Same App, Different Behaviors: Uncovering Device-specific Behaviors in Android Apps

The Android ecosystem faces a notable challenge known as fragmentation, which denotes the extensive diversity within the system. This issue is mainly related to differences in system versions, device hardware specifications, and customizations introduced by manufacturers. The growing divergence among devices leads to marked variations in how a given app behaves across diverse devices. This is referred to as device-specific behaviors. In this work, we present the first large-scale empirical study of device-specific behaviors in real-world Android apps. We have designed a three-phase static analysis framework to accurately detect and understand the device-specific behaviors. Upon employing our tool on a dataset comprising more than 20,000 apps, we detected device-specific behaviors in 2,357 of them. By examining the distribution of device-specific behaviors, our analysis revealed that apps within the Chinese third-party app market exhibit more relevant behaviors compared to their counterparts in Google Play. Additionally, these behaviors are more likely to feature dominant brands that hold larger market shares. Reflecting this, we have classified these device-specific behaviors into 29 categories based on implemented functionalities, providing structured insight into these behaviors. Beyond common behaviors like issue fixes and feature adaptations, we observed 33 aggressive apps, including popular ones with millions of downloads, abusing system properties of customized ROMs to obtain user-unresettable identifiers without requiring permission, substantially impacting user privacy. Finally, we investigated the origins of device-specific behaviors, revealing significant challenges developers face in implementing them comprehensively. Our research sheds light on the promising but less touched research direction of device-specific behaviors, benefiting community stakeholders.