One of the most common strategies to develop new software is to take advantage of existing source code, which is available in comprehensive packages called third-party libraries. As for all software systems, even these libraries change to offer new functionalities and fix bugs or security issues. The way the changes are propagated has been studied by researchers, interested in understanding their impact on the non-functional attributes of the systems source code. While the research community mainly focused on the change propagation phenomenon in the context of traditional applications, only little is known regarding the mobile context. In this paper, we aim at bridging this gap by conducting an empirical study on the evolution history of 291 mobile apps, by investigating (i) whether mobile developers actually update third-party libraries, (ii) which are the categories of libraries with respect to the developers' proneness to update their apps, (iii) what are the common patterns followed by developers when updating a software library, and (iv) whether high- and low-rated apps present peculiar update patterns. The results of the study showed that mobile developers rarely update their apps with respect to the used libraries, and when they do, they mainly tend to update the libraries related to the Graphical User Interface, with the aim of keeping the mobile apps updated with the latest design tendencies. In some cases developers ignore updates because of a poor awareness of the benefits, or a too high cost/benefit ratio. Finally, high- and low-rated apps present strong differences.
This work was presented at the IEEE/ACM International Conference on Program Comprehension (ICPC), May, 2018, Gothenburg, Sweden.
Do Developers Update Third-Party Libraries in Mobile Apps?
1. ICPC 2018
International Conference on
Program Comprehension
UNIVERSITÀ
DEGLI STUDI
DI SALERNO
Do Developers Update Third-Party Libraries in Mobile Apps? May 28th, 2018
Do Developers Update
Third-Party Libraries in Mobile Apps?
Pasquale Salza1, Fabio Palomba2, Dario Di Nucci3, Cosmo D’Uva4, Andrea De Lucia4, Filomena Ferrucci4
1USI Università della Svizzera italiana, 2University of Zurich,
3Vrije Universiteit Brussel, 4University of Salerno
1
2. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Third-party libraries
Crucial for the development
of software
Save the effort related to
the implementation of
complex functions
Very popular for mobile
apps
2
3. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Libraries are software as well
Need to evolve
The updates aim at
making them more
stable and reliable
3
4. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Why is updating important?
Apps have an intense and
continuous release cycle
The user experience is
fundamental
Users are the very testers
and decide the success of
an app
4
Bavota et al., The impact of API Change- and Fault-Proness on the User Rating of Android Apps. IEEE
Transactions on Software Engineering, 2015
5. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Is it always worth updating?
The public API may
change and require
development effort before
being updated
Stability and reliability are
not truly guaranteed
5
6. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Goals
How much is common to update a
library?
Which category of libraries are
updated the most?
Is there any common behaviour
that developers have in updating
libraries?
Can a library update be related to
the success of an app?
6
7. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Large Empirical Study
291 Android open source apps
40,000 reviews
300,000 commits
275 unique libraries
7
8. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Mining Process
F-Droid
Git Cloner
Release Miner
Gradle Parser
Local
Git Repository
commit 1
commit n
commit 2
build.gradle
build.gradle
build.gradle
Remote
Git Repository
Remote
Dependencies
Repositories
Use
Dependencies
Release
Dependencies
May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
8
9. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
F-Droid
Git Cloner
Releas
G
Remote
Git Repository
May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
F-Droid parsing
9
10. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Git Cloner
Local
Git Repository
commit 1
commit n
commit 2
build.gradl
build.gradl
build.gradl
Remote
Git Repository
May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Source code repository cloning
10
2014-12-01
2015-01-01
2015-02-01
2015-03-01
2015-04-01
2015-05-01
2015-06-01
2015-07-01
2015-08-01
2015-09-01
Date
11. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Gradle Parser
ry
commit 1
commit n
commit 2
build.gradle
build.gradle
build.gradle
Use
Dependencies
May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Gradle libraries parsing
2014-12-01
2015-01-01
2015-02-01
2015-03-01
2015-04-01
2015-05-01
2015-06-01
2015-07-01
2015-08-01
2015-09-01
Date
21.0.3
22.0.0
22.1.0
22.1.1
22.2.0
22.2.1
23.0.0
23.0.1
2014-12-01
2015-01-01
2015-02-01
2015-03-01
2015-04-01
2015-05-01
2015-06-01
2015-07-01
2015-08-01
2015-09-01
Date
Version
Type Use
11
12. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Git Cloner
Release Miner
Local
Git Repository
commit 1
commit n
commit 2
build.gradle
build.gradle
build.gradle
Remote
Dependencies
Repositories
Use
Dependencies
Release
Dependencies
May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Dependencies mining
21.0.3
22.0.0
22.1.0
22.1.1
22.2.0
22.2.1
23.0.0
23.0.1
2014-12-01
2015-01-01
2015-02-01
2015-03-01
2015-04-01
2015-05-01
2015-06-01
2015-07-01
2015-08-01
2015-09-01
Date
Version
Type Use
21.0.3
22.0.0
22.1.0
22.1.1
22.2.0
22.2.1
23.0.0
23.0.1
2014-12-01
2015-01-01
2015-02-01
2015-03-01
2015-04-01
2015-05-01
2015-06-01
2015-07-01
2015-08-01
2015-09-01
Date
Version
Type Release Use
12
13. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
21.0.3
22.0.0
22.1.0
22.1.1
22.2.0
22.2.1
23.0.0
23.0.1
2014-12-01
2015-01-01
2015-02-01
2015-03-01
2015-04-01
2015-05-01
2015-06-01
2015-07-01
2015-08-01
2015-09-01
Date
Version
Type Release Use
13
14. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Libraries popularity
The apps relies from 1 use
of third-party library to a
maximum of 35
The mean is about 4
libraries per app
14
15. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
RQ1
To what extent mobile
developers update the
version of the used third-
party libraries?
