MoonlightBox: mining Android API histories for uncovering release-time inconsistencies

Li Li, Tegawende Bissyande, Jacques Klein

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

7 Citations (Scopus)


In most of the approaches aiming at investigating Android apps, the release time of apps is not appropriately taken into account. Through three empirical studies, we demonstrate that the app release time is key for guaranteeing performance. Indeed, not considering time may result in serious threats to the validity of proposed approaches. Unfortunately, even approaches considering time could present some threats to validity when release times are erroneous. Symptoms of such erroneous release times appear in the form of inconsistencies with the APIs leveraged by the app. We present a tool called MoonlightBox for uncovering time inconsistencies by inferring the lower bound assembly time of a given app based on the used API lifetime information: any assembly time below this lower bound is considered as manipulated. We further perform several experiments and confirm that 1) over 7% of Android apps are subject to time inconsistency, 2) malicious apps are more likely to be targeted by time inconsistency, compared to benign apps, 3) time inconsistencies are favoured by some specific app lineages. We eventually revisit the three motivating empirical studies, leveraging MoonlightBox to compute a more realistic timeline of apps. The experimental results confirm that time indeed matters. The accuracy of release time is even crucial to achieve precise results.

Original languageEnglish
Title of host publicationProceedings - 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018
Subtitle of host publication15–18 October 2018 Memphis, Tennessee, USA
EditorsSudipto Ghosh, Roberto Natella, Bojan Cukic, Robin Poston, Nuno Laranjeiro
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Number of pages12
ISBN (Electronic)9781538683217
ISBN (Print)9781538683224
Publication statusPublished - 2018
EventInternational Symposium on Software Reliability Engineering 2018 - Memphis, United States of America
Duration: 15 Oct 201818 Oct 2018
Conference number: 29th


ConferenceInternational Symposium on Software Reliability Engineering 2018
Abbreviated titleISSRE 2018
CountryUnited States of America
Internet address


  • Android
  • API History
  • MoonlightBox
  • Release time Inconsistency

Cite this