Advertisement

CDA: Characterising Deprecated Android APIs

  • Li LiEmail author
  • Jun Gao
  • Tegawendé F. Bissyandé
  • Lei Ma
  • Xin Xia
  • Jacques Klein
Article
  • 50 Downloads
Part of the following topical collections:
  1. Mining Software Repositories (MSR)

Abstract

Because of functionality evolution, or security and performance-related changes, some APIs eventually become unnecessary in a software system and thus need to be cleaned to ensure proper maintainability. Those APIs are typically marked first as deprecated APIs and, as recommended, follow through a deprecated-replace-remove cycle, giving an opportunity to client application developers to smoothly adapt their code in next updates. Such a mechanism is adopted in the Android framework development where thousands of reusable APIs are made available to Android app developers. In this work, we present a research-based prototype tool called CDA and apply it to different revisions (i.e., releases or tags) of the Android framework code for characterising deprecated APIs. Based on the data mined by CDA, we then perform an empirical study on API deprecation in the Android ecosystem and the associated challenges for maintaining quality apps. In particular, we investigate the prevalence of deprecated APIs, their annotations and documentation, their removal and consequences, their replacement messages, developer reactions to API deprecation, as well as the evolution of the usage of deprecated APIs. Experimental results reveal several findings that further provide promising insights related to deprecated Android APIs. Notably, by mining the source code of the Android framework base, we have identified three bugs related to deprecated APIs. These bugs have been quickly assigned and positively appreciated by the framework maintainers, who claim that these issues will be updated in future releases.

Keywords

Android Deprecated APIs CDA 

Notes

Acknowledgements

The authors would like to thank the anonymous reviewers who have provided insightful and constructive comments to the conference version of this extension. This work was supported by the Australian Research Council (ARC), under projects DE200100016 and DP200100020, and by the Oceania Cyber Security Centre (OCSC), under the 2019 ICFP scheme.

References

  1. Allix K, Bissyandé TF, Klein J, Le Traon Y (2016) Androzoo: Collecting millions of android apps for the research community. In: 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR), IEEE, pp 468–471Google Scholar
  2. Bagherzadeh M, Kahani N, Bezemer C-P, Hassan AE, Dingel J, Cordy JR (2017) Analyzing a decade of linux system calls. Empir Softw Eng, pp 1–33Google Scholar
  3. Bavota G, Linares-Vasquez M, Bernal-Cardenas CE, Di Penta M, Oliveto R, Poshyvanyk D (2015) The impact of api change-and fault-proneness on the user ratings of android apps. IEEE Trans Softw Eng 41(4):384–407CrossRefGoogle Scholar
  4. Bogart C, Kästner C, Herbsleb J, Thung F (2016) How to break an api: cost negotiation and community values in three software ecosystems. In: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, ACM, pp 109–120Google Scholar
  5. Brito A, Xavier L (2018a) Andre hora, and marco tulio valente. Why and how java developers break apis. arXiv:1801.05198
  6. Brito G, Hora A, Valente MT, Robbes R (2016) Do developers deprecate apis with replacement messages? a large-scale analysis on java systems. In: 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER), vol 1. IEEE, pp 360–369Google Scholar
  7. Brito G, Hora A, Valente MT, Robbes R (2018b) On the use of replacement messages in api deprecation: an empirical study. J Syst Softw 137:306–321CrossRefGoogle Scholar
  8. Chow K, Notkin D (1996) Semi-automatic update of applications in response to library changes. In: Icsm, vol 96. p 359Google Scholar
  9. Coelho R, Almeida L, Gousios G, van Deursen A (2015) Unveiling exception handling bug hazards in android based on github and google code issues. In: 2015 IEEE/ACM 12th Working Conference on Mining Software Repositories (MSR), IEEE, pp 134–145Google Scholar
  10. Cossette BE, Walker RJ (2012) Seeking the ground truth: a retroactive study on the evolution and migration of software libraries. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, ACM, p 55Google Scholar
  11. Dagenais B, Robillard MP (2011) Recommending adaptive changes for framework evolution. ACM Transactions on Software Engineering and Methodology (TOSEM) 20 (4):19CrossRefGoogle Scholar
  12. Derr E, Bugiel S, Fahl S, Acar Y, Backes M (2017) Keep me updated: an empirical study of third-party library updatability on android. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, ACM, pp 2187–2200Google Scholar
  13. Dig D, Johnson R (2005) The role of refactorings in api evolution. In: 2005. ICSM’05. Proceedings of the 21st IEEE International Conference on Software Maintenance, IEEE, pp 389–398Google Scholar
  14. Dig D, Johnson R (2006) How do apis evolve? a story of refactoring. Journal of software maintenance and evolution: Research and Practice 18(2):83–107CrossRefGoogle Scholar
  15. Dig D, Manzoor K, Johnson R, Nguyen TN (2007) Refactoring-aware configuration management for object-oriented programs. In: Proceedings of the 29th International Conference on Software Engineering, IEEE Computer Society, pp 427–436Google Scholar
  16. Dig D, Negara S, Johnson R, Mohindra V (2008) Reba: refactoringaware binary adaptation of evolving libraries. In: ICSE’08: Proceedings of the 30th International Conference on Software Engineering. CiteseerGoogle Scholar
  17. Espinha T, Zaidman A, Gross H-G (2014) Web api growing pains: Stories from client developers and their code. In: 2014 Software Evolution week-IEEE Conference on Software Maintenance, Reengineering and Reverse Engineering (CSMR-WCRE), IEEE, pp 84–93Google Scholar
  18. Gao J, Li L, Kong P, Bissyandé TF, Klein J (2018) On vulnerability evolution in android apps. In: The 40th International Conference on Software Engineering, Poster Track (ICSE 2018)Google Scholar
  19. Gao J, Kong P, Li L, Bissyandé TF, Klein J (2019) Negative results on mining crypto-api usage rules in android apps. In: The 16th International Conference on Mining Software Repositories (MSR 2019)Google Scholar
  20. Hecht G, Benomar O, Rouvoy R, Moha N, Duchien L (2015) Tracking the software quality of android applications along their evolution (t). In: 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE), IEEE, pp 236–247Google Scholar
  21. Henkel J, Diwan A (2005) Catchup! capturing and replaying refactorings to support api evolution. In: 2005. ICSE 2005. Proceedings. 27th International Conference on Software Engineering, IEEE, pp 274–283Google Scholar
  22. Hora A, Robbes R, Anquetil N, Etien A, Ducasse S, Valente MT (2015) How do developers react to api evolution? the pharo ecosystem case. In: 2015 IEEE International Conference on Software Maintenance and Evolution (ICSME), IEEE, pp 251–260Google Scholar
  23. Hora A, Valente MT, Robbes R, Anquetil N (2016) When should internal interfaces be promoted to public?. In: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, ACM, pp 278–289Google Scholar
  24. Hou D, Yao X (2011) Exploring the intent behind api evolution A case study. In: 2011 18th Working Conference on Reverse engineering (WCRE), IEEE, pp 131–140Google Scholar
  25. Kapur P, Cossette B, Walker RJ (2010) Refactoring references for library migration, vol 45. ACMGoogle Scholar
  26. Ko D, Ma K, Park S, Kim S, Kim D, Le Traon Y (2014) Api document quality for resolving deprecated apis. In: 2014 21st Asia-pacific Software Engineering Conference (APSEC), vol 2. IEEE, pp 27–30Google Scholar
  27. Li L, Bartel A, Bissyandé TF, Klein J, Le Traon Y, Arzt S, Rasthofer S, Bodden E, Octeau D, Patrick M (2015) IccTA detecting inter-component privacy leaks in android Apps. In: Proceedings of the 37th International Conference on Software Engineering (ICSE 2015)Google Scholar
  28. Li L, Bissyandé TF, Klein J, Le Traon Y (2016a) An investigation into the use of common libraries in android apps. In: The 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2016)Google Scholar