15
16. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
To update, or not to update
67% of libraries were used
but never updated during
the app development life
Only 2% of commits refers
to a version change
16
17. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Upgrade vs downgrade
Downgrades
25.95%
Upgrades
74.05%
May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
17
18. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Upgrade vs downgrade
Downgrades
25.95%
May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Anyone, any idea why the build
fails […] does maven need to be
updated too?!
18
19. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
RQ2
Which types of third-party
libraries are more and less
prone to be updated in
apps?
19
20. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Changed categories
Category Changes Upgrades Downgrades
Graphical User Interface 52.67% 75.12% 24.88%
Utilities 31.16% 73.43% 26.57%
HTTP 3.91% 63.33% 36.67%
Page Navigation 2.74% 57.14% 42.86%
JSON 1.96% 60.00% 40.00%
. . . . . . . . . . . .
Protocol Buffers 0.07% 100.00% 0.00%
Network 0.07% 100.00% 0.00%
Bug Fix 0.07% 100.00% 0.00%
Defect Detection 0.07% 100.00% 0.00%
Update com.android.recyclerview−v7
to get new fancy icons.
Update android.support to
have an environment
equivalent to the android
platform.
20
My 2 cents. This is an extreme
case, and it doesn't justify the
upgrade of the library.
21. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
RQ3
What types of update
patterns developers follow
when updating third-party
libraries?
21
22. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Open coding process
We distributed a total of 1126
library histories to 4 of the
authors (282 each)
22
23. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
5.0.1
5.1.0
5.1.1
5.1.2
6.0.0
6.1.0
7.0.0
7.0.1
8.0.0
2014-04-01
2014-05-01
2014-06-01
2014-07-01
2014-08-01
2014-09-01
2014-10-01
2014-11-01
2014-12-01
2015-01-01
2015-02-01
2015-03-01
2015-04-01
2015-05-01
2015-06-01
2015-07-01
2015-08-01
2015-09-01
2015-10-01
2015-11-01
2015-12-01
2016-01-01
2016-02-01
2016-03-01
2016-04-01
2016-05-01
Date
Version
Type Release UseDiligent
May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
13%
23
24. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Diligent
May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
!
!
!
13%
24
25. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
4.48
5.0
2013-11-01
2013-12-01
2014-01-01
2014-02-01
2014-03-01
2014-04-01
2014-05-01
2014-06-01
2014-07-01
2014-08-01
2014-09-01
2014-10-01
2014-11-01
2014-12-01
2015-01-01
2015-02-01
2015-03-01
2015-04-01
2015-05-01
2015-06-01
2015-07-01
2015-08-01
2015-09-01
2015-10-01
2015-11-01
2015-12-01
2016-01-01
2016-02-01
2016-03-01
2016-04-01
2016-05-01
2016-06-01
2016-07-01
2016-08-01
2016-09-01
Date
Version
Type Release UseIntroduced Once
May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
9%
25
26. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Introduced Once
☠
May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
9%
26
27. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.8.0
2.9.0
2.9.1
2.10.0
2.10.1
2.10.2
2.10.3
2.10.4
2.10.5
2.10.6
2.10.7
2.10.8
2.10.9
2.10.10
2.11.0
2015-01-01
2015-02-01
2015-03-01
2015-04-01
2015-05-01
2015-06-01
2015-07-01
2015-08-01
2015-09-01
Date
Version
Type Release UseJump Up
May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
13%
27
28. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Jump Up
May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
🕴
13%
28
29. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
19.0.0
19.0.1
19.1.0
20.0.0
21.0.0-rc1
21.0.0
21.0.2
21.0.3
22.0.0
22.1.0
22.1.1
22.2.0
22.2.1
23.0.0
2013-10-01
2013-11-01
2013-12-01
2014-01-01
2014-02-01
2014-03-01
2014-04-01
2014-05-01
2014-06-01
2014-07-01
2014-08-01
2014-09-01
2014-10-01
2014-11-01
2014-12-01
2015-01-01
2015-02-01
2015-03-01
2015-04-01
2015-05-01
2015-06-01
2015-07-01
2015-08-01
2015-09-01
Date
Version
Type Release UseJump Down
May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
<1%
29
30. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Jump Down
May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
🕺
☂
<1%
30
31. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
21.0.3
22.0.0
22.1.0
22.1.1
22.2.0
22.2.1
23.0.0
23.0.1
2014-12-01
2015-01-01
2015-02-01
2015-03-01
2015-04-01
2015-05-01
2015-06-01
2015-07-01
2015-08-01
2015-09-01
Date
Version
Type Release UseBack and Forth
May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
2%
31
32. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Back and Forth
May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
🏃
🏃
🏃
🏃
2%
32
33. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
RQ4
Are the update patterns
of high-rated and low-
rated apps different?
33
34. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
High and low rated apps
We classified the apps in two groups based on ratings
High rated: ≥ 3.5 ⭐
Low rated: < 3.5 ⭐
34
Khalid et al., What Do Mobile App Users Complain About? IEEE Software, 2015
35. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
High and low rated apps
Introduced Once
Diligent
Jump Up
Jump Down
Back and Forth
0% 25% 50% 75% 100%
21%
34%
78%
89%
30%
79%
66%
22%
11%
70%
Low High
35
36. May 28th, 2018Do Developers Update Third-Party Libraries in Mobile Apps?
ICPC 2018
Future directions
Extend the study to closed
source apps
Automatic upgrade suggestions
to avoid useless changes
Effort estimation in updating
libraries
36