research-article

CDA: Characterising Deprecated Android APIs

Authors:

Tegawendé F. Bissyandé,

Jacques KleinAuthors Info & Claims

Empirical Software Engineering, Volume 25, Issue 3

Pages 2058 - 2098

https://doi.org/10.1007/s10664-019-09764-z

Published: 01 May 2020 Publication History

Abstract

Because of functionality evolution, or security and performance-related changes, some APIs eventually become unnecessary in a software system and thus need to be cleaned to ensure proper maintainability. Those APIs are typically marked first as deprecated APIs and, as recommended, follow through a deprecated-replace-remove cycle, giving an opportunity to client application developers to smoothly adapt their code in next updates. Such a mechanism is adopted in the Android framework development where thousands of reusable APIs are made available to Android app developers. In this work, we present a research-based prototype tool called CDA and apply it to different revisions (i.e., releases or tags) of the Android framework code for characterising deprecated APIs. Based on the data mined by CDA, we then perform an empirical study on API deprecation in the Android ecosystem and the associated challenges for maintaining quality apps. In particular, we investigate the prevalence of deprecated APIs, their annotations and documentation, their removal and consequences, their replacement messages, developer reactions to API deprecation, as well as the evolution of the usage of deprecated APIs. Experimental results reveal several findings that further provide promising insights related to deprecated Android APIs. Notably, by mining the source code of the Android framework base, we have identified three bugs related to deprecated APIs. These bugs have been quickly assigned and positively appreciated by the framework maintainers, who claim that these issues will be updated in future releases.

References

[1]

Allix K, Bissyandé TF, Klein J, Le Traon Y (2016) Androzoo: Collecting millions of android apps for the research community. In: 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR), IEEE, pp 468–471

[2]

Bagherzadeh M, Kahani N, Bezemer C-P, Hassan AE, Dingel J, Cordy JR (2017) Analyzing a decade of linux system calls. Empir Softw Eng, pp 1–33

[3]

Bavota G, Linares-Vasquez M, Bernal-Cardenas CE, Di Penta M, Oliveto R, and Poshyvanyk D The impact of api change-and fault-proneness on the user ratings of android apps IEEE Trans Softw Eng 2015 41 4 384-407

[4]

Bogart C, Kästner C, Herbsleb J, Thung F (2016) How to break an api: cost negotiation and community values in three software ecosystems. In: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, ACM, pp 109–120

[5]

Brito A, Xavier L (2018a) Andre hora, and marco tulio valente. Why and how java developers break apis. arXiv:1801.05198

[6]

Brito G, Hora A, Valente MT, Robbes R (2016) Do developers deprecate apis with replacement messages? a large-scale analysis on java systems. In: 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER), vol 1. IEEE, pp 360–369

[7]

Brito G, Hora A, Valente MT, and Robbes R On the use of replacement messages in api deprecation: an empirical study J Syst Softw 2018 137 306-321

[8]

Chow K, Notkin D (1996) Semi-automatic update of applications in response to library changes. In: Icsm, vol 96. p 359

[9]

Coelho R, Almeida L, Gousios G, van Deursen A (2015) Unveiling exception handling bug hazards in android based on github and google code issues. In: 2015 IEEE/ACM 12th Working Conference on Mining Software Repositories (MSR), IEEE, pp 134–145

[10]

Cossette BE, Walker RJ (2012) Seeking the ground truth: a retroactive study on the evolution and migration of software libraries. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, ACM, p 55

[11]

Dagenais B and Robillard MP Recommending adaptive changes for framework evolution ACM Transactions on Software Engineering and Methodology (TOSEM) 2011 20 4 19

[12]

Derr E, Bugiel S, Fahl S, Acar Y, Backes M (2017) Keep me updated: an empirical study of third-party library updatability on android. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, ACM, pp 2187–2200

[13]

Dig D, Johnson R (2005) The role of refactorings in api evolution. In: 2005. ICSM’05. Proceedings of the 21st IEEE International Conference on Software Maintenance, IEEE, pp 389–398

[14]

Dig D and Johnson R How do apis evolve? a story of refactoring Journal of software maintenance and evolution: Research and Practice 2006 18 2 83-107

[15]

Dig D, Manzoor K, Johnson R, Nguyen TN (2007) Refactoring-aware configuration management for object-oriented programs. In: Proceedings of the 29th International Conference on Software Engineering, IEEE Computer Society, pp 427–436

[16]