  29. Li L, Bissyandé TF, Klein J, Le Traon Y (2016b) Parameter values of android APIs A preliminary study on 100,000 Apps. Proceedings of the 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2016)Google Scholar
  30. Li L, Bissyandé TF, Le Traon Y, Klein J (2016c) Accessing inaccessible android apis: an empirical study. In: The 32nd International Conference on Software Maintenance and Evolution (ICSME 2016)Google Scholar
  31. Li L, Gao J, Hurier M, Kong P, Bissyandé TF, Bartel A, Klein J, Le Traon Y (2017a) Androzoo++: Collecting millions of android apps and their metadata for the research community. arXiv:1709.05281
  32. Li L, Li D, Bissyandé TF, Klein J, Le Traon Y, Lo D, Cavallaro L (2017b) Understanding android app piggybacking. A systematic study of malicious code grafting. IEEE Transactions on Information Forensics & Security (TIFS)Google Scholar
  33. Li L, Bissyandé TF, Wang H, Klein J (2018a) Cid: Automating the detection of api-related compatibility issues in android apps. In: The ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2018)Google Scholar
  34. Li L, Gao J, Bissyandé TF, Ma L, Xia X, Klein J (2018b) Characterising deprecated android apis. In: The 15th International Conference on Mining Software Repositories (MSR 2018)Google Scholar
  35. Linares-Vásquez M, Bavota G, Di Penta M, Oliveto R, Poshyvanyk D (2014) How do api changes trigger stack overflow discussions? a study on the android sdk. In: proceedings of the 22nd International Conference on Program Comprehension, ACM, pp 83–94Google Scholar
  36. McDonnell T, Ray B, Kim M (2013) An empirical study of api stability and adoption in the android ecosystem. In: 2013 29th IEEE International Conference on Software Maintenance (ICSM), IEEE, pp 70–79Google Scholar
  37. Meng S, Wang X, Zhang L, Mei H (2012) A history-based matching approach to identification of framework evolution. In: 2012 34th International Conference on Software Engineering (ICSE), IEEE, pp 353–363Google Scholar
  38. Monperrus M, Eichberg M, Tekes E, Mezini M (2012) What should developers be aware of? an empirical study on the directives of api documentation. Empir Softw Eng 17(6):703–737CrossRefGoogle Scholar
  39. Nita M, Notkin D (2010) Using twinning to adapt programs to alternative apis. In: 2010 ACM/IEEE 32nd International Conference on Software Engineering, vol 1. IEEE, pp 205–214Google Scholar
  40. Palomba F, Linares-Vásquez M, Bavota G, Oliveto R, Di Penta M, Poshyvanyk D, De Lucia A (2018) Crowdsourcing user reviews to support the evolution of mobile apps. J Syst Softw 137:143–162CrossRefGoogle Scholar
  41. Perkins JH (2005) Automatically generating refactorings to support api evolution. In: ACM SIGSOFT Software Engineering Notes, vol 31. ACM, pp 111–114Google Scholar
  42. Raemaekers S, van Deursen A, Visser J (2014) Semantic versioning versus breaking changes: A study of the maven repository. In: Proceedings of the 2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation, IEEE Computer Society, pp 215–224Google Scholar
  43. Robbes R, Lungu M, Röthlisberger D (2012) How do developers react to api deprecation?: the case of a smalltalk ecosystem. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, ACM, p 56Google Scholar
  44. Sawant AA, Robbes R, Bacchelli A (2016) On the reaction to deprecation of 25,357 clients of 4 + 1 popular java apis. In: 2016 IEEE International Conference on Software Maintenance and Evolution (ICSME), IEEE, pp 400–410Google Scholar
  45. Sawant AA, Aniche M, van Deursen A, Bacchelli A (2018a) Understanding developers’ needs on deprecation as a language feature. In: 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE), IEEE, pp 561–571Google Scholar
  46. Sawant AA, Huang G, Vilen G, Stojkovski S, Bacchelli A (2018b) Why are features deprecated? an investigation into the motivation behind deprecation. In: 2018 IEEE International conference on software maintenance and evolution (ICSME), IEEE, pp 13–24Google Scholar
  47. Sawant AA, Robbes R, Bacchelli A (2018c) On the reaction to deprecation of clients of 4 + 1 popular java apis and the jdk. Empir Softw Eng 23(4):2158–2197CrossRefGoogle Scholar
  48. Štrobl R, Troníček Z (2013) Migration from deprecated api in java. In: Proceedings of the 2013 Companion Publication for Conference on Systems, Programming, & Applications: Software for Humanity, ACM, pp 85–86Google Scholar
  49. Wang H, Guo Y, Ma Z, Chen X (2015) Wukong: A scalable and accurate two-phase approach to android app clone detection. In: Proceedings of the 2015 International Symposium on Software Testing and Analysis, ACM, pp 71–82Google Scholar
  50. Wang H, Liu Z, Liang J, Vallina-Rodriguez N, Guo Y, Li L, Tapiador J, Cao J, Xu G (2018) Beyond google play: a large-scale comparative study of chinese android app markets. In: The 2018 Internet Measurement Conference (IMC 2018)Google Scholar
  51. Wu W, Guéhéneuc Y-G, Antoniol G, Kim M (2010) Aura: a hybrid approach to identify framework evolution. In: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering-Volume 1, ACM, pp 325–334Google Scholar
  52. Xing Z, Stroulia E (2007) Api-evolution support with diff-catchup. IEEE Trans Softw Eng 33(12):818–836CrossRefGoogle Scholar
  53. Yang X, Lo D, Li L, Xia X, Bissyandé TF, Klein J (2017) Characterizing malicious android apps by mining topic-specific data flow signatures. Information and Software TechnologyGoogle Scholar
  54. Zhou J, Walker RJ (2016) Api deprecation: a retrospective analysis and detection method for code examples on the web. In: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, ACM, pp 266–277Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2020

Authors and Affiliations

  1. 1.Faculty of Information TechnologyMonash UniversityClaytonAustralia
  2. 2.Interdisciplinary Centre for Security, Reliability and TrustUniversity of LuxembourgEsch-sur-AlzetteLuxembourg
  3. 3.Faculty of Information Science and Electrical EngineeringKyushu UniversityFukuokaJapan

Personalised recommendations