Same App, Different Behaviors: Uncovering Device-specific Behaviors in Android Apps
This program is tentative and subject to change.
The Android ecosystem is significantly challenged by fragmentation, arising from diverse system versions, device specifications, and manufacturer customizations. The growing divergence among devices leads to marked variations in how a given app behaves across diverse devices. This is referred to as device-specific behaviors. Fragmentation not only complicates development processes but also impacts the overall industry by increasing maintenance costs and potentially harming user experience due to inconsistent app performance. In this work, we present the first large-scale empirical study of device-specific behaviors in real-world Android apps. We have designed a three-phase static analysis framework to accurately detect and understand the device-specific behaviors. Upon employing our tool on a dataset comprising more than 20,000 apps, we detected device-specific behaviors in 2,357 of them. By examining the distribution of device-specific behaviors, our analysis revealed that apps within the Chinese third-party app market exhibit more such behaviors compared to their counterparts in Google Play. Additionally, these behaviors are more likely to feature dominant brands that hold larger market shares. Reflecting this, we have classified these device-specific behaviors into 29 categories based on the functionalities implemented, providing a structured insight that is crucial for developers and stakeholders in the industry. Beyond the common behaviors, such as issue fixes and feature adaptations, we have observed 33 aggressive apps, including popular ones with millions of downloads. These apps abuse system properties of customized ROMs to obtain user-unresettable identifiers without requiring any permissions, posing significant privacy risks. Finally, we investigated the origins of device-specific behaviors, highlighting the significant challenges developers encounter in implementing them comprehensively. Our research aims to inform and equip industry practitioners with knowledge to enhance user experience and user privacy, marking a critical step toward addressing the less touched yet vital aspect of device-specific behaviors in the Android ecosystem.
This program is tentative and subject to change.
Tue 29 OctDisplayed time zone: Pacific Time (US & Canada) change
13:30 - 15:00 | AndroidJournal-first Papers / Research Papers / Industry Showcase at Magnoila Chair(s): Ziyao He University of California, Irvine | ||
13:30 15mTalk | How Does Code Optimization Impact Third-party Library Detection for Android Applications? Research Papers Zifan Xie Huazhong University of Science and Technology, Ming Wen Huazhong University of Science and Technology, Tinghan Li Huazhong University of Science and Technology, Yiding Zhu Huazhong University of Science and Technology, Qinsheng Hou Shandong University; Qi An Xin Group Corp., Hai Jin Huazhong University of Science and Technology Media Attached | ||
13:45 15mTalk | MaskDroid: Robust Android Malware Detection with Masked Graph Representations Research Papers Jingnan Zheng National University of Singapore, Jiahao Liu National University of Singapore, An Zhang , Jun ZENG Huawei, Ziqi Yang Zhejiang University, Zhenkai Liang National University of Singapore, Tat-Seng Chua National University of Singapore | ||
14:00 15mTalk | A Longitudinal Analysis Of Replicas in the Wild Wild Android Research Papers Syeda Mashal Abbas Zaidi University of Waterloo, Shahpar Khan University of Waterloo, Parjanya Vyas University of Waterloo, Yousra Aafer University of Waterloo | ||
14:15 15mTalk | Android Malware Family Labeling: Perspectives from the Industry Industry Showcase Liu Wang Beijing University of Posts and Telecommunications, Haoyu Wang Huazhong University of Science and Technology, Tao Zhang Macau University of Science and Technology, Haitao Xu Zhejiang University, Guozhu Meng Institute of Information Engineering, Chinese Academy of Sciences, Peiming Gao MYbank, Ant Group, Chen Wei MYbank, Ant Group, Yi Wang | ||
14:30 15mTalk | DexBERT: Effective, Task-Agnostic and Fine-grained Representation Learning of Android Bytecode Journal-first Papers Tiezhu Sun University of Luxembourg, Kevin Allix Independent Researcher, Kisub Kim Singapore Management University, Singapore, Xin Zhou Singapore Management University, Singapore, Dongsun Kim Korea University, David Lo Singapore Management University, Tegawendé F. Bissyandé University of Luxembourg, Jacques Klein University of Luxembourg | ||
14:45 15mTalk | Same App, Different Behaviors: Uncovering Device-specific Behaviors in Android Apps Industry Showcase Zikan Dong Beijing University of Posts and Telecommunications, Yanjie Zhao Huazhong University of Science and Technology, Tianming Liu Monash Univerisity, Chao Wang University of Southern California, Guosheng Xu Beijing University of Posts and Telecommunications, Guoai Xu Harbin Institute of Technology, Shenzhen, Lin Zhang The National Computer Emergency Response Team/Coordination Center of China (CNCERT/CC), Haoyu Wang Huazhong University of Science and Technology |