MAD-API: Detection, Correction and Explanation of API Misuses in Distributed Android Applications

Abstract

Android API is evolving continuously, including API updates, deletion, addition and changes. Unfortunately, we find that the distributed Android applications (apps) often fail to keep pace with the API evolution. Specifically, the apps usually involve the APIs that are out of date, which potentially cause the apps or Android system to behave abnormally, leak sensitive information or crash down. We call this issue that making the Android phones unreliable as API misuse. To investigate the universality of this issue and detect the defective apps in the wild, we propose an automated framework MAD-API that consists of a detection method that identifies API misuses in apps and a recommendation method to trace the latest API status and correct the misuses. We implement MAD-API based on 13 Android versions, and evaluate it with the top 10,000 Android apps. According to the evaluation, 93.13% of the evaluated apps suffer from API misuse problems, and the total number of API misuses is 1,241,831. In addition, apps with larger size have more API misuses. Worst of all, some APIs are misused all the time. The results indicate that (1) the API misuse issue widely exists in distributed apps, (2) MAD-API is able to detect API misuses in Android apps effectively, and (3) MAD-API also help developers trace the defective APIs in their distributed apps conveniently and correct them immediately.