Dig D, Negara S, Johnson R, Mohindra V (2008) Reba: refactoringaware binary adaptation of evolving libraries. In: ICSE’08: Proceedings of the 30th International Conference on Software Engineering. Citeseer

[17]

Espinha T, Zaidman A, Gross H-G (2014) Web api growing pains: Stories from client developers and their code. In: 2014 Software Evolution week-IEEE Conference on Software Maintenance, Reengineering and Reverse Engineering (CSMR-WCRE), IEEE, pp 84–93

[18]

Gao J, Li L, Kong P, Bissyandé TF, Klein J (2018) On vulnerability evolution in android apps. In: The 40th International Conference on Software Engineering, Poster Track (ICSE 2018)

[19]

Gao J, Kong P, Li L, Bissyandé TF, Klein J (2019) Negative results on mining crypto-api usage rules in android apps. In: The 16th International Conference on Mining Software Repositories (MSR 2019)

[20]

Hecht G, Benomar O, Rouvoy R, Moha N, Duchien L (2015) Tracking the software quality of android applications along their evolution (t). In: 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE), IEEE, pp 236–247

[21]

Henkel J, Diwan A (2005) Catchup! capturing and replaying refactorings to support api evolution. In: 2005. ICSE 2005. Proceedings. 27th International Conference on Software Engineering, IEEE, pp 274–283

[22]

Hora A, Robbes R, Anquetil N, Etien A, Ducasse S, Valente MT (2015) How do developers react to api evolution? the pharo ecosystem case. In: 2015 IEEE International Conference on Software Maintenance and Evolution (ICSME), IEEE, pp 251–260

[23]

Hora A, Valente MT, Robbes R, Anquetil N (2016) When should internal interfaces be promoted to public?. In: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, ACM, pp 278–289

[24]

Hou D, Yao X (2011) Exploring the intent behind api evolution A case study. In: 2011 18th Working Conference on Reverse engineering (WCRE), IEEE, pp 131–140

[25]

Kapur P, Cossette B, Walker RJ (2010) Refactoring references for library migration, vol 45. ACM

[26]

Ko D, Ma K, Park S, Kim S, Kim D, Le Traon Y (2014) Api document quality for resolving deprecated apis. In: 2014 21st Asia-pacific Software Engineering Conference (APSEC), vol 2. IEEE, pp 27–30

[27]

Li L, Bartel A, Bissyandé TF, Klein J, Le Traon Y, Arzt S, Rasthofer S, Bodden E, Octeau D, Patrick M (2015) IccTA detecting inter-component privacy leaks in android Apps. In: Proceedings of the 37th International Conference on Software Engineering (ICSE 2015)

[28]

Li L, Bissyandé TF, Klein J, Le Traon Y (2016a) An investigation into the use of common libraries in android apps. In: The 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2016)

[29]

Li L, Bissyandé TF, Klein J, Le Traon Y (2016b) Parameter values of android APIs A preliminary study on 100,000 Apps. Proceedings of the 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2016)

[30]

Li L, Bissyandé TF, Le Traon Y, Klein J (2016c) Accessing inaccessible android apis: an empirical study. In: The 32nd International Conference on Software Maintenance and Evolution (ICSME 2016)

[31]

Li L, Gao J, Hurier M, Kong P, Bissyandé TF, Bartel A, Klein J, Le Traon Y (2017a) Androzoo++: Collecting millions of android apps and their metadata for the research community. arXiv:1709.05281

[32]

Li L, Li D, Bissyandé TF, Klein J, Le Traon Y, Lo D, Cavallaro L (2017b) Understanding android app piggybacking. A systematic study of malicious code grafting. IEEE Transactions on Information Forensics & Security (TIFS)

[33]

Li L, Bissyandé TF, Wang H, Klein J (2018a) Cid: Automating the detection of api-related compatibility issues in android apps. In: The ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2018)

[34]

Li L, Gao J, Bissyandé TF, Ma L, Xia X, Klein J (2018b) Characterising deprecated android apis. In: The 15th International Conference on Mining Software Repositories (MSR 2018)

[35]

Linares-Vásquez M, Bavota G, Di Penta M, Oliveto R, Poshyvanyk D (2014) How do api changes trigger stack overflow discussions? a study on the android sdk. In: proceedings of the 22nd International Conference on Program Comprehension, ACM, pp 83–94

[36]

McDonnell T, Ray B, Kim M (2013) An empirical study of api stability and adoption in the android ecosystem. In: 2013 29th IEEE International Conference on Software Maintenance (ICSM), IEEE, pp 70–79

