Same App, Different Behaviors: Uncovering Device-specific Behaviors in Android Apps

The Android ecosystem faces a notable challenge known as fragmentation, whichdenotes the extensive diversity within the system. This issue is mainly relatedto differences in system versions, device hardware specifications, andcustomizations introduced by manufacturers. The growing divergence amongdevices leads to marked variations in how a given app behaves across diversedevices. This is referred to as device-specific behaviors. In this work, wepresent the first large-scale empirical study of device-specific behaviors inreal-world Android apps. We have designed a three-phase static analysisframework to accurately detect and understand the device-specific behaviors.Upon employing our tool on a dataset comprising more than 20,000 apps, wedetected device-specific behaviors in 2,357 of them. By examining thedistribution of device-specific behaviors, our analysis revealed that appswithin the Chinese third-party app market exhibit more relevant behaviorscompared to their counterparts in Google Play. Additionally, these behaviorsare more likely to feature dominant brands that hold larger market shares.Reflecting this, we have classified these device-specific behaviors into 29categories based on implemented functionalities, providing structured insightinto these behaviors. Beyond common behaviors like issue fixes and featureadaptations, we observed 33 aggressive apps, including popular ones withmillions of downloads, abusing system properties of customized ROMs to obtainuser-unresettable identifiers without requiring permission, substantiallyimpacting user privacy. Finally, we investigated the origins of device-specificbehaviors, revealing significant challenges developers face in implementingthem comprehensively. Our research sheds light on the promising but lesstouched research direction of device-specific behaviors, benefiting communitystakeholders.