Leave my Apps Alone! A Study on how Android Developers Access Installed Apps on User's DeviceBest Paper AwardTechnical Papers
To enable app interoperability, the Android platform exposes APIs that allow developers to query for the list of apps installed on a user’s device. These Installed Application Methods (IAMs) require no special authorization and it is known that information collected through these methods can be used to precisely deduce end-users interests and personal traits, thus raising privacy concerns.
In this paper we present a large-scale empirical study investigating the presence of IAMs in Android apps and their usage by Android developers. The study targets 14,342 free Android apps published in the Google Play Store and 7,886 open-source Android applications mined from GitHub. In our analysis, we first detect which apps employ IAMs. We then extracts information related to the fields accessed through these APIs. Finally, we check whether IAM calls are performed in the app’s own code or by an included third-party library. In addition to our analysis, we investigate whether developers are aware of the presence of IAMs in their apps by means of an online questionnaire.
Our results highlight that: (i) IAMs are widely used in commercial applications while their popularity is limited in open-source ones; (ii) in both open- and closed-source apps IAMs are mostly used in third-party libraries; (iii) more than one third of libraries that employ IAMs are advertisement libraries and roughly one other third are utility libraries; (iv) a small number of popular advertisement libraries account for over 33% of all usages of IAMs by third-party libraries; (v) developers are not always aware that their apps include IAMs calls, often introduced by enclosed third-party libraries.
Based on the collected data, we suggest some changes to the Android platform to deal with identified issues, provide recommendations to end-users and highlight directions for future research.
Tue 14 JulDisplayed time zone: (UTC) Coordinated Universal Time change
07:00 - 08:30 | Empirical Software EngineeringPaper Presentations / Technical Papers at MobileSoft Chair(s): Henry Muccini University of L'Aquila, Italy Virtualization chair: Ferdian Thung | ||
07:00 15m | Leave my Apps Alone! A Study on how Android Developers Access Installed Apps on User's DeviceBest Paper AwardTechnical Papers Technical Papers Gian Luca Scoccia University of L'Aquila, Ibrahim Kanj , Ivano Malavolta Vrije Universiteit Amsterdam, Kaveh Razavi ETH Zürich | ||
07:15 15m | Experimental Comparison of Features and Classifiers for Android Malware DetectionTechnical Papers Technical Papers Lwin Khin Shar Singapore Management University, Biniam Fisseha Demissie Fondazione Bruno Kessler, Mariano Ceccato University of Verona, Wei Minn Singapore Management University | ||
07:30 15m | Empirical Study on Code Smells in iOS ApplicationsTechnical Papers Technical Papers | ||
07:45 15m | Q&A - Empirical Software Engineering Paper Presentations | ||
08:00 30m | Discussion with Authors / Attendees Paper Presentations |