[37]

Meng S, Wang X, Zhang L, Mei H (2012) A history-based matching approach to identification of framework evolution. In: 2012 34th International Conference on Software Engineering (ICSE), IEEE, pp 353–363

[38]

Monperrus M, Eichberg M, Tekes E, and Mezini M What should developers be aware of? an empirical study on the directives of api documentation Empir Softw Eng 2012 17 6 703-737

[39]

Nita M, Notkin D (2010) Using twinning to adapt programs to alternative apis. In: 2010 ACM/IEEE 32nd International Conference on Software Engineering, vol 1. IEEE, pp 205–214

[40]

Palomba F, Linares-Vásquez M, Bavota G, Oliveto R, Di Penta M, Poshyvanyk D, and De Lucia A Crowdsourcing user reviews to support the evolution of mobile apps J Syst Softw 2018 137 143-162

[41]

Perkins JH (2005) Automatically generating refactorings to support api evolution. In: ACM SIGSOFT Software Engineering Notes, vol 31. ACM, pp 111–114

[42]

Raemaekers S, van Deursen A, Visser J (2014) Semantic versioning versus breaking changes: A study of the maven repository. In: Proceedings of the 2014 IEEE 14th International Working Conference on Source Code Analysis and Manipulation, IEEE Computer Society, pp 215–224

[43]

Robbes R, Lungu M, Röthlisberger D (2012) How do developers react to api deprecation?: the case of a smalltalk ecosystem. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, ACM, p 56

[44]

Sawant AA, Robbes R, Bacchelli A (2016) On the reaction to deprecation of 25,357 clients of 4 + 1 popular java apis. In: 2016 IEEE International Conference on Software Maintenance and Evolution (ICSME), IEEE, pp 400–410

[45]

Sawant AA, Aniche M, van Deursen A, Bacchelli A (2018a) Understanding developers’ needs on deprecation as a language feature. In: 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE), IEEE, pp 561–571

[46]

Sawant AA, Huang G, Vilen G, Stojkovski S, Bacchelli A (2018b) Why are features deprecated? an investigation into the motivation behind deprecation. In: 2018 IEEE International conference on software maintenance and evolution (ICSME), IEEE, pp 13–24

[47]

Sawant AA, Robbes R, and Bacchelli A On the reaction to deprecation of clients of 4 + 1 popular java apis and the jdk Empir Softw Eng 2018 23 4 2158-2197

[48]

Štrobl R, Troníček Z (2013) Migration from deprecated api in java. In: Proceedings of the 2013 Companion Publication for Conference on Systems, Programming, & Applications: Software for Humanity, ACM, pp 85–86

[49]

Wang H, Guo Y, Ma Z, Chen X (2015) Wukong: A scalable and accurate two-phase approach to android app clone detection. In: Proceedings of the 2015 International Symposium on Software Testing and Analysis, ACM, pp 71–82

[50]

Wang H, Liu Z, Liang J, Vallina-Rodriguez N, Guo Y, Li L, Tapiador J, Cao J, Xu G (2018) Beyond google play: a large-scale comparative study of chinese android app markets. In: The 2018 Internet Measurement Conference (IMC 2018)

[51]

Wu W, Guéhéneuc Y-G, Antoniol G, Kim M (2010) Aura: a hybrid approach to identify framework evolution. In: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering-Volume 1, ACM, pp 325–334

[52]

Xing Z and Stroulia E Api-evolution support with diff-catchup IEEE Trans Softw Eng 2007 33 12 818-836

[53]

Yang X, Lo D, Li L, Xia X, Bissyandé TF, Klein J (2017) Characterizing malicious android apps by mining topic-specific data flow signatures. Information and Software Technology

[54]

Zhou J, Walker RJ (2016) Api deprecation: a retrospective analysis and detection method for code examples on the web. In: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, ACM, pp 266–277

Cited By

Yang SHou QLi SXu FDiao W(2025)From guidelines to practice: assessing Android app developer compliance with google’s security recommendationsEmpirical Software Engineering10.1007/s10664-024-10559-030:1Online publication date: 1-Feb-2025
https://dl.acm.org/doi/10.1007/s10664-024-10559-0
Oishwee SCodabux ZStakhanova N(2024)Decoding Android Permissions: A Study of Developer Challenges and Solutions on Stack OverflowProceedings of the 18th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement10.1145/3674805.3686676(143-153)Online publication date: 24-Oct-2024
https://dl.acm.org/doi/10.1145/3674805.3686676
Yan CMeng MXie FBai G(2024)Investigating Documented Privacy Changes in Android OSProceedings of the ACM on Software Engineering10.1145/36608261:FSE(2701-2724)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660826
Show More Cited By

