Measuring the declared SDK versions and their consistency with API calls in android apps

Android has been the most popular smartphone system, with multiple platform versions (e.g., KITKAT and Lollipop) active in the market. To manage the application’s compatibility with one or more platform versions, Android allows apps to declare the supported platform SDK versions in their manifest fi...

Full description

Saved in:
Bibliographic Details
Main Authors: WU, Daoyuan, LIU, Ximing, XU, Jiayun, LO, David, GAO, Debin
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2017
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/3802
https://ink.library.smu.edu.sg/context/sis_research/article/4804/viewcontent/101007_2F978_3_319_60033_8_58.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-4804
record_format dspace
spelling sg-smu-ink.sis_research-48042018-03-02T03:55:00Z Measuring the declared SDK versions and their consistency with API calls in android apps WU, Daoyuan LIU, Ximing XU, Jiayun LO, David GAO, Debin Android has been the most popular smartphone system, with multiple platform versions (e.g., KITKAT and Lollipop) active in the market. To manage the application’s compatibility with one or more platform versions, Android allows apps to declare the supported platform SDK versions in their manifest files. In this paper, we make a first effort to study this modern software mechanism. Our objective is to measure the current practice of the declared SDK versions (which we term as DSDK versions afterwards) in real apps, and the consistency between the DSDK versions and their app API calls. To this end, we perform a three-dimensional analysis. First, we parse Android documents to obtain a mapping between each API and their corresponding platform versions. We then analyze the DSDK-API consistency for over 24K apps, among which we pre-exclude 1.3K apps that provide different app binaries for different Android versions through Google Play analysis. Besides shedding light on the current DSDK practice, our study quantitatively measures the two side effects of inappropriate DSDK versions: (i) around 1.8K apps have API calls that do not exist in some declared SDK versions, which causes runtime crash bugs on those platform versions; (ii) over 400 apps, due to claiming the outdated targeted DSDK versions, are potentially exploitable by remote code execution. These results indicate the importance and difficulty of declaring correct DSDK, and our work can help developers fulfill this goal. 2017-06-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/3802 info:doi/10.1007/978-3-319-60033-8_58 https://ink.library.smu.edu.sg/context/sis_research/article/4804/viewcontent/101007_2F978_3_319_60033_8_58.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Android app security Android bug detection OS and Networks Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Android app security
Android bug detection
OS and Networks
Software Engineering
spellingShingle Android app security
Android bug detection
OS and Networks
Software Engineering
WU, Daoyuan
LIU, Ximing
XU, Jiayun
LO, David
GAO, Debin
Measuring the declared SDK versions and their consistency with API calls in android apps
description Android has been the most popular smartphone system, with multiple platform versions (e.g., KITKAT and Lollipop) active in the market. To manage the application’s compatibility with one or more platform versions, Android allows apps to declare the supported platform SDK versions in their manifest files. In this paper, we make a first effort to study this modern software mechanism. Our objective is to measure the current practice of the declared SDK versions (which we term as DSDK versions afterwards) in real apps, and the consistency between the DSDK versions and their app API calls. To this end, we perform a three-dimensional analysis. First, we parse Android documents to obtain a mapping between each API and their corresponding platform versions. We then analyze the DSDK-API consistency for over 24K apps, among which we pre-exclude 1.3K apps that provide different app binaries for different Android versions through Google Play analysis. Besides shedding light on the current DSDK practice, our study quantitatively measures the two side effects of inappropriate DSDK versions: (i) around 1.8K apps have API calls that do not exist in some declared SDK versions, which causes runtime crash bugs on those platform versions; (ii) over 400 apps, due to claiming the outdated targeted DSDK versions, are potentially exploitable by remote code execution. These results indicate the importance and difficulty of declaring correct DSDK, and our work can help developers fulfill this goal.
format text
author WU, Daoyuan
LIU, Ximing
XU, Jiayun
LO, David
GAO, Debin
author_facet WU, Daoyuan
LIU, Ximing
XU, Jiayun
LO, David
GAO, Debin
author_sort WU, Daoyuan
title Measuring the declared SDK versions and their consistency with API calls in android apps
title_short Measuring the declared SDK versions and their consistency with API calls in android apps
title_full Measuring the declared SDK versions and their consistency with API calls in android apps
title_fullStr Measuring the declared SDK versions and their consistency with API calls in android apps
title_full_unstemmed Measuring the declared SDK versions and their consistency with API calls in android apps
title_sort measuring the declared sdk versions and their consistency with api calls in android apps
publisher Institutional Knowledge at Singapore Management University
publishDate 2017
url https://ink.library.smu.edu.sg/sis_research/3802
https://ink.library.smu.edu.sg/context/sis_research/article/4804/viewcontent/101007_2F978_3_319_60033_8_58.pdf
_version_ 1770573764222779392