Abstract
Because of functionality evolution, or security and performance-related changes, some APIs eventually become unnecessary in a software system and thus need to be cleaned to ensure proper maintainability. Those APIs are typically marked first as deprecated APIs and, as recommended, follow through a deprecated-replace-remove cycle, giving an opportunity to client application developers to smoothly adapt their code in next updates. Such a mechanism is adopted in the Android framework development where thousands of reusable APIs are made available to Android app developers. In this work, we present a research-based prototype tool called CDA and apply it to different revisions (i.e., releases or tags) of the Android framework code for characterising deprecated APIs. Based on the data mined by CDA, we then perform an empirical study on API deprecation in the Android ecosystem and the associated challenges for maintaining quality apps. In particular, we investigate the prevalence of deprecated APIs, their annotations and documentation, their removal and consequences, their replacement messages, developer reactions to API deprecation, as well as the evolution of the usage of deprecated APIs. Experimental results reveal several findings that further provide promising insights related to deprecated Android APIs. Notably, by mining the source code of the Android framework base, we have identified three bugs related to deprecated APIs. These bugs have been quickly assigned and positively appreciated by the framework maintainers, who claim that these issues will be updated in future releases.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
The issue IDs of the submitted bugs are 69105065, 69104762 and 69098890.
The online web service can be accessed via http://35.224.210.36/DAU/
commit: 54b6cfa9a9e5b861a9930af873580d6dc20f773c
There are no releases (or tags) for API levels 1-3, 11 and 12 while the API level 20 is reserved for wearable devices.
We hypothesise that these apps may be handled differently w.r.t. deprecated APIs compared to GPlay ones.
The full list of involved third-party markets includes AppChina, Anzhi, MI.com, 1Mobile, Angeeks, Slideme, F-Droid, Praguard, Torrents, Freewarelovers, Proandroid, Hiapk, Genome, APK_Bang.
By using gshuf — head -5000 command.
As footnoted before, the issue IDs of the submitted bugs are 69105065, 69104762 and 69098890, where the status of these issues so far are Fixed, Assigned and Assigned, respectively.
The actual time can be computed based on the released time of selected tags (e.g., android-7.0.0_r7 is released on 2016-08-23 while android-6.0.1_r9 is released on 2015-12-15).
Following the rules illustrated in Section 3.2.
Comment Message: This method is only used by a few internal components and it will soon be replaced by a proper bug report API (which will be restricted to a few, pre-defined apps).
In this experiment, only the APIs that are explicitly deprecated at the method level are considered. When deprecating APIs at the class level, i.e., deprecating classes, it will unlikely to provide replacement messages to their methods.
Declared class name, method name, and arguments.
We have appended zero to third-party markets (i.e., NGPlay) to balance the number of elements.
Given a significance level α = 0.001, if p-value < α, there is one chance in a thousand that the difference between the datasets is due to a coincidence.
In this work, we consider the common libraries revealed by Li et al. (2016a) as the white-list to flag whether a caller belongs to libraries. This white-list contains over 1,000 common libraries mined from over 1.5 million Android apps.
References
Allix K, Bissyandé TF, Klein J, Le Traon Y (2016) Androzoo: Collecting millions of android apps for the research community. In: 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR), IEEE, pp 468–471
Bagherzadeh M, Kahani N, Bezemer C-P, Hassan AE, Dingel J, Cordy JR (2017) Analyzing a decade of linux system calls. Empir Softw Eng, pp 1–33
Bavota G, Linares-Vasquez M, Bernal-Cardenas CE, Di Penta M, Oliveto R, Poshyvanyk D (2015) The impact of api change-and fault-proneness on the user ratings of android apps. IEEE Trans Softw Eng 41(4):384–407
Bogart C, Kästner C, Herbsleb J, Thung F (2016) How to break an api: cost negotiation and community values in three software ecosystems. In: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, ACM, pp 109–120
Brito A, Xavier L (2018a) Andre hora, and marco tulio valente. Why and how java developers break apis. arXiv:1801.05198
Brito G, Hora A, Valente MT, Robbes R (2016) Do developers deprecate apis with replacement messages? a large-scale analysis on java systems. In: 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER), vol 1. IEEE, pp 360–369
Brito G, Hora A, Valente MT, Robbes R (2018b) On the use of replacement messages in api deprecation: an empirical study. J Syst Softw 137:306–321
