A Systematical Study on Application Performance Management Libraries for Apps

TL;DR

This paper systematically analyzes 25 Android APM libraries, revealing their usage patterns, common misuses, and privacy risks through a large-scale empirical study involving 500,000 apps, and introduces the APMHunter framework.

Contribution

It provides the first comprehensive analysis of Android APM libraries, identifying misuse patterns and privacy issues, and offers a framework for exploring APM usage in apps.

Findings

Some APMs use deprecated permissions, reducing effectiveness.

Inappropriate APM use can lead to privacy leaks.

Many apps still employ outdated APM practices.

Abstract

Being able to automatically detect the performance issues in apps can significantly improve apps' quality as well as having a positive influence on user satisfaction. Application Performance Management (APM) libraries are used to locate the apps' performance bottleneck, monitor their behaviors at runtime, and identify potential security risks. Although app developers have been exploiting application performance management (APM) tools to capture these potential performance issues, most of them do not fully understand the internals of these APM tools and the effect on their apps. To fill this gap, in this paper, we conduct the first systematic study on APMs for apps by scrutinizing 25 widely-used APMs for Android apps and develop a framework named APMHunter for exploring the usage of APMs in Android apps. Using APMHunter, we conduct a large-scale empirical study on 500,000 Android apps to explore the usage patterns of APMs and discover the potential misuses of APMs. We obtain two major findings: 1) some APMs still employ deprecated permissions and approaches, which makes APMs fail to perform as expected; 2) inappropriate use of APMs can cause privacy leaks. Thus, our study suggests that both APM vendors and developers should design and use APMs scrupulously.