Skip to main content

Third-party libraries in mobile apps

When, how, and why developers update them

Abstract

When developing new software, third-party libraries are commonly used to reduce implementation efforts. However, even these libraries undergo evolution activities to offer new functionalities and fix bugs or security issues. The research community has mainly investigated third-party libraries in the context of desktop applications, while only little is known regarding the mobile context. In this paper, we bridge this gap by investigating when, how, and why mobile developers update third-party libraries. By mining 2752 mobile apps, we study (i) whether mobile developers update third-party libraries, (ii) how much such apps lag behind the latest version of their dependencies, (iii) which are the categories of libraries that are more prone to be updated, and (iv) what are the common patterns followed by developers when updating a library. Then, we perform a survey with 73 mobile developers that aims at shedding lights on the reasons why they update (or not) third-party libraries. We find that mobile developers rarely update libraries, and when they do, they mainly tend to update libraries related to the Graphical User Interface. Avoiding bug propagation and making the app compatible with new Android releases are the top reasons why developers update their libraries.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Notes

  1. 1.

    In this paper we refer to version change to indicate every type of change performed by developers of a mobile app in the usage of a third-party library, i.e., a version change can be an upgrade toward a newer version of a library or downgrade toward a lower one.

  2. 2.

    https://f-droid.org

  3. 3.

    https://www.optimizely.com/statistics/

  4. 4.

    https://www.google.us/intl/en/forms/about/

  5. 5.

    https://neo4j.com

  6. 6.

    https://github.com/owncloud/android/pull/1070

References

  1. Antoine JY, Villaneau J, Lefeuvre A (2014) Weighted Krippendorff’s alpha is a more reliable metrics for multi-coders ordinal annotations: experimental studies on emotion, opinion and coreference annotation. In: European chapter of the association for computational linguistics (EACL), pp 550–559

  2. Azad SA (2015) Empirical studies of android API usage: suggesting related API calls and detecting license violations. PhD thesis, Concordia University

  3. Backes M, Bugiel S, Derr E (2016) Reliable third-party library detection in android and its security applications. In: ACM Conference on computer and communications security (CCS), pp 356–367

  4. Bauer V, Heinemann L, Deissenboeck F (2012) A structured approach to assess third-party library usage. In: IEEE international conference on software maintenance (ICSM), pp 483–492

  5. Bavota G, Linares-Vasquez M, Bernal-Cardenas CE, Di Penta M, Oliveto R, Poshyvanyk D (2015) The impact of API change- and fault-proneness on the user ratings of android Apps. IEEE Trans Softw Eng 41(4):384–407

    Article  Google Scholar 

  6. Black S (2001) Computing ripple effect for software maintenance. J Softw Maintenance 13(4):263–279

    Article  Google Scholar 

  7. Borges HS, Valente MT (2015) Mining usage patterns for the android API. PeerJ Comput Sci 1:e12

    Article  Google Scholar 

  8. Catolino G (2018) Does source code quality reflect the ratings of Apps? In: IEEE/ACM International conference on mobile software engineering and systems (MOBILESoft), pp 43–44

  9. Chen N, Lin J, Hoi SC, Xiao X, Zhang B (2014) AR-miner: mining informative reviews for developers from mobile App marketplace. In: IEEE/ACM International conference on software engineering (ICSE), pp 767–778

  10. Chow K, Notkin D (1996) Semi-automatic update of applications in response to library changes. In: International conference on software maintenance (ICSM), pp 359–368

  11. Coelho J, Valente MT (2017) Why modern open source projects fail. In: ACM Joint European software engineering conference and symposium on the foundations of software engineering (ESEC/FSE), pp 186–196

  12. Decan A, Mens T, Constantinou E (2018) On the evolution of technical lag in the npm package dependency network. In: IEEE International conference on software maintenance and evolution (ICSME), pp 404–414

  13. Dering ML, McDaniel P (2014) Android market reconstruction and analysis. In: IEEE Military communications conference (MILCOM), pp 300–305

  14. Derr E, Bugiel S, Fahl S, Acar Y, Backes M (2017) Keep me updated: an empirical study of third-party library updatability on android. In: ACM SIGSAC conference on computer and communications security (CCS), pp 2187–2200

  15. Dig D, Johnson R (2006) How do APIs evolve? A story of refactoring. J Softw Maint Evol Res Pract 18(2):83–107

    Article  Google Scholar 

  16. Fu B, Lin J, Li L, Faloutsos C, Hong J, Sadeh N (2013) Why people hate your App: making sense of user feedback in a mobile App store. In: ACM SIGKDD conference on knowledge discovery and data mining (KDD), pp 1276–1284

  17. Geiger FX, Malavolta I, Pascarella L, Palomba F, Di Nucci D, Bacchelli A (2018) A graph-based dataset of commit history of real-world android Apps. In: IEEE Working conference on mining software repositories (MSR), pp 30–33

  18. Given LM (2008) The sage encyclopedia of qualitative research methods. Sage Publications

  19. Grandcolas U, Rettie R, Marusenko K (2003) Web survey bias: sample or mode effect? J Mark Manag 19(5–6):541–561

    Article  Google Scholar 

  20. Grano G, Ciurumelea A, Panichella S, Palomba F, Gall HC (2018) Exploring the integration of user feedback in automated testing of android applications. In: IEEE International conference on software analysis, evolution and reengineering (SANER)

  21. Gwet KL (2014) Handbook of inter-rater reliability: the definitive guide to measuring the extent of agreement among raters. Advanced Analytics

  22. Haney FM (1972) Module connection analysis: a tool for scheduling software debugging activities. In: Fall joint computer conference, pp 173–179

  23. Hou D, Yao X (2011) Exploring the intent behind Api evolution: a case study. In: Working conference on reverse engineering (WCRE), pp 131–140

  24. Joorabchi ME, Mesbah A, Kruchten P (2013) Real challenges in mobile App development. In: ACM/IEEE International symposium on empirical software engineering and measurement (ESEM), pp 15–24

  25. Khalid H, Shihab E, Nagappan M, Hassan AE (2015) What do mobile App users complain about? IEEE Softw 32(3):70–77

    Article  Google Scholar 

  26. Khandkar SH (2009) Open coding. Tech. rep., University of Calgary

  27. Khondhu J, Capiluppi A, Stol KJ (2013) Is it all lost? A study of inactive open source projects. In: IFIP international conference on open source systems, pp 61–79

  28. Kirubakaran B, Karthikeyani V (2013) Mobile application testing: challenges and solution approach through automation. In: International conference on pattern recognition, informatics and mobile engineering (PRIME), pp 79–84

  29. Krippendorff K (2004) Content analysis: an introduction to its methodology, 2nd edn. Sage Publications

  30. Krippendorff K (2011) Computing Krippendorff’s alpha-reliability. Tech. rep., University of Pennsylvania

  31. Kruchten P, Nord RL, Ozkaya I (2012) Technical debt: from metaphor to theory and practice. IEEE Softw 29(6):18–21

    Article  Google Scholar 

  32. Krutz DE, Mirakhorli M, Malachowsky SA, Ruiz A, Peterson J, Filipski A, Smith J (2015) A dataset of open-source android applications. In: IEEE working conference on mining software repositories (MSR), pp 522–525

  33. Kula RG, German DM, Ouni A, Ishio T, Inoue K (2017) Do developers update their library dependencies? Empir Softw Eng, 1–34

  34. Lämmel R, Pek E, Starek J (2011) Large-scale, AST-based API-usage analysis of open-source java projects. In: ACM/SIGAPP symposium on applied computing (SAC), pp 1317–1324

  35. Lehman MM, Belady LA (eds) (1985) Program Evolution: Processes of Software Change. Academic Press Professional, Cambridge

  36. Linares-Vásquez M (2014) Supporting evolution and maintenance of android Apps. In: Doctoral symposium of IEEE/ACM international conference on software engineering (ICSE), pp 714–717

  37. Linares-Vásquez M, Bavota G, Bernal-Cárdenas C, Di Penta M, Oliveto R, Poshyvanyk D (2013) API change and fault proneness: a threat to the success of android Apps. In: ACM Joint European software engineering conference and symposium on the foundations of software engineering (ESEC/FSE), pp 477–487

  38. Linares-Vásquez M, Holtzhauer A, Bernal-Cárdenas C, Poshyvanyk D (2014) Revisiting android reuse studies in the context of code obfuscation and library usages. In: IEEE Working conference on mining software repositories (MSR), pp 242–251

  39. Martin W, Sarro F, Jia Y, Zhang Y, Harman M (2017) A survey of App store analysis for software engineering. IEEE Trans Softw Eng 43(9):817–847

    Article  Google Scholar 

  40. Mileva YM, Dallmeier V, Burger M, Zeller A (2009) Mining trends of library usage. In: International workshop on principles of software evolution and annual workshop on software evolution (IWPSE/EVOL), pp 57–62

  41. Minelli R, Lanza M (2013a) SAMOA: a visual software analytics platform for mobile applications. In: IEEE International conference on software maintenance (ICSM), pp 476–479

  42. Minelli R, Lanza M (2013b) Software analytics for mobile applications: insights & lessons learned. In: European conference on software maintenance and reengineering (CSMR), pp 144–153

  43. Mojica Ruiz IJ, Nagappan M, Adams B, Hassan AE (2012) Understanding reuse in the android market. In: IEEE International conference on program comprehension (ICPC), pp 113–122

  44. Mojica Ruiz IJ, Adams B, Nagappan M, Dienst S, Berger T, Hassan AE (2014) A large-scale empirical study on software reuse in mobile Apps. IEEE Softw 31(2):78–86

    Article  Google Scholar 

  45. Mojica Ruiz IJ, Nagappan M, Adams B, Berger T, Dienst S, Hassan AE (2016) Analyzing Ad library updates in android Apps. IEEE Softw 33(2):74–80

    Article  Google Scholar 

  46. Montandon JE, Borges H, Felix D, Valente MT (2013) Documenting APIs with examples: lessons learned with the APIMiner platform. In: Working conference on reverse engineering (WCRE), pp 401–408

  47. Muccini H, Di Francesco A, Esposito P (2012) Software testing of mobile applications: challenges and future research directions. In: International workshop on automation of software test (AST), pp 29–35

  48. Nickerson RS (1998) Confirmation bias: a ubiquitous phenomenon in many guises. Rev Gen Psychol 2(2):175–220

    Article  Google Scholar 

  49. Pagano D, Maalej W (2013) User feedback in the Appstore: an empirical study. In: IEEE International requirements engineering conference (RE), pp 125–134

  50. Palomba F, Bavota G, Di Penta M, Oliveto R, De Lucia A (2014) Do they really smell bad? A study on developers’ perception of bad code smells. In: IEEE International conference on software maintenance and evolution (ICSME), pp 101–110

  51. Palomba F, Salza P, Ciurumelea A, Panichella S, Gall H, Ferrucci F, De Lucia A (2017) Recommending and localizing change requests for mobile Apps based on user reviews. In: IEEE/ACM International conference on software engineering (ICSE), pp 106–117

  52. Palomba F, Linares-Vásquez M, Bavota G, Oliveto R, Di Penta M, Poshyvanyk D, De Lucia A (2018a) Crowdsourcing user reviews, to support the evolution of mobile Apps. J Syst Softw 137:143–162

  53. Palomba F, Panichella A, Zaidman A, Oliveto R, De Lucia A (2018b) The scent of a smell: an extensive comparison between textual and structural smells. IEEE Trans Softw Eng 44:10

  54. Palomba F, Di Nucci D, Panichella A, Zaidman A, De Lucia A (2019) On the impact of code smells on the energy consumption of mobile applications. Inf Softw Technol 105:43–55

    Article  Google Scholar 

  55. Pascarella L, Geiger FX, Palomba F, Di Nucci D, Malavolta I, Bacchelli A (2018) Self-reported activities of android developers. In: IEEE/ACM International conference on mobile software engineering and systems (MOBILESoft), pp 144–155

