Characterizing and Detecting Configuration Compatibility Issues in Android Apps

XML configuration files are widely used in Android to define an app's user interface and essential runtime information such as system permissions. As Android evolves, it might introduce functional changes in the configuration environment, thus causing compatibility issues that manifest as inconsistent app behaviors at different API levels. Such issues can often induce software crashes and inconsistent look-and-feel when running at specific Android versions. Existing works incur plenty of false positive and false negative issue-detection rules by conducting trivial data-flow analysis while failing to model the XML tree hierarchies of the Android configuration files. Besides, little is known about how the changes in an Android framework can induce such compatibility issues. To bridge such gaps, we conducted a systematic study by analyzing 196 real-world issues collected from 43 popular apps. We identified common patterns of Android framework code changes that induce such configuration compatibility issues. Based on the findings, we propose ConfDroid that can automatically extract rules for detecting configuration compatibility issues. The intuition is to perform symbolic execution based on a model learned from the common code change patterns. Experiment results show that ConfDroid can successfully extract 282 valid issue-detection rules with a precision of 91.9 can manifest issues that cannot be detected by the rules of state-of-the-art baselines. More importantly, 11 out of them have led to the detection of 107 reproducible configuration compatibility issues that the baselines cannot detect in 30 out of 316 real-world Android apps.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

03/17/2021

AndroidCompass: A Dataset of Android Compatibility Checks in Code Repositories

Many developers and organizations implement apps for Android, the most w...
01/29/2022

Aper: Evolution-Aware Runtime Permission Misuse Detection for Android Apps

The Android platform introduces the runtime permission model in version ...
02/19/2021

SEPAL: Towards a Large-scale Analysis of SEAndroid Policy Customization

To investigate the status quo of SEAndroid policy customization, we prop...
07/06/2021

OwlEyes-Online: A Fully Automated Platform for Detecting and Localizing UI Display Issues

Graphical User Interface (GUI) provides visual bridges between software ...
12/30/2019

Scalable Online Vetting of Android Apps for Measuring Declared SDK Versions and Their Consistency with API Calls

Android has been the most popular smartphone system with multiple platfo...
12/14/2020

AndroEvolve: Automated Update for Android Deprecated-API Usages

Android operating system (OS) is often updated, where each new version m...
11/21/2019

FILO: FIx-LOcus Recommendation for Problems Caused by Android Framework Upgrade

Dealing with the evolution of operating systems is challenging for devel...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

I Introduction

The Android framework provides a flexible XML configuration environment, which is widely used by developers to control Android components’ behaviors or even the entire apps, such as defining User Interface (UI) structures of the apps’ layout and declaring the required system permissions, and so on.

Android continuously evolves to meet different market demands, resulting in successive releases of thirty different API levels since its launch [2]. Each API level introduces functional changes to the Android configurations to cater for revised requirements. Such functional changes can cause the same configuration element in an Android app to manifest inconsistent behaviors at different API levels. We refer to such inconsistencies as configuration compatibility issues, which can lead to poor user experience.

Fig. 1: A real-world example of configuration compatibility issues reported in BUG 1486200 of gecko-dev.

Figure 1 shows a real-world example of a configuration compatibility issue (i.e. BUG 1486200 [7]

) reported by an open-source Android browser engine project called gecko-dev 

[18], which has received 2.1K+ stars in GitHub [19]. Lines 3-8 specify a <selector> configuration element to create a color state list object. It has a child tag named <item> containing a set of attributes such as android:color in Line 6. The configuration element triggers a compatibility issue, where the app normally works at an API level 23 but throws ArrayIndexOutOfBoundsException at API level 21 and manifests inconsistent look-and-feel at API level 22. The issue was caused by the different implementations among API levels 21, 22, and 23 to process the attribute value of android:color from XML configuration files in the Android framework (see Section II-B for more details). In our empirical study, we observe that among the 196 real-world configuration compatibility issues in 43 popular Android apps, 89 (45.4%) of them can induce app crashes at certain API levels, while a further 88 (44.9%) can induce inconsistent look-and-feel across different API levels. This indicates that, in practice, configuration compatibility issues can induce severe problems in Android apps.

Nevertheless, uncovering configuration compatibility issues caused by such changes is non-trivial. Specifically, our investigation of 200 top-ranked Android apps found that each of them on average specifies 25,991.6 configuration elements spreading across 663.1 XML files. Typically, Android apps are designed to run on a range of API levels. It is expensive to design tests to check whether all these configuration elements and their attributes are handled as intended across these diverse API levels. As a result, configuration compatibility issues can easily be missed by app developers. Although the related official Android documentation, such as Android Developers [2] and Android API Differences Reports [12], records the information of configuration changes that can result in compatibility issues, such documentation can miss many configuration changes that manifest runtime inconsistencies. Even if the relevant changes are documented, the documentation can be overlooked by developers. Thus, an automatic tool to help detect configuration compatibility issues is helpful.

Existing techniques on detecting software misconfigurations [36, 51, 6, 50, 14, 9, 40, 37] and Android incompatibilities [17, 25, 45, 44, 47, 23, 29, 21, 28] are not effective in identifying such configuration compatibility issues and pinpointing the root cause. For example, the issue between API levels 22 and 23 in Figure 1 is triggered by using different API calls with different guarded conditions to load the value of android:color in the XML tag <item>. Accurate identification of the root cause requires path-sensitive analysis, which can be expensive. However, if we consider the existence of a compatibility issue whenever there are implementation differences on how the Android framework processes XML attributes, many issues identified are spurious as many code changes are irrelevant to compatibility issues. It is non-trivial to analyze code changes that can trigger configuration compatibility issues in the Android framework with the large codebase (i.e., 4M+ LOC at API level 30) and a huge number of code changes in history (i.e., 250 git development branches with changes from 566K+ commits until April 2021). So far, no prior works have studied the common patterns of code changes in the Android framework that induce configuration compatibility. To fill such gaps, we conducted an empirical study linking the root causes of real configuration compatibility issues in 43 popular open-source Android apps to the code changes in the Android framework. We found several common code change patterns that can induce configuration compatibility issues in the Android framework (Section III).

Based on the findings, we further propose ConfDroid, which is a static analyzer encoding the common code change patterns to automatically generate issue-detection rules. Specifically, ConfDroid performs an intra-class level symbolic execution based on the insight that common configuration compatibility issues are induced by the code changes within a single class that can process XML attributes in the Android framework. In this way, we can greatly reduce the cost of conducting path-sensitive analysis while ensuring comparable accuracy when identifying detection rules.

We implemented ConfDroid based on Soot [27] and ran it on the Android framework code among API levels 21-30 to extract rules for detecting configuration compatibility issues. The experimental results show that ConfDroid achieved a precision of 91.9% by successfully generating 282 valid detection rules, which can be reproducible when manifesting runtime inconsistencies in the Android emulators. Besides, ConfDroid can generate 65 validated rules that are missed by three state-of-the-art baseline methods. Furthermore, we evaluated the usefulness of ConfDroid for issue detection in the 316 real-world Android apps from F-Droid [16] and AppBrain [3]. Among 65 valid rules that are uniquely returned by ConfDroid, 11 of them have been enabled to generate 107 warnings that can be reproduced to manifest configuration compatibility issues in 30 apps. So far, 52 warnings have been confirmed, and 51 warnings have been fixed by the developers. We released the empirical and experiment datasets as well as the ConfDroid artifact in our project website [10].

To summarize, our work makes three major contributions.

  • An empirical research on open-source apps to help understand the common root causes and patterns of configuration compatibility issues.

  • A technique named ConfDroid that can generate rules to facilitate an automatic detection of configuration compatibility issues in Android apps.

  • An empirical evaluation showing that (1) ConfDroid outperforms existing approaches on generating new detection rules with high precision, and (2) rules extracted by ConfDroid can be successfully applied for detecting previously-unknown configuration compatibility issues.

Ii Background & Motivation

Fig. 2: Code snippets adapted from ColorStateList in the Android framework to process the attribute android:color among API level 21, 22 and 23.

Ii-a Processing XML Configuration Files in Android

XML configuration files are an indispensable part of Android projects. In general, there are two types of XML configuration files: (1) manifest files (AndroidManifest.xml) that provide the essential runtime information for Android apps, (2) resource XML files (located in the /res/ folder) that are commonly used to define an app’s user interfaces [49]. The Android framework provides a flexible configuration environment that can accept substantially different attributes (e.g., 1,435 different attributes at API level 30). As the Android framework evolves, compatibility issues arise from inconsistent handling of these attributes and their values among different API levels.

A popular Android app typically consists of a few hundred XML configuration files. Each is processed as the following steps by the Android framework.

Parsing. The Android framework uses XmlPullParser to parse all the XML tags in configuration files and return an AttributeSet or TypedArray object for each XML tag. In particular, AttributeSet and TypedArray are two classes defined in the Android framework to store each XML attribute value as a key-value pair. The framework provides APIs to trigger the parsing process and returns a newly created AttributeSet or TypedArray object, such as getXml() in Line 1 of Figure 2.

Loading. AttributeSet and TypedArray define APIs (e.g., AttributeSet#getAttributeIntValue() and TypedArray#getBoolean()) that take configuration attributes as parameters and return the corresponding attribute values in predefined formats. We refer to these APIs as configuration APIs. In the loading step, the attribute values in the AttributeSet and TypedArray objects are loaded to some program variables using the configuration APIs.

Usage. The variables are processed by the Android framework to represent the app’s runtime behavior.

Configuration compatibility issues can occur when there are inconsistent implementations in the above steps among the different Android API levels.

Ii-B Motivating Example

Fig. 3: Reproduction steps for the issue as shown in Figure 1.

It is generally difficult for developers to identify compatibility issues from many XML configuration files in their apps, especially for those issues that can only be triggered under specific conditions. Figure 3 shows a test case that can manifest the issue illustrated in Figure 1. To this end, developers should first let the app load a website containing a time picker as Figure 3(a) shows, and then choose the corresponding input field to open the problematic time picker as listed in Figure 1. It took the developers one month to detect and fix the above issue. The issue was caused by the inconsistent processing of android:color in the Android framework among API levels 21, 22, and 23. The different implementations of these API levels are shown in Figure 2. First, at API levels 21 and 22, the configuration API AttributeSet#getAttributeIntValue() in Line 7 is invoked to load android:color, whose value affects the array mSpec in Line 8. However, there is a defect in the Android framework at API level 21. It accesses an illegal index of the array mSpec in Line 12, causing the app to crash. At API level 22, we did not witness the crash as the Android framework has fixed the processing of android:color, as shown in Line 13. Second, the configuration API AttributeSet#getAttributeIntValue() fails to load the attribute values in the style format (i.e., Line 7 of Figure 2). As a result, the style format attribute value ?android:attr/textColorSecondary defined in android:color (Line 6 of Figure 1) is ignored, causing the inconsistent look-and-feel as Figures 3(b) and (c) show.

The above example shows how the code changes in the Android framework induce configuration compatibility issues. However, it is non-trivial to automatically identify such code changes. For example, at API level 22, the statement of loading the android:color attribute value (Line 7 of Figure 2) is guarded by a condition in Line 4 as shown in Figure 2. An accurate analysis of the loading behavior therefore requires path-sensitivity. However, since path-sensitive analysis is expensive, it cannot be scaled to the whole Android framework that contains a large amount of code (i.e., 4M+ LOC of API level 30) with long-term update history (i.e., 566K+ commit changes until April 2021). To provide insights for automatically identifying such code changes and facilitating issue detection, we conducted an empirical study (Section III) on real-world issues to understand the common patterns of code changes that can induce configuration compatibility issues.

Iii Empirical Study

To facilitate automated detection of configuration compatibility issues, we conducted an empirical study on the characteristics and symptoms of such issues in real-world Android apps. The study aims at answering the following two research questions:

  • RQ1 (Issue types and root causes): What are the common types and the corresponding root causes of configuration compatibility issues?

  • RQ2 (Issue symptoms): What are the common symptoms of configuration compatibility issues?

Iii-a Dataset Collection

We collected bug-related code revisions from well-maintained open-source Android apps as the empirical dataset. To this end, we searched for suitable subjects on F-Droid  [16], which is a famous repository containing high-quality open-source Android apps. Specifically, we selected subjects that meet the following criteria: (1) maintaining a public issue tracking system, (2) receiving more than 500 stars on GitHub [19] (popularity), and (3) pushing the latest git commit within the most recent three months (well-maintenance). We chose these three criteria because the configuration compatibility issues located in these selected subjects are likely to affect many users due to the popularity of the apps. As a result, 43 apps were returned.

In order to locate the configuration compatibility issues affecting the 43 selected apps, we used the following two types of keywords to search for related code revisions:

  • Keywords related to Android framework versions. In practice, developers often indicate the specific versions of the Android framework in which compatibility issues occur in the changelog. Specifically, we used two keywords, API (API level for short), and Android [i] where [i] stands for an integer, to search for Android system versions in changelogs. Besides, we also looked for code revisions that contain version-specific XML files, which are stored in the path that contains a version qualifier v[L], where [L] represents the minimum API level applicable to the files.

  • Keywords related to XML configuration files in Android apps. Specifically, we chose the following two keywords: resource, and AndroidManifest, so that they can effectively cover all types of XML configuration files supported in the Android framework.

In total, 2,376 unique code revisions were identified from the 43 apps after removing duplicates from the searching results.

Next, we conducted manual analysis on the 2,376 code revisions to refine configuration compatibility issues. Specifically, we collected the code revisions in three steps. First, we screened out the code revisions unrelated to valid configuration compatibility issues because some irrelevant code revisions (e.g., introducing new app features) can be accidentally returned by our keyword-based search. Second, we collected the incompatibility-inducing attributes and XML elements from the revision-related commit logs, bug reports, or code diffs. To answer RQ1, the code changes related to the incompatibility-inducing attributes and XML elements should also be identified in the update history of the Android framework to investigate how these changes can cause issues. Third, to answer RQ2, we referred to the information of code revisions and online discussions of similar issues for the consequences when developers did not handle problematic XML elements or attributes well. Eventually, we collected 196 configuration compatibility issues from code revisions as the empirical dataset.

