Glucosio / glucosio-android

Glucosio Android App
GNU General Public License v3.0
338 stars 162 forks source link

Incompatible SDK API use which may cause crash to your APP #403

Open jay2013 opened 6 years ago

jay2013 commented 6 years ago

Hi Glucosio-android Developers, I develop a tool to detect incompatible SDK API use in android application. Today I use my tool to check Glucosio-android downloaded from F-Droid. My tool report many bugs. Although I believe most of them are real bugs, I cannot be 100% sure because I am not very familiar with Android developing. So please help to check it, it must be very helpful to your APP.

The attachment below is the bug report that my tool give. please help to double check! I also really hope to get your feedback. thank you!

[Supplementary explanation] There are totally two type of bug in the report. The first one is like this: "API called in method not in [list]", the list here are sdk levels, it means your app run under these SDK version can not call API because no such API in these sdk levels. Type two is like "API called in method no living level", it means your application can never reach this API use, so if these API uses are not in external library, you can remove it from your own code.

APIs or methods in our report are given in signature format like "<declaringType: returnType methodName(paramTypeList)>".

And finally, the reachable path is actually one possible call stack. it is always start from dummyMainMethod which is created by our tool. So you should read it from bottom to top.

Yes, many of these bugs seem to be in third-library codes. But it do cause problems in your app. Some third-library API say that they can only be run at specific SDK Level by using "@targetapi(Build.VERSION_CODES.N)", however, Application codes tend to ignore this warning.

Donejie He hedongjie@ict.ac.cn

org.glucosio.android_38.apk.report.txt

emartynov commented 6 years ago

Hey Donejie,

Thank you for the effort and sharing! Do you have an explanation how to read the report? F-Droid is super old version as well.

Kind Regards, Eugen

jay2013 commented 6 years ago

Hi Eugen, I will explain the bug format by using the following example, "BUG: <android.widget.ImageButton: void setOutlineProvider(android.view.ViewOutlineProvider)> called in <com.github.clans.fab.FloatingActionButton: android.graphics.drawable.Drawable l()><-1, -1> not in [16, 17, 18, 19] reachable path: --><com.github.clans.fab.FloatingActionButton: android.graphics.drawable.Drawable l()> --><com.github.clans.fab.FloatingActionButton: void c()> --><com.github.clans.fab.FloatingActionButton: void setElevation(float)> --><dummyMainClass: void dummyMainMethod(java.lang.String[])> " it means that method "setOutlineProvider" in class "android.widget.ImageButton" called in <com.github.clans.fab.FloatingActionButton: android.graphics.drawable.Drawable l()> is actually missing in SDK level 16 - 19. one possible path is that you call "<com.github.clans.fab.FloatingActionButton: void setElevation(float)>" and in this method, it call "<com.github.clans.fab.FloatingActionButton: void c()>", and then call "<com.github.clans.fab.FloatingActionButton: android.graphics.drawable.Drawable l()>" and finally call "<android.widget.ImageButton: void setOutlineProvider(android.view.ViewOutlineProvider)>".

Yes, all these methods call are seeming to be third library API call, but it do affect your app. some method name like 'l()' and 'void c()' maybe caused by code confusing technology by third-library.

best regards, Dongjie He