Negative results on mining crypto-API usage rules in Android apps

Jun Gao, Pingfan Kong, Li Li, Tegawende F. Bissyande, Jacques Klein

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

26 Citations (Scopus)


Android app developers recurrently use crypto-APIs to provide data security to app users. Unfortunately, misuse of APIs only creates an illusion of security and even exposes apps to systematic attacks. It is thus necessary to provide developers with a statically-enforceable list of specifications of crypto-API usage rules. On the one hand, such rules cannot be manually written as the process does not scale to all available APIs. On the other hand, a classical mining approach based on common usage patterns is not relevant in Android, given that a large share of usages include mistakes. In this work, building on the assumption that 'developers update API usage instances to fix misuses', we propose to mine a large dataset of updates within about 40 000 real-world app lineages to infer API usage rules. Eventually, our investigations yield negative results on our assumption that API usage updates tend to correct misuses. Actually, it appears that updates that fix misuses may be unintentional: the same misuses patterns are quickly re-introduced by subsequent updates.

Original languageEnglish
Title of host publicationProceedings - 2019 IEEE/ACM 16th International Conference on Mining Software Repositories, MSR 2019
EditorsBram Adams, Sonia Haiduc
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Number of pages11
ISBN (Electronic)9781728134123
ISBN (Print)9781728133706
Publication statusPublished - 2019
EventIEEE International Working Conference on Mining Software Repositories 2019 - Montreal, Canada
Duration: 26 May 201927 May 2019
Conference number: 16th (Proceedings)


ConferenceIEEE International Working Conference on Mining Software Repositories 2019
Abbreviated titleMSR 2019
Internet address


  • Android
  • Cryptography
  • Rule mining

Cite this