Iii-B RQ1: Issue Root Causes

Root Causes Issue #
Type 1 Unavailable configuration APIs 116 (59.2%)
Type 2 Inconsistent configuration APIs 42 (21.4%)
Type 3 Inconsistent Android internal XML configuration files 19 (9.7%)
Type 4 Inconsistent attribute dependencies 9 (4.6%)
Type 5 Inconsistent attribute usages 9 (4.6%)
Type 6 Inconsistent attribute default values 1 (0.5%)
TABLE I: Common root causes of configuration compatibility issues

We elaborated on the six common types (or causes) identified from the 196 configuration compatibility issues as shown in Table LABEL:tab:issuecategorization.

Fig. 4: The Android framework code for loading the attribute value of android:gravity in the class LayerDrawable.

Unavailable configuration APIs. The Android framework loads attribute values by calling configuration APIs after parsing the XML tags in configuration files to AttributeSet or TypedArray objects. Some statements invoking configuration APIs are introduced or removed as the Android framework evolves, resulting in an inability to load the associated configuration attribute values in a certain range of API levels. In our empirical dataset, we found 116 (59.2%) issues that were induced by such a type of code changes. For example, the attribute value of android:gravity in Figure 4 is loaded by LayerDrawable to adjust the gravity for layer alignment starting from API level 23. A navigation app OsmAnd [33] filed an issue in commit 1bbf578 that the attribute value of android:gravity is not loaded when running at an API level below 23, causing the incorrect display of graphic user interfaces.

Inconsistent configuration APIs. Configuration APIs in the Android framework are designed to load attribute values in specific data formats. Compatibility issues can happen when the configuration APIs to load an attribute vary across API levels. The example in Figure 1 between API levels 22 and 23 falls into this types. Such an issue is caused by the style format attribute value of android:color not being loaded by the configuration API getAttributeIntValue() at API level 22. The loading of android:color in an unsupported format can result in app crashes at API level 22. There are in total 42 (21.4%) issues of this type.

Inconsistent Android internal XML configuration files. The Android framework provides a set of internal XML configuration files that can be referenced by the developers as a part of their apps. Compatibility issues can happen when there are changes in those internal XML configuration files as the Android framework evolves. For example, QKSMS [34] commit 6b70a47 describes an issue caused by the internal XML configuration file ic_menu_added.xml, which was introduced at API level 23. There are 19 (9.7%) issues falling into this issue type.

Fig. 5: Code changes of loading android:spinnersShown in the class DatePicker.

Inconsistent attribute dependencies.  In the Android framework, there are dependencies across configuration attributes. In other words, the runtime behaviors of one attribute depend on the value of other attributes. We found nine compatibility issues that were induced by the inconsistent implementations on attribute dependencies among API levels. For example, open-keychain [31] reported an issue in commit be06c4c. As Figure 5(a) shows, developers have specified the value of android:spinnersShown as true to make the date picker widget be displayed in the spinner mode. The attribute value cannot be loaded at API level 21 without specifying the value of android:datePickerMode as spinner, causing the date picker to be displayed in the calendar mode by default. In this case, the app crashed at API level 21 due to a specific implementation of the date picker in the calendar mode. The code changes in Figure 5(b) show that starting from API level 21, the configuration API for android:spinnersShown is guarded by the conditional statement that checks whether the value of android:datePickerMode is spinner.

Inconsistent attribute usages. Compatibility issues can happen when there are inconsistent implementations on how the Android framework uses the attribute values after being loaded by configuration APIs. As Figure 2 shows, there is a change in processing the value of android:color (in Line 12 and 13) between API levels 21 and 22. The change avoids the ArrayIndexOutOfBoundsException when the Android framework parses the XML element in Figure 1 at API level 22. In total, there are nine (4.6%) issues falling into this issue type.

Inconsistent attribute default values. There is one (0.5%) issue caused by inconsistent default values of the attribute android:useLevel in the XML tag <shape> between API levels 21 and 22, as reported in the commit a221442 of OsmAnd [33].

Iii-C RQ2: Issue Symptoms

We further analyzed the common issue symptoms as below. Specifically, 89 (45.4%) of the 196 issues in our empirical dataset can cause the apps to crash when triggering incompatibility-inducing XML configuration elements, as shown by the motivating example in Figure 2. Another 88 issues (44.9%) can induce an inconsistent look-and-feel across different API levels, affecting the apps’ functionalities. For example, the problem reported in the commit a221442 of OsmAnd [33] can force the progress bar to always show a full circle. The remaining 19 issues (9.7%) can cause inconsistent app behaviors beyond crashes and look-and-feel. For example, the app Slide [38] specified android:requestLegacyExternalStorage to make sure the app can still request for the external storage at an API level 29. This shows that configuration compatibility issues can cause severe consequences to the app developers.

Iv ConfDroid Approach

In this section, we illustrate ConfDroid, which extracts detection rules for configuration compatibility issues. ConfDroid is built based on a novel configuration constraint that models how the attribute values specified in the XML configuration files can be processed by configuration APIs in the Android framework. To overcome the limitations of existing static-based approaches (see Section II-B), ConfDroid performs symbolic execution, which follows the control flows that can affect the invocations of configuration APIs, to extract configuration constraints more precisely. Detection rules can be subsequently derived by comparing the differences of extracted configuration constraints among API levels.

Iv-a Android Configuration Constraint Model

Our empirical study found that the majority (158/196) of issues were induced by the inconsistent handling of configuration APIs (Type 1 and Type 2) for a single attribute among API levels. The inconsistencies can lead to failures in loading attributes with specific data format under certain XML tags at some API levels. Motivated by these findings, we formulate constraints that govern configuration APIs, called Android configuration constraints. Formally, an Android configuration constraint is defined as a tuple . Specifically, stands for the attribute to be loaded by the configuration API, is the XML tag where the attribute is located; and stands for the data format that can be assigned to . An Android configuration constraint is extracted when ConfDroid finds a program path in the Android framework that can invoke the configuration API to load the attribute with data format under the XML tag . Rules for issue detection can then be identified by comparing the differences in Android configuration constraints among API levels.

A constraint for a configuration API is extracted as follows. can be inferred from the parameter identifying the attribute to be loaded in the configuration API call; can be inferred from the return values of the configuration API call, such as XmlPullParser#getName() in the program path (e.g., Line 4 of Figure 2). can be inferred from the configuration API used to load since each configuration API can only load attribute values in a specific group of data formats. Note that one configuration API can generate multiple constraints if it can support loading attribute values in different data formats. For example, as the code snippets in Figure 2 show, by analyzing the program paths to the configuration APIs getAttributeIntValue() and getColor(), we can obtain the following constraints between API levels 22 and 23.
API level 22:

API level 23:



As the API descriptions in Android Developers [2] shows, comparing to getAttributeIntValue(), the configuration API getColor() can load integer attribute values in the style format, an additional Android configuration constraint for android:color (Equation 3) is extracted at API level 23.

Iv-B ConfDroid Overview

We propose ConfDroid to identify Android configuration constraints, which can be inferred from configuration API invocations in the Android framework to model the common issue patterns (Type 1 and Type 2). The identified constraints can be further refined into a set of compatibility detection rules based on the differences among the identified constraints across different API levels.

To identify Android configuration constraints, we prefer using static analysis to dynamic analysis. Using dynamic analysis for the purpose is expensive due to the large search space of possible test inputs. For example, a dynamic approach needs to generate an XML file as given in Figure 1 to reach the configuration API in Line 7 of Figure 2. The file generation involves searching for (1) the tree hierarchies of XML configuration elements (e.g., <item> is set as a child of <selector>), (2) the XML elements embedding the concerned attributes (e.g., android:color should only be set in <item>), and (3) other necessary configuration settings to avoid crash when parsing XML files (e.g., android:state_activated in Line 5). In contrast, static analysis enables us to compare the approximated behaviors of these APIs without actually generating valid test inputs.

However, the existing techniques [36, 6, 14, 9] analyze configuration APIs by conducting path-insensitive analysis, which can be somewhat inaccurate and miss incompatible configuration APIs without considering the if-conditions (e.g., Line 6 in Figure 2). Therefore, a path-sensitive analysis is necessary to obtain by solving path constraints triggering configuration APIs with the constraint solver. Symbolic execution is a powerful path-sensitive analysis technique. Yet, an exhaustive symbolic execution is expensive and cannot scale to the size of the Android framework. In addition, the path constraints triggering the configuration APIs can be complex as the Android framework codebase is mixed with components compiled to native code. To tackle the above challenges, ConfDroid performs backward symbolic execution from the call site of configuration APIs. This is based on a trimmed version of an inter-procedural control flow graph, which is built by pruning the statements that are not needed to infer the Android configuration constraints (Section IV-C). The trimmed-ICFGs are designed to not only address the scalability by reducing the number of program paths and complex conditions to be analyzed, but also preserve reasonable accuracy while conducting path-sensitive analysis. We illustrate the details of backward symbolic execution and trimmed-ICFGs in the following parts.

To summarize, ConfDroid works as follows.

  • ConfDroid builds a trimmed version of interprocedural control flow graphs (trimmed-ICFGs) for the Android framework code. We choose to build the trimmed-ICFGs for scalability (Section IV-C).

  • ConfDroid performs backward symbolic execution on the trimmed-ICFGs to extract Android configuration constraints (Section IV-D).

  • ConfDroid generates detection rules by comparing the differences of Android configuration constraints among different API levels (Section IV-E).

Iv-C Building Trimmed ICFG

ConfDroid performs analysis over a trimmed version of an inter-procedural control flow graph, which is denoted as , to ensure the scalability. Our idea to build such an is inspired by the observation that the code changes triggering compatibility issues in unavailable configuration APIs and inconsistent configuration APIs primarily reside in the class that invokes the configuration APIs to load the incompatibility-inducing attributes. Therefore, ConfDroid builds an for each class that invokes configuration APIs by combining the call graph and each method’s control flow graph within the class. The strategy limits the extraction of Android configuration constraints to intra-class analysis. However, such a strategy does not pose a significant impact on the process of configuration constraint extraction and detection rule generation (Section IV-F).

Iv-D Extracting Android Configuration Constraints

Input: : The trimmed-ICFG for the Android framework
Output: : Android configuration constraints
1 foreach   do
2       add to while  is not empty do
3             remove from foreach  with an edge in  do
4                   if  then
5                         add into
6                  
7            
8      foreach  of  do
9             add to
10      
return ACC
Algorithm 1 Extracting Android Configuration Constraints

Taking the generated trimmed-ICFGs  as inputs, ConfDroid extracts Android configuration constraints by analyzing program paths to the target statements that contain the invocation of configuration APIs (Algorithm 1). Specifically, it takes the following two steps to extract Android configuration constraints. First, starting from each target statement , ConfDroid performs backward symbolic execution from the trimmed-ICFG generated in Section IV-C to extract the path constraint (Line 3-9). Such a path constraint is a first-order logic formula that records (1) the conditions that should be satisfied to invoke the target statement, and (2) the configuration API invocation in the target statement (Line 3-9). Unlike forward symbolic execution, backward symbolic execution saves on testing efforts by only exploring relevant program statements to reach the target statements. Then, the path constraints will be further refined as a set of Android configuration constraints with the help of SMT solver Z3 [52] (Line 10-12).

Extracting path constraints. For each target statement with configuration API invocations, ConfDroid computes the path constraints by performing backward symbolic execution along . Specifically, the analysis will maintain the symbolic states and representing the precondition and postcondition of in . The symbolic states are computed iteratively along with the symbolic state transformer , as defined in Table II, from  to . After computing for a statement and , the algorithm merges the result with that is already presented before the statement (Line 7). In the presence of loops, we analyze them twice to ensure that the algorithm terminates and traverses the back edge of the loop at least once. The path constraint is obtained from of the statements that are the entry points of .

Taking the first code snippet in Figure 2 as an example, ConfDroid will analyze the target statement in Line 7, and compute its path constraint along the path (7,6,5,4,3) as follows:

  • in Line 7, ;

  • in Line 6, ;

  • in Line 3 (entry point), ;

[b] if (branch condition)

TABLE II: Specification of symbolic state transformer for Java statements.
  • The string APIs modelled by Z3 (e.g., String#equals()) are considered as instead of .

  • means replacing the symbolic variable in the symbolic state by .

Refining Android configuration constraints. ConfDroid further refines the path constraints as Android configuration constraints with the help of SMT solver Z3 [52] (Line 10-12). First, ConfDroid checks whether the target statements are reachable by the path constraints. To achieve this, ConfDroid substitutes API calls in the path constraints to symbolic variables according to the return types. ConfDroid will declare any variables whose data formats are not modeled in Z3 as integer variables and replace constants (e.g., null) in the path constraints as integers in queries of Z3. The target statement is reachable if its associated path constraint is decided to be satisfiable by Z3.

ConfDroid then calculates and from the path constraints . is calculated from the parameter identifying the attribute to be loaded in the API call (i.e., in Line 7 of Figure 2). is calculated as the return value of the API call XmlPullParser#getName(). Note that will be assigned as the class name where locates when the concrete value of cannot be identified, because the Android framework allows app developers using the class names as XML tags. ConfDroid then leverages Z3 to infer all the possible values of the above symbolic variables for and . We set the time budget as one minute to Z3 for each symbolic variable. ConfDroid discards the cases when (1) the value of symbolic variables for or are undecidable, or (2) ConfDroid cannot obtain all possible values of symbolic variables for or within the time budget. Such a strategy does not pose significant problems to the accuracy of Android configuration constraint extraction. Since those discarded cases only account for 1.8% (29/1534) when applied to API level 30 (Section IV-F).

Next, to infer the value of , we manually built a map between each configuration API and its supported data format based on its API descriptions. ConfDroid further uses the map of configuration APIs with their supported data formats to analyze for . Finally, ConfDroid extracts Android configuration constraints with all the possible combinations of , and .

Iv-E Generating Detection Rules

Detection rules are further inferred by comparing the differences in Android configuration constraints between the two adjacent API levels and () as follows.

  • ConfDroid reports a rule of attribute loading change if an attribute of the XML tag can be loaded at the API level only but not (or at only but not ). The rules falling into this type are induced by unavailable configuration APIs (Type 1 in Section III-B).

  • ConfDroid reports a rule of data format change if there are inconsistencies in the supported data formats for an attribute of the XML tag between and . The rules falling into this type are induced by inconsistent configuration APIs (Type 2 in Section III-B).

For example, by comparing the differences of Android configuration constraints as shown in Section IV-A, ConfDroid generates a rule of data format change as follows.

The above rule indicates that assigning the attribute value in the styled integer format to android:color under the XML tag <item> can trigger compatibility issues between API levels 22 and 23.

Iv-F Discussion

The accuracy of detection rules extracted by ConfDroid can be affected by the limitations of conducting backward symbolic execution to infer Android configuration constraints. First, ConfDroid performs an intra-class level backward symbolic execution, which can cause and in Android configuration constraints identified inaccurately. Second, ConfDroid discards cases where values of and cannot be inferred due to the inabilities of Z3. Therefore, false positive rules occur when an Android configuration constraint cannot find the equivalent one at other API levels due to the limitations of our analysis. Plus, false negative rules are incurred when ConfDroid fails to generate Android configuration constraints for the evolved attributes. However, ConfDroid only discards 1.9% (29/1534) of the configuration API call sites at API level 30, indicating the insignificant impact on the inference of Android configuration constraints due to the intra-class level symbolic execution and the inabilities of Z3. Although we cannot draw a whole picture of all the cases of Android configuration evolutions, we find that ConfDroid is only unable to generate Android configuration constraints for 21.0% (301/1435) attributes at API level 30. These constraints are accountable for the false negatives in the warnings reported by ConfDroid (Section V-A).

V Evaluation

We implemented ConfDroid based on Soot [27]. In our evaluation, we answer the following research questions:

  • RQ3 (Effectiveness of detection rule extraction): What is the effectiveness of ConfDroid on extracting detection rules compared with baseline methods?

  • RQ4 (Usefulness): Can rules that are uniquely extracted by ConfDroid be useful for detecting issues in real-world Android apps?

V-a RQ3: Effectiveness of Detection Rule Extraction

To answer RQ3, we ran ConfDroid on the Android framework code among API levels between 21 and 30 (inclusive). We evaluated its accuracy in extracting the detection rules of configuration compatibility issues. We compared the results with the following baseline methods.

  • Baseline I: Lint [24], the popular static analyzer officially released by Google. By modeling the API levels when attributes were introduced, Lint can detect configuration compatibility issues caused by an unavailable attribute at API level .

  • Baseline II: ORPLocator [14], the state-of-the-art technique for extracting attributes in a software system by conducting path-insensitive analysis on its configuration APIs. We ran ORPLocator at different API levels to extract detection rules for unavailable attribute at API level .

  • Baseline III: cDep [9], the state-of-the-art software misconfiguration tool which focuses on analyzing attribute dependencies in the software system. We ran cDep among API levels to generate detection rules for the unavailable dependencies between two attributes and at API level .

Note that we did not choose SCIC [6], the state-of-the-art tool for detecting misconfigurations caused by software evolution, as the baseline since its artifact is not available. Besides, ORPLocator (Baseline II) and cDep (Baseline III) are more recently published techniques. The original algorithms of ORPLocator and cDep comprise inter-class analyses. However, they cannot scale up to the Android framework and fail to extract any rules. As such, we slightly adapted ORPLocator and cDep to performing intra-class analyses in the construction of the two baselines.

Validating detection rules. We considered an issue-detection rule as valid if the XML configuration files that satisfy the triggering conditions specified by can induce configuration compatibility issues between two API levels. Specifically, for each issue-detection rule extracted by ConfDroid and other baselines, we used the attribute name, the XML tag, and the incompatibility-inducing API levels specified in as keywords to search for relevant discussions in Stack Overflow [39] and GitHub [19]. For those rules with no relevant discussions found, we manually crafted an Android app that includes XML configuration files satisfying the issue-triggering condition in to manifest inconsistent behaviors across API levels. Furthermore, the manifested inconsistent behaviors should disappear after removing the incompatibility-inducing attribute from the concerned XML configuration file. A rule is considered valid if we can find a relevant online discussion or successfully craft an app confirming the existence of configuration compatibility issues.

Method ConfDroid Lint ORPLocator cDep
Time 2h58m36s - 2m26s 3m25s
Validation Rate 91.9% (282/307) 100.0% (218/218) 85.6% (131/153) 12.7% (28/220)

TABLE III: Execution Time for Rule Extraction and Validation Rate of Extracted Rules. Rules in Lint are hardcoded.

Table III shows the execution time as well as the number of rules extracted by ConfDroid and baseline methods. The execution time of Lint is inapplicable as the detection rule is hardcoded. Although the execution time of ConfDroid is larger than path-insensitive approaches ORPLocator and cDep, ConfDroid can extract more valid detection rules and complete analyzing the Android frameworks within three hours. In total, ConfDroid successfully extracts 282 valid detection rules, achieving a precision of 91.9%. By performing backward symbolic execution on the configuration APIs in the Android framework, the 65 unique valid detection rules (47 unavailable configuration APIs and 18 inconsistent configuration APIs) extracted by ConfDroid are not found in any of the three baselines.

On the other hand, the 25 detection rules extracted by ConfDroid cannot be validated due to the following two reasons. First, the intra-class level symbolic execution and the inabilities of using Z3 to process configuration APIs can cause incomplete configuration constraint extraction. Second, the Android framework has proposed an internal workaround at the stage of the Android app compilations, which is not analyzed by ConfDroid. Besides, 14.4% of the rules extracted by ORPLocator are invalid due to (1) the adaptation of intra-class level analysis to ensure scalability, and (2) the inaccuracy of its path-insensitive analysis on the Android framework. While we have resolved the scalability issues of the original version of cDep, it achieves the lowest rule validation rate because of (1) extracting incomplete attribute dependencies by only performing intra-class level data flow analysis, and (2) identifying minor code changes that will not induce compatibility issues.

Still, we found 28 rules (28/218=12.8%) that are uniquely included in Lint but not ConfDroid. The false negative rules of ConfDroid concern the theme attributes (e.g., android:attr/textColorSecondary in Figure 1) whose value can only be referenced by another attributes in XML. Such theme attributes are not loaded using the Android configuration APIs and hence are missed by ConfDroid. We have not witnessed any false negative rules in ConfDroid that were extracted by ORPLocator because the valid rules of ConfDroid and ORPLocator fall into the pattern of unavailable configuration APIs. We also did not witnessed any false negative rules that are extracted by cDep. The cDep tool is designed based on the change pattern in attribute dependencies (Type 4 in Section III-B). Such a pattern is not modelled by ConfDroid since it only accounts for 4.6% of the issues in the empirical study dataset. In fact, the validation rules generated by cDep are all caused by the introduction and removal of attributes, which are also dependent on other attributes in the Android framework. Moreover, false negatives can also be induced by the inabilities of Z3 in processing configuration APIs. Although it is challenging to measure false negatives as we lack an authoritative ground truth, we argue that the number of false negatives can be small since ConfDroid can successfully process 98.1% (1504/1533) of configuration APIs, which cover 79.0% (1134/1435) of public attributes at the API level 30.

V-B RQ4: Usefulness

ConfDroid Lint ORPLocator cDep
50,157 9,998 8,424 4,304
46,580 7,316 5,433 3,595
41,790 5,007 4,134 4,290
688 435 54 140

: Warnings generated by rules only.

: False warnings identified by API level filter.

: False warnings identified by support library filter.

