API Compatibility Issues #13
Comments
|
Thank you for this feedback: it's very nice to have such analysis tools ! Thanks ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Dear developers,
We have recently developed a state-of-the-art static analysis tool for uncovering API compatibility issues in Android apps. Applying this tool to open source apps on F-droid, we have exposed a few instances of compatibility issues and submitting them to development teams for a fix.
For your app, we have found that this project has accessed the following APIs which are available only on an API level higher than the declared minSdkVersion and which are accessed without proper protection. In other words, if those APIs get called at runtime, it will trigger a NoSuchMethodError and thus result in a crash of the running application.
<org.json.JSONObject: java.lang.Object wrap(java.lang.Object)>:[19,25]
<java.lang.String: boolean isEmpty()>:[9,25]
<org.json.JSONArray: void (java.lang.Object)>:[19,25]
Note that, because of the nature of the static analysis, we cannot confirm whether the flagged APIs would actually be called at runtime (e.g., unreachable code). However, we still believe that those APIs, which may cause compatibility issues, should not be accessed or at least be accessed with proper protections.
In addition to the aforementioned APIs (i.e., backward-compatibility), which could cause app crashes if accessed, we have also identified that this project has also accessed some APIs that have been removed from the latest public SDK, making the app possibly suffer from forward-compatibility issues.
<org.apache.http.HttpResponse: org.apache.http.StatusLine getStatusLine()>:[1,22]
<org.apache.http.params.BasicHttpParams: void ()>:[1,22]
<org.apache.http.HttpResponse: org.apache.http.HttpEntity getEntity()>:[1,22]
<java.lang.reflect.Array: java.lang.Object newInstance(java.lang.Class,int[])>:[1,8]
<org.apache.http.HttpMessage: org.apache.http.Header[] getAllHeaders()>:[1,22]
<android.net.http.AndroidHttpClient: org.apache.http.conn.ClientConnectionManager getConnectionManager()>:[1,22]
<org.apache.http.client.methods.HttpPost: void (java.lang.String)>:[1,22]
<org.apache.http.client.HttpClient: org.apache.http.HttpResponse execute(org.apache.http.client.methods.HttpUriRequest)>:[1,22]
<org.apache.http.Header: java.lang.String getValue()>:[1,22]
<org.apache.http.protocol.HttpContext: void setAttribute(java.lang.String,java.lang.Object)>:[1,22]
<android.net.http.AndroidHttpClient: android.net.http.AndroidHttpClient newInstance(java.lang.String)>:[8,22]
<org.apache.http.client.HttpClient: org.apache.http.conn.ClientConnectionManager getConnectionManager()>:[1,22]
<android.net.http.AndroidHttpClient: org.apache.http.HttpResponse execute(org.apache.http.client.methods.HttpUriRequest)>:[1,22]
<org.apache.http.client.methods.HttpGet: void (java.lang.String)>:[1,22]
<org.apache.http.HttpEntity: java.io.InputStream getContent()>:[1,22]
<org.apache.http.message.BasicNameValuePair: void (java.lang.String,java.lang.String)>:[1,22]
<android.net.http.AndroidHttpClient: void close()>:[8,22]
<org.apache.http.HttpMessage: org.apache.http.Header[] getHeaders(java.lang.String)>:[1,22]
<org.apache.http.client.methods.HttpEntityEnclosingRequestBase: void setEntity(org.apache.http.HttpEntity)>:[1,22]
<org.apache.http.conn.ClientConnectionManager: void shutdown()>:[1,22]
<org.apache.http.impl.client.DefaultHttpClient: void (org.apache.http.params.HttpParams)>:[1,22]
<org.apache.http.protocol.BasicHttpContext: void ()>:[1,22]
<org.apache.http.client.entity.UrlEncodedFormEntity: void (java.util.List,java.lang.String)>:[1,22]
<org.apache.http.impl.client.BasicCookieStore: void ()>:[1,22]
We would be very much appreciated if you can acknowledge to us that those reported APIs are indeed problematic for the project’s long-term stability. please let us know if you need any more information relating to this issue report.
The text was updated successfully, but these errors were encountered: