A Comparative Study of Full Apps and Lite Apps for Android
Yutian Tang, Xiaojiang Du
TL;DR
This study addresses the relationship between lite Android apps and their full versions, motivated by software bloat and the need for debloating-aware tooling. It assembles 260 lite-full app pairs and performs a multi-faceted analysis—non-code and code similarity, app descriptions, permission/privacy policy consistency, performance, and feature coverage—using tools like AAPT, SimiDroid, PScout, FlowDroid, and Diffuse/LDA. Key findings show substantial component reuse but inconsistent permission usage and privacy policy alignment in lite apps, widespread introduction of dangerous permissions and new privacy leaks, and mixed performance outcomes where only about a quarter of lite apps improve across all metrics. The results highlight practical implications for debloating practices, security auditing, and guidance for developers aiming to design effective lite apps and app bundles.
Abstract
App developers aim to create apps that cater to the needs of different types of users. This development approach, also known as the "one-size-fits-all" strategy, involves combining various functionalities into one app. However, this approach has drawbacks, such as lower conversion rates, slower download speed, larger attack surfaces, and lower update rates. To address these issues, developers have created "lite" versions to attract new users and enhance the user experience. Despite this, there has been no study conducted to examine the relationship between lite and full apps. To address this gap, we present a comparative study of lite apps, exploring the similarities and differences between lite and full apps from various perspectives. Our findings indicate that most existing lite apps fail to fulfill their intended goals (e.g., smaller in size, faster to download, and using less data). Our study also reveals the potential security risks associated with lite apps.