Chow K, Notkin D (1996) Semi-automatic update of applications in response to library changes. In: Icsm, vol 96. p 359
Coelho R, Almeida L, Gousios G, van Deursen A (2015) Unveiling exception handling bug hazards in android based on github and google code issues. In: 2015 IEEE/ACM 12th Working Conference on Mining Software Repositories (MSR), IEEE, pp 134–145
Cossette BE, Walker RJ (2012) Seeking the ground truth: a retroactive study on the evolution and migration of software libraries. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, ACM, p 55
Dagenais B, Robillard MP (2011) Recommending adaptive changes for framework evolution. ACM Transactions on Software Engineering and Methodology (TOSEM) 20 (4):19
Derr E, Bugiel S, Fahl S, Acar Y, Backes M (2017) Keep me updated: an empirical study of third-party library updatability on android. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, ACM, pp 2187–2200
Dig D, Johnson R (2005) The role of refactorings in api evolution. In: 2005. ICSM’05. Proceedings of the 21st IEEE International Conference on Software Maintenance, IEEE, pp 389–398
Dig D, Johnson R (2006) How do apis evolve? a story of refactoring. Journal of software maintenance and evolution: Research and Practice 18(2):83–107
Dig D, Manzoor K, Johnson R, Nguyen TN (2007) Refactoring-aware configuration management for object-oriented programs. In: Proceedings of the 29th International Conference on Software Engineering, IEEE Computer Society, pp 427–436
Dig D, Negara S, Johnson R, Mohindra V (2008) Reba: refactoringaware binary adaptation of evolving libraries. In: ICSE’08: Proceedings of the 30th International Conference on Software Engineering. Citeseer
Espinha T, Zaidman A, Gross H-G (2014) Web api growing pains: Stories from client developers and their code. In: 2014 Software Evolution week-IEEE Conference on Software Maintenance, Reengineering and Reverse Engineering (CSMR-WCRE), IEEE, pp 84–93
Gao J, Li L, Kong P, Bissyandé TF, Klein J (2018) On vulnerability evolution in android apps. In: The 40th International Conference on Software Engineering, Poster Track (ICSE 2018)
Gao J, Kong P, Li L, Bissyandé TF, Klein J (2019) Negative results on mining crypto-api usage rules in android apps. In: The 16th International Conference on Mining Software Repositories (MSR 2019)
Hecht G, Benomar O, Rouvoy R, Moha N, Duchien L (2015) Tracking the software quality of android applications along their evolution (t). In: 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE), IEEE, pp 236–247
Henkel J, Diwan A (2005) Catchup! capturing and replaying refactorings to support api evolution. In: 2005. ICSE 2005. Proceedings. 27th International Conference on Software Engineering, IEEE, pp 274–283
Hora A, Robbes R, Anquetil N, Etien A, Ducasse S, Valente MT (2015) How do developers react to api evolution? the pharo ecosystem case. In: 2015 IEEE International Conference on Software Maintenance and Evolution (ICSME), IEEE, pp 251–260
Hora A, Valente MT, Robbes R, Anquetil N (2016) When should internal interfaces be promoted to public?. In: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, ACM, pp 278–289
Hou D, Yao X (2011) Exploring the intent behind api evolution A case study. In: 2011 18th Working Conference on Reverse engineering (WCRE), IEEE, pp 131–140
Kapur P, Cossette B, Walker RJ (2010) Refactoring references for library migration, vol 45. ACM
Ko D, Ma K, Park S, Kim S, Kim D, Le Traon Y (2014) Api document quality for resolving deprecated apis. In: 2014 21st Asia-pacific Software Engineering Conference (APSEC), vol 2. IEEE, pp 27–30
Li L, Bartel A, Bissyandé TF, Klein J, Le Traon Y, Arzt S, Rasthofer S, Bodden E, Octeau D, Patrick M (2015) IccTA detecting inter-component privacy leaks in android Apps. In: Proceedings of the 37th International Conference on Software Engineering (ICSE 2015)
Li L, Bissyandé TF, Klein J, Le Traon Y (2016a) An investigation into the use of common libraries in android apps. In: The 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2016)
Li L, Bissyandé TF, Klein J, Le Traon Y (2016b) Parameter values of android APIs A preliminary study on 100,000 Apps. Proceedings of the 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2016)
Li L, Bissyandé TF, Le Traon Y, Klein J (2016c) Accessing inaccessible android apis: an empirical study. In: The 32nd International Conference on Software Maintenance and Evolution (ICSME 2016)
Li L, Gao J, Hurier M, Kong P, Bissyandé TF, Bartel A, Klein J, Le Traon Y (2017a) Androzoo++: Collecting millions of android apps and their metadata for the research community. arXiv:1709.05281
Li L, Li D, Bissyandé TF, Klein J, Le Traon Y, Lo D, Cavallaro L (2017b) Understanding android app piggybacking. A systematic study of malicious code grafting. IEEE Transactions on Information Forensics & Security (TIFS)
Li L, Bissyandé TF, Wang H, Klein J (2018a) Cid: Automating the detection of api-related compatibility issues in android apps. In: The ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2018)
Li L, Gao J, Bissyandé TF, Ma L, Xia X, Klein J (2018b) Characterising deprecated android apis. In: The 15th International Conference on Mining Software Repositories (MSR 2018)
Linares-Vásquez M, Bavota G, Di Penta M, Oliveto R, Poshyvanyk D (2014) How do api changes trigger stack overflow discussions? a study on the android sdk. In: proceedings of the 22nd International Conference on Program Comprehension, ACM, pp 83–94
McDonnell T, Ray B, Kim M (2013) An empirical study of api stability and adoption in the android ecosystem. In: 2013 29th IEEE International Conference on Software Maintenance (ICSM), IEEE, pp 70–79
Meng S, Wang X, Zhang L, Mei H (2012) A history-based matching approach to identification of framework evolution. In: 2012 34th International Conference on Software Engineering (ICSE), IEEE, pp 353–363
Monperrus M, Eichberg M, Tekes E, Mezini M (2012) What should developers be aware of? an empirical study on the directives of api documentation. Empir Softw Eng 17(6):703–737
Nita M, Notkin D (2010) Using twinning to adapt programs to alternative apis. In: 2010 ACM/IEEE 32nd International Conference on Software Engineering, vol 1. IEEE, pp 205–214
Palomba F, Linares-Vásquez M, Bavota G, Oliveto R, Di Penta M, Poshyvanyk D, De Lucia A (2018) Crowdsourcing user reviews to support the evolution of mobile apps. J Syst Softw 137:143–162
Perkins JH (2005) Automatically generating refactorings to support api evolution. In: ACM SIGSOFT Software Engineering Notes, vol 31. ACM, pp 111–114
Raemaekers S, van Deursen A, Visser J (2014) Semantic versioning versus breaking changes: A study of the maven repository. In: Proceedings of the 2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation, IEEE Computer Society, pp 215–224
Robbes R, Lungu M, Röthlisberger D (2012) How do developers react to api deprecation?: the case of a smalltalk ecosystem. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, ACM, p 56
Sawant AA, Robbes R, Bacchelli A (2016) On the reaction to deprecation of 25,357 clients of 4 + 1 popular java apis. In: 2016 IEEE International Conference on Software Maintenance and Evolution (ICSME), IEEE, pp 400–410
Sawant AA, Aniche M, van Deursen A, Bacchelli A (2018a) Understanding developers’ needs on deprecation as a language feature. In: 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE), IEEE, pp 561–571
Sawant AA, Huang G, Vilen G, Stojkovski S, Bacchelli A (2018b) Why are features deprecated? an investigation into the motivation behind deprecation. In: 2018 IEEE International conference on software maintenance and evolution (ICSME), IEEE, pp 13–24
Sawant AA, Robbes R, Bacchelli A (2018c) On the reaction to deprecation of clients of 4 + 1 popular java apis and the jdk. Empir Softw Eng 23(4):2158–2197
Štrobl R, Troníček Z (2013) Migration from deprecated api in java. In: Proceedings of the 2013 Companion Publication for Conference on Systems, Programming, & Applications: Software for Humanity, ACM, pp 85–86
Wang H, Guo Y, Ma Z, Chen X (2015) Wukong: A scalable and accurate two-phase approach to android app clone detection. In: Proceedings of the 2015 International Symposium on Software Testing and Analysis, ACM, pp 71–82
Wang H, Liu Z, Liang J, Vallina-Rodriguez N, Guo Y, Li L, Tapiador J, Cao J, Xu G (2018) Beyond google play: a large-scale comparative study of chinese android app markets. In: The 2018 Internet Measurement Conference (IMC 2018)
Wu W, Guéhéneuc Y-G, Antoniol G, Kim M (2010) Aura: a hybrid approach to identify framework evolution. In: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering-Volume 1, ACM, pp 325–334
Xing Z, Stroulia E (2007) Api-evolution support with diff-catchup. IEEE Trans Softw Eng 33(12):818–836
Yang X, Lo D, Li L, Xia X, Bissyandé TF, Klein J (2017) Characterizing malicious android apps by mining topic-specific data flow signatures. Information and Software Technology
Zhou J, Walker RJ (2016) Api deprecation: a retrospective analysis and detection method for code examples on the web. In: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, ACM, pp 266–277
Acknowledgements
The authors would like to thank the anonymous reviewers who have provided insightful and constructive comments to the conference version of this extension. This work was supported by the Australian Research Council (ARC), under projects DE200100016 and DP200100020, and by the Oceania Cyber Security Centre (OCSC), under the 2019 ICFP scheme.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by: Georgios Gousios, Yasutaka Kamei, Sarah Nadi, and Andy Zaidman
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article belongs to the Topical Collection: Mining Software Repositories (MSR)
Rights and permissions
About this article
Cite this article
Li, L., Gao, J., Bissyandé, T.F. et al. CDA: Characterising Deprecated Android APIs. Empir Software Eng 25, 2058–2098 (2020). https://doi.org/10.1007/s10664-019-09764-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10664-019-09764-z