: The final output after filtering false warnings by and

TABLE IV: Number of warnings detected using the rules extracted by ConfDroid and baselines

To answer RQ4, we checked whether the rules of ConfDroid could be applied to detect real issues with the comparison of three baselines. Note that Android has introduced various protection mechanisms documented in Android Developers [2] to prevent configuration compatibility issues. The protection mechanisms include (1) checking the API level ranges in which the XML configuration file can be used and (2) using the Android support library (AndroidX) to parse XML configuration files. Leveraging detection rules alone without considering any protection mechanisms can induce a large number of false warnings. Therefore, we built two false warning filters and to investigate the impact of protection mechanisms on issue detection. Specifically, checks whether the XML configuration file can be applied to incompatibility-inducing API levels. App developers can provide different copies of the XML configuration files for different API levels with the identifier -v (e.g., -v24 in layout-v24/a.xml). For an issue reported by a rule with problematic API levels , considers the API level identifier with the parameter value of minSdkVersion to check whether the XML file can be used at . also checks whether there is another copy of the file for API level . The reported issue is considered as invalid if the XML file cannot be used in both and . checks whether an XML configuration file can be parsed by the Android support library (AndroidX) instead. Here, we consider an XML configuration file to be free of compatibility issues if it is only referenced by the APIs or attributes defined in the library. We then built four different variants of issue detectors with two filters and as Table LABEL:tab:issuedetection shows.

We applied the above variants to detect issues in real-world Android apps. We crawled 116 open-source Android apps in F-Droid [16] with at least 50 stars in GitHub [19] and the last git commit made within the past six months. We further collected 200 closed-source apps marked as top-ranked in AppBrain [3]. None of these 316 apps overlaps with those used in our empirical study (Section III) to avoid the risk of overfitting.

Table LABEL:tab:issuedetection shows the number of warnings produced by each variant of issue detectors. We can see that the number of false warnings is significantly less when combining two false warning filters and , showing that the above two mechanisms are often adopted to handle compatibility issues. Several frequently-used attributes contribute to the number of warnings reported in Table LABEL:tab:issuedetection. For example, developers intensively use an incompatibility-inducing attribute android:strokeColor in their apps. helps reduce 12,445 false warnings that developers have properly used such an attribute with API level identifiers.

Considering the output of , the rules of ConfDroid generated 688 issue warnings, outperforming the other baseline methods. Note that the number of warnings can be varied depending on the frequency of which incompatibility-inducing attributes are used in apps. As for the 65 rules that were uniquely identified by ConfDroid, 11 of them were activated to output 253 warnings from 74 apps, among which 90 warnings were from 20 open-source apps, while the remaining 163 warnings were from 56 closed-source apps. The above results show that the rules uniquely generated by ConfDroid can be leveraged to generate issue reports that are unknown to other baselines.

We then conducted manual reproduction trying to manifest inconsistent runtime behaviors on the warnings that are uniquely reported by rules in ConfDroid. Specifically, we first tried to build test cases to reach the Activity using the XML element in the issue reports. Then, we tried to manifest the runtime behavior controlled by the incompatibility-inducing attributes in the XML element by reading the code logic of the Activity. Since we have no access to the source code of the closed-source apps, we analyzed the apps’ code logic by reading the smali code decompressed from their apk files. An issue is considered reproducible if we can observe inconsistent runtime behavior by building a test case based on the above two steps. We successfully reproduced 107 warnings in 30 apps (67 warnings in 12 open-source apps and 40 warnings in 18 closed-source apps). We failed to reproduce the remaining warnings for the following three reasons. First, the XML elements where the incompatibility-inducing attributes are located were not reachable because of special triggering conditions (e.g., paying for unlocking hidden functionalities). Second, false warnings were generated because it cannot recover the workaround of configuration compatibility issues made by app developers. Third, the app was obfuscated so that it is difficult for us to understand the app’s runtime behavior through analyzing the smali code.

App ID Warnings Confirmed Fixed
AndOTP [1] 539 42 42 42
Aria2App [4] 42 2 0 0
Dash Wallet [11] 648 3 0 0
document-viewer [13] 328 1 0 0
FastScroll [42] 36 1 1 0
GoodTime [20] 197 1 1 1
Metro [30] 55 6 0 0
Kontalk [26] 1315 1 0 0
openWorkout [32] 45 1 0 0
PersianCalendar [15] 621 5 5 5
Twire [41] 119 3 3 3
UniPatcher [43] 52 1 0 0
Total - 67 52 51
*

Issues that have received replies from app developers.

TABLE V: Issue Reports

We further reported the 67 reproducible warnings concerning 12 open-source apps to the original app developers. For each app, we only sent one issue report containing all warnings found in it. Table LABEL:tab:issuereport shows the issue reports that have been sent to the developers. The distribution of reported issue warnings depends on the attribute usages in different apps. For example, our issue detector reports 42 warnings in the evaluation subject AndOTP since it frequently uses the attribute android:fillColor to define the colors in the app icons. The processing of android:fillColor in the Android framework has been changed between API levels 23 and 24, causing an inconsistent look-and-feel on the app’s icons. So far, 52 warnings concerning five apps have been confirmed, and 51 warnings in four apps have been fixed by developers. We did not report issues for closed-source apps as they do not have a public issue tracker. Instead, we released the reproduction results of both open-source and closed-source apps on our project website [10]. The above confirmed or fixed warnings demonstrate the usefulness of rules extracted by ConfDroid to facilitate configuration compatibility issue detection.

Vi Threats to Validity

Keywords for dataset collection. When collecting configuration compatibility issues, we used two sets of keywords related to API levels and XML files. Although different apps may use different app-specific terms to refer to the same concepts, such app-specific terms are hard to collect. Besides, using app-specific terms as keywords can return many irrelevant results. Therefore, our dataset was collected primarily using the above two groups of general keywords, which retrieves 196 configuration compatibility issues.

Generality of our empirical findings. In this paper, we studied the configuration compatibility issues in the Android apps and further proposed ConfDroid to facilitate automatic issue detection. Our empirical findings may not be generalized to other types of software systems. We chose Android as our study platform because it is representative of a popular system supporting a high degree of configurability in thousands of attributes. The open-source Android framework code provides a nice foundation for us to study the root causes of configuration compatibility issues.

Empirical subject selection. The findings from the issues in the open-source Android app can be biased to the subjects selected in our empirical study. We mitigated the threat by selecting a significant number of issues and apps. As a result, the study was based on 196 issues from 43 open source apps that are popular and well-maintained.

Evolving Android framework versions. The Android API levels that we studied may become obsolete over time. It is a threat common to most studies based on Android. To mitigate the threat, we base our study on the latest API levels.

Manual inspections and developers’ feedbacks. We manually inspected our evaluation to validate issues detected by ConfDroid. The manual process can be subject to errors. We also submitted the validated ones to the original app developers for their feedback. However, several issue reports are still pending. This is most likely because some developers tend to be less responsive to the issue reports in the issue tracker. To address the threat that our reported issues may not be real ones, our manual process involves validating detection rules and issuing warnings through actual executions. We also make our validation steps and artifacts publicly available [10].

Vii Related Work

Vii-a Software Misconfigurations

There are plenty of works [36, 51, 6, 50, 14, 9, 40] on detecting software misconfigurations. For example, Behrang et al. [6] proposed SCIC to study the attributes that cannot take effects because of software evolution. Dong et al. [14] proposed ORPLocator to detect inconsistencies between documentations and configuration attributes in system code. Recently, Chen et al. [9] proposed cDep to extract attribute dependencies from source code. Although these approaches can be adapted to detect compatibility issues across multiple system versions, the proposed path-insensitive analyses are ineffective for the Android framework. It is because the loading of configuration attributes in the Android framework is commonly guarded by variables defined in the same configuration class. In contrast, ConfDroid conducts intra-class level path-sensitive analysis for more precise detection of compatibility issues.