  56. Raemaekers S, van Deursen A, Visser J (2012) Measuring software library stability through historical version analysis. In: IEEE International conference on software maintenance (ICSM), pp 378–387

  57. Robbes R, Lungu M, Röthlisberger D (2012) How do developers react to API deprecation? The case of a smalltalk ecosystem. In: ACM SIGSOFT international symposium on the foundations of software engineering (FSE), p 56

  58. Salza P, Palomba F, Di Nucci D, D’Uva C, De Lucia A, Ferrucci F (2018) Do Developers update third-party libraries in mobile Apps? In: IEEE/ACM International conference on program comprehension (ICPC), pp 255–265

  59. Salza P, Palomba F, Di Nucci D, De Lucia A, Ferrucci F (2019) Third-party libraries in mobile Apps: when, how, and why developers update them - appendix. https://doi.org/10.6084/m9.figshare.9366341

  60. Scalabrino S, Bavota G, Russo B, Oliveto R, Di Penta M (2017) Listening to the crowd for the release planning of mobile Apps. IEEE Trans Softw Eng, 68–86

  61. Seneviratne S, Kolamunna H, Seneviratne A (2015) A measurement study of tracking in paid mobile applications. In: ACM Conference on security & privacy in wireless and mobile networks (WiSec), p 7

  62. Sommerville I (2006) Software engineering. Addison-Wesley

  63. Strauss A, Corbin J (1998) Basics of qualitative research techniques. Sage Publications

  64. Syer MD, Nagappan M, Hassan AE, Adams B (2013) Revisiting prior empirical findings for mobile Apps: an empirical case study on the 15 most popular open-source android Apps. In: Conference of the center for advanced studies on collaborative research (CASCON), pp 283–297

  65. Tian Y, Nagappan M, Lo D, Hassan AE (2015) What are the characteristics of high-rated Apps? A case study on free android applications. In: IEEE International conference on software maintenance and evolution (ICSME), pp 301–310

  66. Vassallo C, Panichella S, Palomba F, Proksch S, Zaidman A, Gall HC (2018) Context is King: the developer perspective on the usage of static analysis tools. In: IEEE International conference on software analysis, evolution and reengineering (SANER), pp 38–49

  67. Viennot N, Garcia E, Nieh J (2014) A measurement study of Google Play. ACM SIGMETRICS Perform Evalu Rev 42:221–233

    Article  Google Scholar 

  68. Yau SS, Collofello JS, MacGregor TM (1993) Ripple effect analysis of software maintenance. In: Shepperd M (ed) Software engineering metrics I: measures and validations, pp 71–82

  69. Zerouali A, Constantinou E, Mens T, Robles G, González-Barahona J (2018) An empirical analysis of technical lag in Npm package dependencies. In: International conference on software reuse (ICSR), pp 95–110

  70. Zerouali A, Mens T, González-Barahona J, Decan A, Constantinou E, Robles GA (2019) Formal framework for measuring technical lag in component repositories and its application to NPM. Journal of Software: Evolution and Process, e2157

  71. Zhang J, Sagar S, Shihab E (2013) The evolution of mobile Apps: an exploratory study. In: International workshop on software development lifecycle for mobile (DeMobile), pp 1–8

Download references

Acknowledgments

The authors would like to thank the Associate Editor and anonymous reviewers for the constructive feedback that has been instrumental to improve the quality of our work. Fabio Palomba gratefully acknowledges the support of the Swiss National Science Foundation through the SNF Project No. PP00P2_170529. Dario Di Nucci is partially supported by the Excellence of Science Project SECO-Assist (O015718F, FWO-Vlaanderen and F.R.S.-FNRS).

Author information

Affiliations

Authors

Corresponding author

Correspondence to Pasquale Salza.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Communicated by: Chanchal Roy, Janet Siegmund, and David Lo

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Salza, P., Palomba, F., Di Nucci, D. et al. Third-party libraries in mobile apps. Empir Software Eng 25, 2341–2377 (2020). https://doi.org/10.1007/s10664-019-09754-1

Download citation

Keywords

  • Third-party libraries
  • API usage
  • Empirical study
  • Mining software repository