doi.org/10.1109/TSE.2014.2367027
Brito G, Hora A, Valente MT, Robbes R (2016) Do developers deprecate APIs with replacement messages? A large-scale analysis on java systems. In: Proceedings of the 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering, SANER. https://doi.org/10.1109/SANER.2016.99, vol 1, pp 360–369
Choudhary SR, Gorla A, Orso A (2015) Automated test input generation for Android: Are we there yet?. In: Proceedings of the 30th IEEE/ACM international conference on automated software engineering, IEEE Computer Society, ASE, pp 429–440, https://doi.org/10.1109/ASE.2015.89
Dilhara M, Cai H, Jenkins J (2018) Automated detection and repair of incompatible uses of runtime permissions in android apps. In: Proceedings of the 5th International Conference on Mobile Software Engineering and Systems. ACM, pp 67–71
Fazzini M, Orso A (2017) Automated cross-platform inconsistency detection for mobile apps. In: Proceedings of the 32Nd IEEE/ACM international conference on automated software engineering. IEEE Press, pp 308–318
Han D, Zhang C, Fan X, Hindle A, Wong K, Stroulia E (2012) Understanding android fragmentation with topic analysis of vendor-specific bugs. In: Proceedings of the 19th working conference on reverse engineering. WCRE, pp 83–92 https://doi.org/10.1109/WCRE.2012.18
He D, Li L, Wang L, Zheng H, Li G, Xue J (2018) Understanding and detecting evolution-induced compatibility issues in Android apps. In: Proceedings of the 33rd ACM/IEEE international conference on automated software engineering. ACM, ASE, pp 167–177, https://doi.org/10.1145/3238147.3238185
Joorabchi ME, Mesbah A, Kruchten P (2013) Real challenges in mobile app development. In: Proceedings of the ACM/IEEE International symposium on empirical software engineering and measurement. ESEM, pp 15–24 https://doi.org/10.1109/ESEM.2013.9
Li L, Bissyandé TF, Le Traon Y, Klein J (2016) Accessing inaccessible Android APIs: An empirical study. In: Proceedings of the IEEE international conference on software maintenance and evolution. ICSME, pp 411–422 https://doi.org/10.1109/ICSME.2016.35
Li L, Bissyandé TF, Wang H, Klein J (2018a) CiD: Automating the detection of API-related compatibility issues in Android apps. In: Proceedings of the 27th ACM SIGSOFT international symposium on software testing and analysis. ISSTA, pp 153–163
Li L, Gao J, Bissyandé TF, Ma L, Xia X, Klein J (2018b) Characterising deprecated Android APIs. In: Proceedings of the 15th international conference on mining software repositories. MSR, pp 254–264
Linares-Vásquez M, Bavota G, Bernal-Cárdenas C, Di Penta M, Oliveto R, Poshyvanyk D (2013) API change and fault proneness: A threat to the success of Android apps. In: Proceedings of the 9th Joint meeting on foundations of software engineering. ACM, ESEC/FSE, pp 477–487, https://doi.org/10.1145/2491411.2491428
Linares-Vásquez M, Bavota G, Di Penta M, Oliveto R, Poshyvanyk D (2014) How do API changes trigger stack overflow discussions? a study on the Android SDK. In: Proceedings of the 22nd International Conference on Program Comprehension. ACM, ICPC, pp 83–94, https://doi.org/10.1145/2597008.2597155
Linares-Vásquez M, Moran K, Poshyvanyk D (2017) Continuous, evolutionary and large-scale: A new perspective for automated mobile app testing. In: Proceedings of the IEEE International Conference on Software Maintenance and Evolution. ICSME, pp 399–410 https://doi.org/10.1109/ICSME.2017.27
Luo T, Wu J, Yang M, Zhao S, Wu Y, Wang Y (2018) MAD-API: Detection, Correction and explanation of API misuses in distributed android applications. In: Proceedings of the 7th International conference on artificial intelligence and mobile services. Springer International Publishing, pp 123–140
