Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Characterizing Bugs in Login Processes of Android Applications: An Empirical Study

Zixu Zhou, Rufeng Chen, Junfeng Chen, Yepang Liu, Lili Wei

TL;DR

The paper tackles the problem of unreliable login processes in Android apps by conducting the first large-scale empirical study of login issues. It analyzes 361 issues from 44 popular open-source apps to identify root causes, symptoms, and trigger conditions, uncovering that most problems stem from improper handling of complex login state transitions. The authors propose a state-machine model of the login flow, demonstrate its utility for guiding targeted test cases and precise test oracles, and openly share a rich dataset to enable replication and further research. The work advances practical guidance for developers to model login processes and design tests that detect and prevent a broad spectrum of login failures, with implications for user experience and security. Overall, the study provides a rigorous framework and actionable artifacts to improve Android login reliability across diverse authentication methods and device environments.

Abstract

The login functionality, being the gateway to app usage, plays a critical role in both user experience and application security. As Android apps increasingly incorporate login functionalities, they support a variety of authentication methods with complicated login processes, catering to personalized user experiences. However, the complexities in managing different operations in login processes make it difficult for developers to handle them correctly. In this paper, we present the first empirical study of login issues in Android apps. We analyze 361 issues from 44 popular open-source Android repositories, examining the root causes, symptoms, and trigger conditions of these issues. Our findings indicate that the vast majority of the login issues are induced by the improper handling of complex state transitions during the login process, which can prevent users from logging in or misdirect them to incorrect subsequent actions. Additionally, we observed that issues related to this cause typically require the convergence of multiple trigger conditions to manifest. These findings can help developers to model the login processes which can help them to identify the causes of issues and design targeted test cases and precise test oracles. Our dataset has been made openly available to facilitate future research in this area.

Characterizing Bugs in Login Processes of Android Applications: An Empirical Study

TL;DR

The paper tackles the problem of unreliable login processes in Android apps by conducting the first large-scale empirical study of login issues. It analyzes 361 issues from 44 popular open-source apps to identify root causes, symptoms, and trigger conditions, uncovering that most problems stem from improper handling of complex login state transitions. The authors propose a state-machine model of the login flow, demonstrate its utility for guiding targeted test cases and precise test oracles, and openly share a rich dataset to enable replication and further research. The work advances practical guidance for developers to model login processes and design tests that detect and prevent a broad spectrum of login failures, with implications for user experience and security. Overall, the study provides a rigorous framework and actionable artifacts to improve Android login reliability across diverse authentication methods and device environments.

Abstract

The login functionality, being the gateway to app usage, plays a critical role in both user experience and application security. As Android apps increasingly incorporate login functionalities, they support a variety of authentication methods with complicated login processes, catering to personalized user experiences. However, the complexities in managing different operations in login processes make it difficult for developers to handle them correctly. In this paper, we present the first empirical study of login issues in Android apps. We analyze 361 issues from 44 popular open-source Android repositories, examining the root causes, symptoms, and trigger conditions of these issues. Our findings indicate that the vast majority of the login issues are induced by the improper handling of complex state transitions during the login process, which can prevent users from logging in or misdirect them to incorrect subsequent actions. Additionally, we observed that issues related to this cause typically require the convergence of multiple trigger conditions to manifest. These findings can help developers to model the login processes which can help them to identify the causes of issues and design targeted test cases and precise test oracles. Our dataset has been made openly available to facilitate future research in this area.

Paper Structure

This paper contains 49 sections, 4 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Android Authentication Methods
  4. States in the Login Process
  5. emprical study setup
  6. Data Collection
  7. Data Analysis
  8. Stage I Initial Categorization
  9. Stage II Extensive Categorization and Category Refinement
  10. Final Review and Consensus
  11. Empirical Study
  12. RQ1:Root Causes
  13. Login Flow Errors
  14. Improper Error State Handling
  15. Interference with Other State Machines
  16. ...and 34 more sections

Figures (4)

  • Figure 1: The process of dataset collection
  • Figure 2: State Machine for Login Process
  • Figure 3: Heatmap between Root Causes and Symptoms. Abbreviations: AMFB (Account Management Function Break), Crash (Crash), IEMD (Inaccurate Error Message Displayed), INF (Incorrect Navigation Flow), UIE(User Interface Error), CR(Credential Rejection), LDT(Login Delays or Timeout).
  • Figure 4: Heatmap between Trigger Conditions and Symptoms. Abbreviations: AMFB (Account Management Function Break),Crash (Crash), IEMD (Inaccurate Error Message Displayed), INF (Incorrect Navigation Flow), UIE(User Interface Error), CR(Credential Rejection), LDT(Login Delays or Timeout).