Characterizing and Finding System Setting-Related Defects in Android Apps

Android, the most popular mobile system, offers a number of user-configurable system settings (e.g., network, location, and permission) for controlling devices and apps. Even popular, well-tested apps may fail to properly adapt their behaviors to diverse setting changes, thus frustrating their users...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on software engineering 2023-04, Vol.49 (4), p.1-23
Main Authors: Sun, Jingling, Su, Ting, Liu, Kai, Peng, Chao, Zhang, Zhao, Pu, Geguang, Xie, Tao, Su, Zhendong
Format: Article
Language:English
Subjects:
Airplanes
android apps
Applications programs
Automation
Codes
Correlation
Defects
Dynamic tests
Empirical analysis
Empirical study
Graphical user interfaces
GUI testing
Software development management
Static analysis
system settings
Testing
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites cdi_FETCH-LOGICAL-c245t-ce7f0860fdd5e985113c8261921b9b592f14e92cbf79c2d9d14bdcff16d731893
container_end_page 23
container_issue 4
container_start_page 1
container_title IEEE transactions on software engineering
container_volume 49
creator Sun, Jingling
Su, Ting
Liu, Kai
Peng, Chao
Zhang, Zhao
Pu, Geguang
Xie, Tao
Su, Zhendong
description Android, the most popular mobile system, offers a number of user-configurable system settings (e.g., network, location, and permission) for controlling devices and apps. Even popular, well-tested apps may fail to properly adapt their behaviors to diverse setting changes, thus frustrating their users. However, there exists no effort to systematically investigate such defects. To this end, we conduct the first large-scale empirical study to understand and characterize these system setting-related defects (in short as "setting defects"), which reside in apps and are triggered by system setting changes . We devote substantial manual effort ( over four person-months ) to analyze 1,074 setting defects from 180 popular apps on GitHub. We investigate the impact, root causes, and consequences of these setting defects and their correlations. We find that (1) setting defects have a wide impact on apps' correctness with diverse root causes, (2) the majority of these defects (\approx70.7%) cause non-crashing (logic) failures, and (3) some correlations exist between the setting categories, root causes, and consequences. Motivated and informed by these findings, we propose two bug-finding techniques that can synergistically detect setting defects from both the GUI and code levels. Specifically, at the GUI level, we design and introduce setting-wise metamorphic fuzzing , the first automated dynamic testing technique to detect setting defects (causing crash and non-crashing failures, respectively) for Android apps. We implement this technique as an end-to-end, automated GUI testing tool named SetDroid . At the code level, we distill two major fault patterns and implement a static analysis tool named SetChecker to identify potential setting defects. We evaluate SetDroid and SetChecker on 26 popular, open-source Android apps, and they find 48 unique, previously-unknown setting defects. To date, 35 have been confirmed and 21 have been fixed by app developers. We also apply SetDroid and SetChecker on five highly popular industrial apps, namely WeChat, QQMail, TikTok, CapCut, and AlipayHK, all of which each have billions of monthly active users. SetDroid successfully detects 17 previously unknown setting defects in these apps' latest releases, and all defects have been confirmed and fixed by the app vendors. After that, we collaborate with ByteDance and deploy these two bug-finding techniques internally to s
doi_str_mv 10.1109/TSE.2023.3236449