McDonnell T, Ray B, Kim M (2013 ) An empirical study of API stability and adoption in the Android ecosystem. In: Proceedings of the IEEE international conference on software maintenance. https://doi.org/10.1109/ICSM.2013.18. IEEE Computer Society, ICSM, pp 70–79
Mutchler P, Safaei Y, Doupé A, Mitchell J (2016) Target fragmentation in Android apps. In: Proceedings of the IEEE Security and Privacy Workshops, SPW, pp 204–213, https://doi.org/10.1109/SPW.2016.31
Robbes R, Lungu M, Röthlisberger D (2012) How do developers react to API deprecation?: The case of a Smalltalk ecosystem. In: Proceedings of the 20th ACM SIGSOFT International Symposium on the Foundations of Software Engineering. ACM, FSE, pp 56:1–56:11 https://doi.org/10.1145/2393596.2393662
Sawant AA, Robbes R, Bacchelli A (2016) On the reaction to deprecation of 25,357 clients of 4 + 1 popular java APIs. In: Proceedings of the IEEE International Conference on Software Maintenance and Evolution, ICSME, pp 400–410 https://doi.org/10.1109/ICSME.2016.64
Scalabrino S, Bavota G, Linares-Vásquez M, Lanza M, Oliveto R (2019) Data-driven solutions to detect API compatibility issues in android: an empirical study. In: Proceedings of the 16th International Conference on Mining Software Repositories, MSR 2019, 26–27 May 2019, Montreal, Canada pp 288–298
Scalabrino S, Bavota G, Linares-Vásquez M, Piantadosi V, Lanza M, Oliveto R (2020) Replication package. https://dibt.unimol.it/report/acryl-emse/
Spencer D (2009) Card sorting: Designing usable categories. Rosenfeld Media
Wei L, Liu Y, Cheung SC (2016) Taming Android fragmentation: Characterizing and detecting compatibility issues for Android apps. In: Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, ASE, pp 226–237
Wu D, Liu X, Xu J, Lo D, Gao D (2017) Measuring the declared SDK versions and their consistency with API calls in Android apps. In: Proceedings of the International Conference on Wireless Algorithms, Systems, and Applications. Springer International Publishing, pp 678–690
Zhang Z, Cai H (2019) A look into developer intentions for app compatibility in android. In: 2019 IEEE/ACM 6th international conference on mobile software engineering and systems, MOBILESoft. IEEE, pp 40–44
Zhou J, Walker R J (2016) API Deprecation: a retrospective analysis and detection method for code examples on the web. In: Proceedings of the 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM, FSE, pp 266-277, https://doi.org/10.1145/2950290.2950298
Zhou X, Lee Y, Zhang N, Naveed M, Wang X (2014) The peril of fragmentation: Security hazards in Android device driver customizations. In: Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, SP, pp 409–423, https://doi.org/10.1109/SP.2014.33
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by: Yasutaka Kamei and Andy Zaidman
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Scalabrino and Oliveto gratefully acknowledge the financial support of the Italian Ministry of Education and Research for the PON-ARS01 00860 project on “Ambient-intelligent Tele-monitoring and Telemetry for Incepting and Catering over hUman Sustainability -ATTICUS”.
Bavota gratefully acknowledges the financial support of the Swiss National Science Foundation for the CCQR project (SNF Project No. 175513).
Lanza gratefully acknowledges the financial support of the Swiss National Science Foundation for the SNF-NRP 75 project on “Exploratory Visual Analytics for Interaction Graphs”.
This article belongs to the Topical Collection: Mining Software Repositories (MSR)
Rights and permissions
About this article
Cite this article
Scalabrino, S., Bavota, G., Linares-Vásquez, M. et al. API compatibility issues in Android: Causes and effectiveness of data-driven detection techniques. Empir Software Eng 25, 5006–5046 (2020). https://doi.org/10.1007/s10664-020-09877-w
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10664-020-09877-w