6 research outputs found
Determining and Detecting Permission Issues of Wearable Apps
Wearable apps are becoming increasingly popular. Nevertheless, to date, very few studies have examined the issues that wearable apps face. Prior studies showed that user reviews contain a plethora of insights that can be used to understand quality issues and help developers build better quality mobile apps.
Therefore, in this thesis, we start by empirically studying user reviews to understand the user complaints about wearable apps. We manually sample and categorize 2,667 reviews from 19 Android wearable apps. Additionally, we examine the replies posted by developers in response to user complaints. This study allows us to determine the type of complaints that developers care about the most and to identify problems that, despite being important to users, do not receive a proper response from developers.
We find that the most frequent complaints are related to Functional Errors, Cost, and Lack of Functionality, whereas the most negatively impacting complaints are related to Installation Problems, Device Compatibility, and Privacy & Ethical Issues. We find that developers mostly reply to complaints related to Privacy & Ethical Issues, Performance Issues, and notification-related issues. Furthermore, we observe that when developers reply, they tend to provide a solution, request more details, or let the user know that they are working on a solution. Our results highlight the issues that users face the most, and the issues to which developers should pay additional attention to due to their negative impact.
Based on these results from the first empirical study, we investigate the most negatively impactful complaints. We observe that mainly two permission problems are a common factor to raise issues that cause these complaints -namely the permission mismatch problem and the problem of superfluous features.
As a result, we propose a technique to detect permission problems in wearable app. To operationalize our technique we developed a tool, called Permlyzer, that automatically detects these two problems from Android APKs. We then perform an empirical study on of 2,724 free wearable apps. Our findings show that the permission mismatches exist in 6.1% of released apps on the app store. Moreover, we find that 19.2% of studded wearable apps contain superfluous features
Understanding the Helpfulness of Stale Bot for Pull-based Development: An Empirical Study of 20 Large Open-Source Projects
Pull Requests (PRs) that are neither progressed nor resolved clutter the list
of PRs, making it difficult for the maintainers to manage and prioritize
unresolved PRs. To automatically track, follow up, and close such inactive PRs,
Stale bot was introduced by GitHub. Despite its increasing adoption, there are
ongoing debates on whether using Stale bot alleviates or exacerbates the
problem of inactive PRs. To better understand if and how Stale bot helps
projects in their pull-based development workflow, we perform an empirical
study of 20 large and popular open-source projects. We find that Stale bot can
help deal with a backlog of unresolved PRs as the projects closed more PRs
within the first few months of adoption. Moreover, Stale bot can help improve
the efficiency of the PR review process as the projects reviewed PRs that ended
up merged and resolved PRs that ended up closed faster after the adoption.
However, Stale bot can also negatively affect the contributors as the projects
experienced a considerable decrease in their number of active contributors
after the adoption. Therefore, relying solely on Stale bot to deal with
inactive PRs may lead to decreased community engagement and an increased
probability of contributor abandonment.Comment: Manuscript submitted to ACM Transactions on Software Engineering and
Methodolog
Where to Go Now? Finding Alternatives for Declining Packages in the npm Ecosystem
Software ecosystems (e.g., npm, PyPI) are the backbone of modern software
developments. Developers add new packages to ecosystems every day to solve new
problems or provide alternative solutions, causing obsolete packages to decline
in their importance to the community. Packages in decline are reused less
overtime and may become less frequently maintained. Thus, developers usually
migrate their dependencies to better alternatives. Replacing packages in
decline with better alternatives requires time and effort by developers to
identify packages that need to be replaced, find the alternatives, asset
migration benefits, and finally, perform the migration.
This paper proposes an approach that automatically identifies packages that
need to be replaced and finds their alternatives supported with real-world
examples of open source projects performing the suggested migrations. At its
core, our approach relies on the dependency migration patterns performed in the
ecosystem to suggest migrations to other developers. We evaluated our approach
on the npm ecosystem and found that 96% of the suggested alternatives are
accurate. Furthermore, by surveying expert JavaScript developers, 67% of them
indicate that they will use our suggested alternative packages in their future
projects
Effective Dependency Management for the JavaScript Software Ecosystem
Open source software ecosystems are essential to software development. Developers depend on packages from the ecosystems to utilize their functionalities and avoid having to reinvent the wheel. On the one hand, this allows developers to write less code, increasing productivity, improving quality, and delivering more features. On the other hand, the package dependencies themselves must be maintained. The overhead starts with the process of selecting a quality package to use out of a large set of packages, going through updating the dependencies and avoiding breakage-inducing versions, ending with replacing obsolete dependencies and finding better alternatives. Neglecting the maintenance of the dependencies can have an expensive negative impact on the software quality. Hence, in this thesis, we propose facilitating the dependency management activities, encouraging developers to keep healthy dependencies in their projects.
We employ information extracted from the software ecosystem to help developers better manage their software dependencies. We first present an empirical study on the factors used by developers to select dependency packages from the npm software ecosystem. Next, we propose an approach that leverages tests from the ecosystems to help identify breakage-inducing versions, which increase developers' confidence in updating the dependencies and help them to make more informed decisions when they update dependencies. Also, we propose an approach to identify packages in decline as early as possible. The underlying rationale of our approach is that the decline in community interest leads to having packages used less over time, becoming less frequently maintained, and eventually, could become abandoned. Furthermore, we propose an approach to find alternatives to replace packages in decline. Finally, we empirically evaluated our approach and characterized the alternative packages