format article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1109_TSE_2023_3236449</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10064083</ieee_id><sourcerecordid>2803047482</sourcerecordid><originalsourceid>FETCH-LOGICAL-c245t-ce7f0860fdd5e985113c8261921b9b592f14e92cbf79c2d9d14bdcff16d731893</originalsourceid><addsrcrecordid>eNpNkD1PwzAQhi0EEqWwMzBEYk45fyX2WJUWKlVComW2EvsMqdok2O5Qfj2pysB070nPeyc9hNxTmFAK-mmznk8YMD7hjBdC6AsyoprrnEsGl2QEoFUupdLX5CbGLQDIspQjspx9VaGyCUPz07SfWdW6bNG07pTXx5hwn60xpWHN33FXJXTZM3q0KWZNm01bF7rGZdO-j7fkyle7iHd_c0w-FvPN7DVfvb0sZ9NVbpmQKbdYelAFeOckaiUp5VaxgmpGa11LzTwVqJmtfaktc9pRUTvrPS1cyanSfEwez3f70H0fMCaz7Q6hHV4apoCDKIViAwVnyoYuxoDe9KHZV-FoKJiTMDMIMydh5k_YUHk4VxpE_IdDIUBx_gsWr2Yl</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2803047482</pqid></control><display><type>article</type><title>Characterizing and Finding System Setting-Related Defects in Android Apps</title><source>IEEE Electronic Library (IEL) Journals</source><creator>Sun, Jingling ; Su, Ting ; Liu, Kai ; Peng, Chao ; Zhang, Zhao ; Pu, Geguang ; Xie, Tao ; Su, Zhendong</creator><creatorcontrib>Sun, Jingling ; Su, Ting ; Liu, Kai ; Peng, Chao ; Zhang, Zhao ; Pu, Geguang ; Xie, Tao ; Su, Zhendong</creatorcontrib><description>Android, the most popular mobile system, offers a number of user-configurable system settings (e.g., network, location, and permission) for controlling devices and apps. Even popular, well-tested apps may fail to properly adapt their behaviors to diverse setting changes, thus frustrating their users. However, there exists no effort to systematically investigate such defects. To this end, we conduct the first large-scale empirical study to understand and characterize these system setting-related defects (in short as "setting defects"), which reside in apps and are triggered by system setting changes . We devote substantial manual effort ( over four person-months ) to analyze 1,074 setting defects from 180 popular apps on GitHub. We investigate the impact, root causes, and consequences of these setting defects and their correlations. We find that (1) setting defects have a wide impact on apps' correctness with diverse root causes, (2) the majority of these defects (&lt;inline-formula&gt;&lt;tex-math notation="LaTeX"&gt;\approx&lt;/tex-math&gt;&lt;/inline-formula&gt;70.7%) cause non-crashing (logic) failures, and (3) some correlations exist between the setting categories, root causes, and consequences. Motivated and informed by these findings, we propose two bug-finding techniques that can synergistically detect setting defects from both the GUI and code levels. Specifically, at the GUI level, we design and introduce setting-wise metamorphic fuzzing , the first automated dynamic testing technique to detect setting defects (causing crash and non-crashing failures, respectively) for Android apps. We implement this technique as an end-to-end, automated GUI testing tool named SetDroid . At the code level, we distill two major fault patterns and implement a static analysis tool named SetChecker to identify potential setting defects. We evaluate SetDroid and SetChecker on 26 popular, open-source Android apps, and they find 48 unique, previously-unknown setting defects. To date, 35 have been confirmed and 21 have been fixed by app developers. We also apply SetDroid and SetChecker on five highly popular industrial apps, namely WeChat, QQMail, TikTok, CapCut, and AlipayHK, all of which each have billions of monthly active users. SetDroid successfully detects 17 previously unknown setting defects in these apps' latest releases, and all defects have been confirmed and fixed by the app vendors. After that, we collaborate with ByteDance and deploy these two bug-finding techniques internally to stress-test TikTok, one of its major app products. Within a two-month testing campaign, SetDroid successfully finds 53 setting defects, and SetChecker finds 22 ones. So far, 59 have been confirmed and 31 have been fixed. All these defects escaped from prior developer testing. By now, SetDroid has been integrated into ByteDance's official app testing infrastructure named FastBot for daily testing. These results demonstrate the strong effectiveness and practicality of our proposed techniques.