There are works studying misconfigurations caused by system evolution [54, 56]. For example, Zhang et al. [54] proposed a technique for debugging software misconfigurations induced by software evolution. However, the technique requires developers to provide test cases to manifest such issues, limiting its applicability. Recently, Zhang et al. [56] conducted an empirical study to understand how the configuration design and implementation evolve in cloud systems. The study does not provide a technique for issue detection. ConfDroid fills the gap by incorporating automated techniques to extract issue-detection rules, which can be readily deployed at Lint for issue detection.

There are also a few related works [5, 35, 53, 55] on automated software misconfiguration diagnosis. However, their research goal is to help understand the root causes of known software misconfigurations. Their application scenario differs from that of ConfDroid where the misconfigurations are unknown.

Vii-B Android Compatibility Issues

A few studies have been conducted on Android compatibility issues. For example, Wei et al. [45, 44] studied the root causes, symptoms, and fixing practices of Android compatibility issues. Huang et al. [23] studied compatibility issues in Android callback APIs. Hu et al. [22] found Android compatibility issues in the WebView component. Cai et al. [8] studied the compatibility issues occurring at installation time and runtime. Xia et al. [48] studied the practice of app developers to handle Android compatibility issues. These studies do not cover the common root causes and patterns of Android configuration compatibility issues, which are prevalent and can cause severe consequences in Android apps.

Researchers have proposed a set of tools to detect Android compatibility issues. First, dynamic-based approaches [17, 25] can generate tests to identify app GUI inconsistencies across Android devices. These approaches adopt a random test generation strategy, which is ineffective in triggering the inconsistencies within the huge search space of an app’s configuration attributes. Second, existing static-based approaches [45, 47, 23, 29, 28, 21, 44] take a set of predefined patterns to facilitate compatibility issue detection in Android apps. However, their approaches can only be leveraged to detect issues caused by problematic API invocations. These approaches are inapplicable for the detection of configuration compatibility issues in Android apps. Besides, Lint [24], a popuplar static-based bug detection tool in the industry [46], can only detect configuration compatibility issues due to the introduction of new attributes. In comparison, ConfDroid encodes common issue patterns to extract detection rules from the Android framework. The evaluation results show that such rules can detect issues that were previously unknown to app developers.

Viii Conclusion & Future Work

To help app developers tackle configuration compatibility issues, in this study, we first collected 196 configuration compatibility issues to empirically understand the common root causes and patterns of such issues. Based on the findings, we further proposed ConfDroid, which encodes common issue patterns to automatically extract detection rules for configuration compatibility issues. The results show that the rules extracted by ConfDroid can facilitate detecting issues that were previously unknown to app developers. In the future, we plan to investigate automated repair techniques for configuration compatibility issues in Android apps. We also plan to design a technique that can facilitate automated validation of configuration compatibility issue to minimise manual efforts.

Acknowledgment

We sincerely thank anonymous reviewers for their valuable comments. This work was supported by the National Natural Science Foundation of China (Grant No. 61932021, No. 61802164 and No. 62002125), Hong Kong RGC/GRF (Grant No. 16211919), Hong Kong RGC/RIF (Grant No. R5034-18), and Guangdong Basic and Applied Basic Research Foundation (Grant No. 2021A1515011562). Huaxun Huang was supported by the Hong Kong PhD Fellowship Scheme. Lili Wei was supported by the Hong Kong RGC Postdoctoral Fellowship Scheme.

References

  • [1] AndOTP. Note: [EB/OL]https://github.com/andOTP/andOTP, 2021 Cited by: TABLE V.
  • [2] Android developers. Note: [EB/OL]https://developer.android.com/, 2021 Cited by: §I, §I, §IV-A, §V-B.
  • [3] AppBrain. Note: [EB/OL]https://www.appbrain.com, 2021 Cited by: §I, §V-B.
  • [4] Aria2App. Note: [EB/OL]https://github.com/devgianlu/Aria2App, 2021 Cited by: TABLE V.
  • [5] M. Attariyan, M. Chow, and J. Flinn (2012) X-ray: automating root-cause diagnosis of performance anomalies in production software. In Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation (OSDI), pp. 307–320. Cited by: §VII-A.
  • [6] F. Behrang, M. B. Cohen, and A. Orso (2015) Users beware: preference inconsistencies ahead. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (ESEC/FSE), pp. 295–306. Cited by: §I, §IV-B, §V-A, §VII-A.
  • [7] Bug 1486200: crash in java.lang.nullpointerexception. Note: [EB/OL]https://bugzilla.mozilla.org/show_bug.cgi?id=1486200, 2021 Cited by: §I.
  • [8] H. Cai, Z. Zhang, L. Li, and X. Fu (2019) A large-scale study of application incompatibilities in android. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), pp. 216–227. Cited by: §VII-B.
  • [9] Q. Chen, T. Wang, O. Legunsen, S. Li, and T. Xu (2020) Understanding and discovering software configuration dependencies in cloud and datacenter systems. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), pp. 362–374. Cited by: §I, §IV-B, 3rd item, §VII-A.
  • [10] ConfDroid webpage. Note: [EB/OL]https://sites.google.com/view/confdroid, 2021 Cited by: §I, §V-B, §VI.
  • [11] Dash-wallet. Note: [EB/OL]https://github.com/dashevo/dash-wallet, 2021 Cited by: TABLE V.
  • [12] Difference reports between api 28 and 29. Note: [EB/OL]https://developer.android.com/guide/topics/manifest/uses-sdk-element, 2021 Cited by: §I.
  • [13] Document-viewer. Note: [EB/OL]https://github.com/SufficientlySecure/document-viewer, 2021 Cited by: TABLE V.
  • [14] Z. Dong, A. Andrzejak, D. Lo, and D. Costa (2016) Orplocator: identifying read points of configuration options via static analysis. In Proceedings of the 27th International Symposium on Software Reliability Engineering (ISSRE), pp. 185–195. Cited by: §I, §IV-B, 2nd item, §VII-A.
  • [15] DroidPersianCalendar. Note: [EB/OL]https://github.com/persian-calendar/DroidPersianCalendar, 2021 Cited by: TABLE V.
  • [16] F-droid. Note: [EB/OL]https://f-droid.org, 2021 Cited by: §I, §III-A, §V-B.
  • [17] M. Fazzini and A. Orso (2017) Automated cross-platform inconsistency detection for mobile apps. In Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 308–318. Cited by: §I, §VII-B.
  • [18] Gecko-dev. Note: [EB/OL]https://github.com/mozilla/gecko-dev, 2021 Cited by: §I.
  • [19] GitHub. Note: [EB/OL]https://github.com, 2021 Cited by: §I, §III-A, §V-A, §V-B.
  • [20] GoodTime. Note: [EB/OL]https://github.com/adrcotfas/Goodtime, 2021 Cited by: TABLE V.
  • [21] D. He, L. Li, L. Wang, H. Zheng, G. Li, and J. Xue (2018) Understanding and detecting evolution-induced compatibility issues in android apps. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE), pp. 167–177. Cited by: §I, §VII-B.
  • [22] J. Hu, L. Wei, Y. Liu, S. Cheung, and H. Huang (2018) A tale of two cities: how webview induces bugs to android applications. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE), pp. 702–713. Cited by: §VII-B.
  • [23] H. Huang, L. Wei, Y. Liu, and S. Cheung (2018) Understanding and detecting callback compatibility issues for android applications. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE), pp. 532–542. Cited by: §I, §VII-B, §VII-B.
  • [24] Improve your code with lint checks. Note: [EB/OL]https://developer.android.com/studio/write/lint, 2021 Cited by: 1st item, §VII-B.
  • [25] T. Ki, C. M. Park, K. Dantu, S. Y. Ko, and L. Ziarek (2019) Mimic: ui compatibility testing system for android apps. In Proceedings of the 41st International Conference on Software Engineering (ICSE), pp. 246–256. Cited by: §I, §VII-B.
  • [26] Kontalk. Note: [EB/OL]https://github.com/kontalk/androidclient, 2021 Cited by: TABLE V.
  • [27] P. Lam, E. Bodden, O. Lhoták, and L. Hendren (2011) The soot framework for java program analysis: a retrospective. In Cetus Users and Compiler Infastructure Workshop (CETUS), Vol. 15. Cited by: §I, §V.
  • [28] C. Li, C. Xu, L. Wei, J. Wang, J. Ma, and J. Lu (2018) ELEGANT: towards effective location of fragmentation-induced compatibility issues for android apps. In Proceedings of the 25th Asia-Pacific Software Engineering Conference (APSEC), pp. 278–287. Cited by: §I, §VII-B.
  • [29] L. Li, T. F. Bissyandé, H. Wang, and J. Klein (2018) Cid: automating the detection of api-related compatibility issues in android apps. In Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), pp. 153–163. Cited by: §I, §VII-B.
  • [30] Metro. Note: [EB/OL]https://github.com/MuntashirAkon/Metro, 2021 Cited by: TABLE V.
  • [31] Open-keychain. Note: [EB/OL]https://github.com/open-keychain/open-keychain, 2021 Cited by: §III-B.
  • [32] OpenWorkout. Note: [EB/OL]https://github.com/oliexdev/openWorkout, 2021 Cited by: TABLE V.
  • [33] OsmAnd. Note: [EB/OL]https://github.com/osmandapp/OsmAnd, 2021 Cited by: §III-B, §III-B, §III-C.
  • [34] QKSMS. Note: [EB/OL]https://github.com/moezbhatti/qksms, 2021 Cited by: §III-B.
  • [35] A. Rabkin and R. Katz (2011) Precomputing possible configuration error diagnoses. In Proceedings of the 26th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 193–202. Cited by: §VII-A.
  • [36] A. Rabkin and R. Katz (2011) Static extraction of program configuration options. In Proceedings of the 33rd International Conference on Software Engineering (ICSE), pp. 131–140. Cited by: §I, §IV-B, §VII-A.
  • [37] E. Reisner, C. Song, K. Ma, J. S. Foster, and A. Porter (2010) Using symbolic evaluation to understand behavior in configurable software systems. In Proceedings of the 32nd International Conference on Software Engineering (ICSE), pp. 445–454. Cited by: §I.
  • [38] Slide. Note: [EB/OL]https://github.com/ccrama/Slide, 2021 Cited by: §III-C.
  • [39] Stack overflow. Note: [EB/OL]https://stackoverflow.com/, 2021 Cited by: §V-A.
  • [40] J. Toman and D. Grossman (2016) Staccato: a bug finder for dynamic configuration updates. In Proceedings of the 30th European Conference on Object-Oriented Programming (ECOOP), pp. 24:1–24:25. Cited by: §I, §VII-A.
  • [41] Twire. Note: [EB/OL]https://github.com/twireapp/Twire, 2021 Cited by: TABLE V.
  • [42] UniPatcher. Note: [EB/OL]https://github.com/zhanghai/AndroidFastScroll, 2021 Cited by: TABLE V.
  • [43] UniPatcher. Note: [EB/OL]https://github.com/btimofeev/UniPatcher, 2021 Cited by: TABLE V.
  • [44] L. Wei, Y. Liu, S. Cheung, H. Huang, X. Lu, and X. Liu (2020) Understanding and detecting fragmentation-induced compatibility issues for android apps. IEEE Transactions on Software Engineering (TSE) 46 (11), pp. 1176–1199. Cited by: §I, §VII-B, §VII-B.
  • [45] L. Wei, Y. Liu, and S. Cheung (2016) Taming android fragmentation: characterizing and detecting compatibility issues for android apps. In Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 226–237. Cited by: §I, §VII-B, §VII-B.
  • [46] L. Wei, Y. Liu, and S. Cheung (2017) OASIS: prioritizing static analysis warnings for android apps based on app user reviews. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (FSE), pp. 672–682. Cited by: §VII-B.
  • [47] L. Wei, Y. Liu, and S. Cheung (2019) Pivot: learning api-device correlations to facilitate android compatibility issue detection. In 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE), pp. 878–888. Cited by: §I, §VII-B.
  • [48] H. Xia, Y. Zhang, Y. Zhou, X. Chen, Y. Wang, X. Zhang, S. Cui, G. Hong, X. Zhang, M. Yang, and Z. Yang (2020) How android developers handle evolution-induced api compatibility issues: a large-scale study. In Proceedings of the 42nd International Conference on Software Engineering (ICSE), pp. 886–898. Cited by: §VII-B.
  • [49] K. Xu, Y. Li, R. H. Deng, and K. Chen (2018)

    Deeprefiner: multi-layer android malware detection system applying deep neural networks

    .
    In Proceedings of 2018 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 473–487. Cited by: §II-A.
  • [50] T. Xu, X. Jin, P. Huang, Y. Zhou, S. Lu, L. Jin, and S. Pasupathy (2016) Early detection of configuration errors to reduce failure damage. In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pp. 619–634. Cited by: §I, §VII-A.
  • [51] T. Xu, J. Zhang, P. Huang, J. Zheng, T. Sheng, D. Yuan, Y. Zhou, and S. Pasupathy (2013) Do not blame users for misconfigurations. In Proceedings of the ACM SIGOPS 24th Symposium on Operating Systems Principles (SOSP), pp. 244–259. Cited by: §I, §VII-A.
  • [52] Z3 - an efficient theorem prover. Note: [EB/OL]https://z3prover.github.io/api/html/, 2021 Cited by: §IV-D, §IV-D.
  • [53] S. Zhang and M. D. Ernst (2013) Automated diagnosis of software configuration errors. In Proceedings of the 35th International Conference on Software Engineering (ICSE), pp. 312–321. Cited by: §VII-A.
  • [54] S. Zhang and M. D. Ernst (2014) Which configuration option should i change?. In Proceedings of the 36th International Conference on Software Engineering (ICSE), pp. 152–163. Cited by: §VII-A.
  • [55] S. Zhang and M. Ernst (2015) Proactive detection of inadequate diagnostic messages for software configuration errors. In Proceedings of the 2015 International Symposium on Software Testing and Analysis (ISSTA), pp. 12–23. Cited by: §VII-A.
  • [56] Y. Zhang, H. He, O. Legunsen, S. Li, W. Dong, and T. Xu (2021) An evolutionary study of configuration design and implementation in cloud systems. In Proceedings of the 43rd International Conference on Software Engineering (ICSE), pp. 188–200. Cited by: §VII-A.