Recommendations

Characterising deprecated Android APIs
MSR '18: Proceedings of the 15th International Conference on Mining Software Repositories

Because of functionality evolution, or security and performance-related changes, some APIs eventually become unnecessary in a software system and thus need to be cleaned to ensure proper maintainability. Those APIs are typically marked first as ...
API Document Quality for Resolving Deprecated APIs
APSEC '14: Proceedings of the 2014 21st Asia-Pacific Software Engineering Conference - Volume 02

Using deprecated APIs often results in security vulnerability or performance degradation. Thus, invocations to deprecated APIs should be immediately replaced by alternative APIs. To resolve deprecated APIs, most developers rely on API documents provided ...
Android Quick APIs Reference

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Empirical Software Engineering

Empirical Software Engineering Volume 25, Issue 3

May 2020

735 pages

ISSN:1382-3256

Issue’s Table of Contents

© Springer Science+Business Media, LLC, part of Springer Nature 2020.

Publisher

Kluwer Academic Publishers

United States

Publication History

Published: 01 May 2020

Author Tags

Qualifiers

Research-article

Funding Sources

Fonds National de la Recherche Luxembourg (LU)
Fonds National de la Recherche Luxembourg

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yang SHou QLi SXu FDiao W(2025)From guidelines to practice: assessing Android app developer compliance with google’s security recommendationsEmpirical Software Engineering10.1007/s10664-024-10559-030:1Online publication date: 1-Feb-2025
https://dl.acm.org/doi/10.1007/s10664-024-10559-0
Oishwee SCodabux ZStakhanova N(2024)Decoding Android Permissions: A Study of Developer Challenges and Solutions on Stack OverflowProceedings of the 18th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement10.1145/3674805.3686676(143-153)Online publication date: 24-Oct-2024
https://dl.acm.org/doi/10.1145/3674805.3686676
Yan CMeng MXie FBai G(2024)Investigating Documented Privacy Changes in Android OSProceedings of the ACM on Software Engineering10.1145/36608261:FSE(2701-2724)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660826
Barzolevskaia ABranca EStakhanova N(2024)Measuring and Characterizing (Mis)compliance of the Android Permission SystemIEEE Transactions on Software Engineering10.1109/TSE.2024.336292150:4(742-764)Online publication date: 12-Feb-2024
https://dl.acm.org/doi/10.1109/TSE.2024.3362921
Sun XChen XLiu YGrundy JLi LChandra SBlincoe KTonella P(2023)LazyCow: A Lightweight Crowdsourced Testing Tool for Taming Android FragmentationProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3613098(2127-2131)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3613098
Ma TZhao YLi LLiu LBissyandé TKlein JBird CSarro F(2023)CiD4HMOS: A Solution to HarmonyOS Compatibility IssuesProceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering10.1109/ASE56229.2023.00134(2006-2017)Online publication date: 11-Nov-2023
https://dl.acm.org/doi/10.1109/ASE56229.2023.00134
Cassieri PRomano SScanniello G(2023)On Deprecated API Usages: An Exploratory Study of Top-Starred Projects on GitHubProduct-Focused Software Process Improvement10.1007/978-3-031-49266-2_29(415-431)Online publication date: 11-Dec-2023
https://dl.acm.org/doi/10.1007/978-3-031-49266-2_29
Yang SLi RChen JDiao WGuo SDwyer MDamian DZeller A(2022)Demystifying Android non-SDK APIsProceedings of the 44th International Conference on Software Engineering10.1145/3510003.3510045(647-658)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1145/3510003.3510045
Huang KChen BPan LWu SPeng XGrundy J(2021)RepFinderProceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering10.1109/ASE51524.2021.9678905(266-278)Online publication date: 15-Nov-2021
https://dl.acm.org/doi/10.1109/ASE51524.2021.9678905
Li LGao JKong PWang HHuang MLi YBissyandé TGrundy JLe Goues CLo D(2020)KnowledgeZooClientProceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering10.1145/3417113.3422187(73-78)Online publication date: 21-Sep-2020
https://dl.acm.org/doi/10.1145/3417113.3422187

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents