Characterizing Bugs in Login Processes of Android Applications: An Empirical Study

TL;DR

This empirical study analyzes 361 login issues in Android apps, revealing that improper handling of complex state transitions often causes login failures and misdirections, providing insights for better testing and design.

Contribution

First empirical analysis of login issues in Android apps, identifying root causes and providing a dataset for future research.

Findings

Most login issues stem from improper handling of state transitions.

Issues often require multiple trigger conditions to manifest.

Findings aid in modeling login processes for improved testing.

Abstract

The login functionality, being the gateway to app usage, plays a critical role in both user experience and application security. As Android apps increasingly incorporate login functionalities, they support a variety of authentication methods with complicated login processes, catering to personalized user experiences. However, the complexities in managing different operations in login processes make it difficult for developers to handle them correctly. In this paper, we present the first empirical study of login issues in Android apps. We analyze 361 issues from 44 popular open-source Android repositories, examining the root causes, symptoms, and trigger conditions of these issues. Our findings indicate that the vast majority of the login issues are induced by the improper handling of complex state transitions during the login process, which can prevent users from logging in or misdirect them to incorrect subsequent actions. Additionally, we observed that issues related to this cause typically require the convergence of multiple trigger conditions to manifest. These findings can help developers to model the login processes which can help them to identify the causes of issues and design targeted test cases and precise test oracles. Our dataset has been made openly available to facilitate future research in this area.