Treffer: Demystifying Android non-SDK APIs: measurement and understanding.

During the Android app development, the SDK is essential, which provides rich APIs to facilitate the implementations of functionalities. However, in the Android framework, there still exist plenty of non-SDK APIs that are not well documented. These non-SDK APIs can be invoked through unconventional ways, such as Java reflection. On the other hand, these APIs are not stable and may be changed or even removed in future Android versions, providing no guarantee for compatibility. From Android 9 (API level 28), Google began to strictly restrict the use of non-SDK APIs, and the corresponding checking mechanism has been integrated into the Android OS. In this work, we systematically study the use and design of Android non-SDK APIs. Notably, we propose four research questions covering the restriction mechanism, the present usage status, malicious usage, and the API list evolution. To answer these questions, we conducted a large-scale measurement based on over 200K apps and the source code of three recent Android versions. As a result, a series of exciting and valuable findings are obtained. For example, Google's restriction is not strong enough and can still be bypassed. Besides, app developers use only a tiny part of non-SDK APIs. Our work provides new knowledge to the research community and can help researchers improve the Android API designs. [ABSTRACT FROM AUTHOR]

Copyright of ICSE: International Conference on Software Engineering is the property of Association for Computing Machinery and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)