</description><identifier>ISSN: 0098-5589</identifier><identifier>EISSN: 1939-3520</identifier><identifier>DOI: 10.1109/TSE.2023.3236449</identifier><identifier>CODEN: IESEDJ</identifier><language>eng</language><publisher>New York: IEEE</publisher><subject>Airplanes ; android apps ; Applications programs ; Automation ; Codes ; Correlation ; Defects ; Dynamic tests ; Empirical analysis ; Empirical study ; Graphical user interfaces ; GUI testing ; Software development management ; Static analysis ; system settings ; Testing</subject><ispartof>IEEE transactions on software engineering, 2023-04, Vol.49 (4), p.1-23</ispartof><rights>Copyright IEEE Computer Society 2023</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c245t-ce7f0860fdd5e985113c8261921b9b592f14e92cbf79c2d9d14bdcff16d731893</cites><orcidid>0000-0002-8437-0687 ; 0000-0001-9750-8334 ; 0000-0002-2970-1391 ; 0000-0003-1628-9796 ; 0000-0002-6090-4461 ; 0000-0003-2843-0689</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10064083$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,776,780,27903,27904,54774</link.rule.ids></links><search><creatorcontrib>Sun, Jingling</creatorcontrib><creatorcontrib>Su, Ting</creatorcontrib><creatorcontrib>Liu, Kai</creatorcontrib><creatorcontrib>Peng, Chao</creatorcontrib><creatorcontrib>Zhang, Zhao</creatorcontrib><creatorcontrib>Pu, Geguang</creatorcontrib><creatorcontrib>Xie, Tao</creatorcontrib><creatorcontrib>Su, Zhendong</creatorcontrib><title>Characterizing and Finding System Setting-Related Defects in Android Apps</title><title>IEEE transactions on software engineering</title><addtitle>TSE</addtitle><description>Android, the most popular mobile system, offers a number of user-configurable system settings (e.g., network, location, and permission) for controlling devices and apps. Even popular, well-tested apps may fail to properly adapt their behaviors to diverse setting changes, thus frustrating their users. However, there exists no effort to systematically investigate such defects. To this end, we conduct the first large-scale empirical study to understand and characterize these system setting-related defects (in short as "setting defects"), which reside in apps and are triggered by system setting changes . We devote substantial manual effort ( over four person-months ) to analyze 1,074 setting defects from 180 popular apps on GitHub. We investigate the impact, root causes, and consequences of these setting defects and their correlations. We find that (1) setting defects have a wide impact on apps' correctness with diverse root causes, (2) the majority of these defects (&lt;inline-formula&gt;&lt;tex-math notation="LaTeX"&gt;\approx&lt;/tex-math&gt;&lt;/inline-formula&gt;70.7%) cause non-crashing (logic) failures, and (3) some correlations exist between the setting categories, root causes, and consequences. Motivated and informed by these findings, we propose two bug-finding techniques that can synergistically detect setting defects from both the GUI and code levels. Specifically, at the GUI level, we design and introduce setting-wise metamorphic fuzzing , the first automated dynamic testing technique to detect setting defects (causing crash and non-crashing failures, respectively) for Android apps. We implement this technique as an end-to-end, automated GUI testing tool named SetDroid . At the code level, we distill two major fault patterns and implement a static analysis tool named SetChecker to identify potential setting defects. We evaluate SetDroid and SetChecker on 26 popular, open-source Android apps, and they find 48 unique, previously-unknown setting defects. To date, 35 have been confirmed and 21 have been fixed by app developers. We also apply SetDroid and SetChecker on five highly popular industrial apps, namely WeChat, QQMail, TikTok, CapCut, and AlipayHK, all of which each have billions of monthly active users. SetDroid successfully detects 17 previously unknown setting defects in these apps' latest releases, and all defects have been confirmed and fixed by the app vendors. After that, we collaborate with ByteDance and deploy these two bug-finding techniques internally to stress-test TikTok, one of its major app products. Within a two-month testing campaign, SetDroid successfully finds 53 setting defects, and SetChecker finds 22 ones. So far, 59 have been confirmed and 31 have been fixed. All these defects escaped from prior developer testing. By now, SetDroid has been integrated into ByteDance's official app testing infrastructure named FastBot for daily testing. These results demonstrate the strong effectiveness and practicality of our proposed techniques.</description><subject>Airplanes</subject><subject>android apps</subject><subject>Applications programs</subject><subject>Automation</subject><subject>Codes</subject><subject>Correlation</subject><subject>Defects</subject><subject>Dynamic tests</subject><subject>Empirical analysis</subject><subject>Empirical study</subject><subject>Graphical user interfaces</subject><subject>GUI testing</subject><subject>Software development management</subject><subject>Static analysis</subject><subject>system settings</subject><subject>Testing</subject><issn>0098-5589</issn><issn>1939-3520</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><recordid>eNpNkD1PwzAQhi0EEqWwMzBEYk45fyX2WJUWKlVComW2EvsMqdok2O5Qfj2pysB070nPeyc9hNxTmFAK-mmznk8YMD7hjBdC6AsyoprrnEsGl2QEoFUupdLX5CbGLQDIspQjspx9VaGyCUPz07SfWdW6bNG07pTXx5hwn60xpWHN33FXJXTZM3q0KWZNm01bF7rGZdO-j7fkyle7iHd_c0w-FvPN7DVfvb0sZ9NVbpmQKbdYelAFeOckaiUp5VaxgmpGa11LzTwVqJmtfaktc9pRUTvrPS1cyanSfEwez3f70H0fMCaz7Q6hHV4apoCDKIViAwVnyoYuxoDe9KHZV-FoKJiTMDMIMydh5k_YUHk4VxpE_IdDIUBx_gsWr2Yl</recordid><startdate>20230401</startdate><enddate>20230401</enddate><creator>Sun, Jingling</creator><creator>Su, Ting</creator><creator>Liu, Kai</creator><creator>Peng, Chao</creator><creator>Zhang, Zhao</creator><creator>Pu, Geguang</creator><creator>Xie, Tao</creator><creator>Su, Zhendong</creator><general>IEEE</general><general>IEEE Computer Society</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>JQ2</scope><scope>K9.</scope><orcidid>https://orcid.org/0000-0002-8437-0687</orcidid><orcidid>https://orcid.org/0000-0001-9750-8334</orcidid><orcidid>https://orcid.org/0000-0002-2970-1391</orcidid><orcidid>https://orcid.org/0000-0003-1628-9796</orcidid><orcidid>https://orcid.org/0000-0002-6090-4461</orcidid><orcidid>https://orcid.org/0000-0003-2843-0689</orcidid></search><sort><creationdate>20230401</creationdate><title>Characterizing and Finding System Setting-Related Defects in Android Apps</title><author>Sun, Jingling ; Su, Ting ; Liu, Kai ; Peng, Chao ; Zhang, Zhao ; Pu, Geguang ; Xie, Tao ; Su, Zhendong</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c245t-ce7f0860fdd5e985113c8261921b9b592f14e92cbf79c2d9d14bdcff16d731893</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Airplanes</topic><topic>android apps</topic><topic>Applications programs</topic><topic>Automation</topic><topic>Codes</topic><topic>Correlation</topic><topic>Defects</topic><topic>Dynamic tests</topic><topic>Empirical analysis</topic><topic>Empirical study</topic><topic>Graphical user interfaces</topic><topic>GUI testing</topic><topic>Software development management</topic><topic>Static analysis</topic><topic>system settings</topic><topic>Testing</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Sun, Jingling</creatorcontrib><creatorcontrib>Su, Ting</creatorcontrib><creatorcontrib>Liu, Kai</creatorcontrib><creatorcontrib>Peng, Chao</creatorcontrib><creatorcontrib>Zhang, Zhao</creatorcontrib><creatorcontrib>Pu, Geguang</creatorcontrib><creatorcontrib>Xie, Tao</creatorcontrib><creatorcontrib>Su, Zhendong</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Health &amp; Medical Complete (Alumni)</collection><jtitle>IEEE transactions on software engineering</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Sun, Jingling</au><au>Su, Ting</au><au>Liu, Kai</au><au>Peng, Chao</au><au>Zhang, Zhao</au><au>Pu, Geguang</au><au>Xie, Tao</au><au>Su, Zhendong</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Characterizing and Finding System Setting-Related Defects in Android Apps</atitle><jtitle>IEEE transactions on software engineering</jtitle><stitle>TSE</stitle><date>2023-04-01</date><risdate>2023</risdate><volume>49</volume><issue>4</issue><spage>1</spage><epage>23</epage><pages>1-23</pages><issn>0098-5589</issn><eissn>1939-3520</eissn><coden>IESEDJ</coden><abstract>Android, the most popular mobile system, offers a number of user-configurable system settings (e.g., network, location, and permission) for controlling devices and apps. Even popular, well-tested apps may fail to properly adapt their behaviors to diverse setting changes, thus frustrating their users. However, there exists no effort to systematically investigate such defects. To this end, we conduct the first large-scale empirical study to understand and characterize these system setting-related defects (in short as "setting defects"), which reside in apps and are triggered by system setting changes . We devote substantial manual effort ( over four person-months ) to analyze 1,074 setting defects from 180 popular apps on GitHub. We investigate the impact, root causes, and consequences of these setting defects and their correlations. We find that (1) setting defects have a wide impact on apps' correctness with diverse root causes, (2) the majority of these defects (&lt;inline-formula&gt;&lt;tex-math notation="LaTeX"&gt;\approx&lt;/tex-math&gt;&lt;/inline-formula&gt;70.7%) cause non-crashing (logic) failures, and (3) some correlations exist between the setting categories, root causes, and consequences. Motivated and informed by these findings, we propose two bug-finding techniques that can synergistically detect setting defects from both the GUI and code levels. Specifically, at the GUI level, we design and introduce setting-wise metamorphic fuzzing , the first automated dynamic testing technique to detect setting defects (causing crash and non-crashing failures, respectively) for Android apps. We implement this technique as an end-to-end, automated GUI testing tool named SetDroid . At the code level, we distill two major fault patterns and implement a static analysis tool named SetChecker to identify potential setting defects. We evaluate SetDroid and SetChecker on 26 popular, open-source Android apps, and they find 48 unique, previously-unknown setting defects. To date, 35 have been confirmed and 21 have been fixed by app developers. We also apply SetDroid and SetChecker on five highly popular industrial apps, namely WeChat, QQMail, TikTok, CapCut, and AlipayHK, all of which each have billions of monthly active users. SetDroid successfully detects 17 previously unknown setting defects in these apps' latest releases, and all defects have been confirmed and fixed by the app vendors. After that, we collaborate with ByteDance and deploy these two bug-finding techniques internally to stress-test TikTok, one of its major app products. Within a two-month testing campaign, SetDroid successfully finds 53 setting defects, and SetChecker finds 22 ones. So far, 59 have been confirmed and 31 have been fixed. All these defects escaped from prior developer testing. By now, SetDroid has been integrated into ByteDance's official app testing infrastructure named FastBot for daily testing. These results demonstrate the strong effectiveness and practicality of our proposed techniques.</abstract><cop>New York</cop><pub>IEEE</pub><doi>10.1109/TSE.2023.3236449</doi><tpages>23</tpages><orcidid>https://orcid.org/0000-0002-8437-0687</orcidid><orcidid>https://orcid.org/0000-0001-9750-8334</orcidid><orcidid>https://orcid.org/0000-0002-2970-1391</orcidid><orcidid>https://orcid.org/0000-0003-1628-9796</orcidid><orcidid>https://orcid.org/0000-0002-6090-4461</orcidid><orcidid>https://orcid.org/0000-0003-2843-0689</orcidid></addata></record>
fulltext fulltext
identifier ISSN: 0098-5589
ispartof IEEE transactions on software engineering, 2023-04, Vol.49 (4), p.1-23
issn 0098-5589
1939-3520
language eng
recordid cdi_crossref_primary_10_1109_TSE_2023_3236449
source IEEE Electronic Library (IEL) Journals
subjects Airplanes
android apps
Applications programs
Automation
Codes
Correlation
Defects
Dynamic tests
Empirical analysis
Empirical study
Graphical user interfaces
GUI testing
Software development management
Static analysis
system settings
Testing
title Characterizing and Finding System Setting-Related Defects in Android Apps
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-27T18%3A10%3A25IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Characterizing%20and%20Finding%20System%20Setting-Related%20Defects%20in%20Android%20Apps&rft.jtitle=IEEE%20transactions%20on%20software%20engineering&rft.au=Sun,%20Jingling&rft.date=2023-04-01&rft.volume=49&rft.issue=4&rft.spage=1&rft.epage=23&rft.pages=1-23&rft.issn=0098-5589&rft.eissn=1939-3520&rft.coden=IESEDJ&rft_id=info:doi/10.1109/TSE.2023.3236449&rft_dat=%3Cproquest_cross%3E2803047482%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c245t-ce7f0860fdd5e985113c8261921b9b592f14e92cbf79c2d9d14bdcff16d731893%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2803047482&rft_id=info:pmid/&rft_ieee_id=10064083&rfr_iscdi=true