Towards Understanding Android APIs: Official Lists, Vendor Customizations, and Real-World Usage

A team of six researchers has published a groundbreaking study revealing fundamental flaws in how Android app research is conducted. Their paper, 'Towards Understanding Android APIs: Official Lists, Vendor Customizations, and Real-World Usage,' presents the first in-depth empirical analysis of the four official Android API Lists (AALs) that researchers rely on as ground truth. By systematically comparing these lists across Android releases, the team discovered they are neither stable over time nor mutually consistent. These discrepancies directly lead to substantially different research outcomes, raising serious concerns about the validity and reproducibility of countless prior studies in Android security, performance, and compatibility.

The researchers quantified the real-world impact by analyzing API availability on nine different Android devices (including stock and vendor-customized systems like those from Samsung or Xiaomi) and examining API usage in 17,759 real-world apps, including open-source projects, commercial apps, and malware. A critical finding is that vendor-customized APIs are actively used by normal applications, yet remain almost entirely overlooked by the academic community. This creates a blind spot in understanding the true Android ecosystem. The study concludes that the choice of which AAL to use is not neutral and can skew research conclusions. The authors provide actionable suggestions to help future researchers select and interpret API lists more reliably, aiming to improve the rigor of Android software engineering research.