Determining and Detecting Permission Issues of Wearable Apps

Wearable apps are becoming increasingly popular. Nevertheless, to date, very few studies have examined the issues that wearable apps face. Prior studies showed that user reviews contain a plethora of insights that can be used to understand quality issues and help developers build better quality mobile apps. Therefore, in this thesis, we start by empirically studying user reviews to understand the user complaints about wearable apps. We manually sample and categorize 2,667 reviews from 19 Android wearable apps. Additionally, we examine the replies posted by developers in response to user complaints. This study allows us to determine the type of complaints that developers care about the most and to identify problems that, despite being important to users, do not receive a proper response from developers. We find that the most frequent complaints are related to Functional Errors, Cost, and Lack of Functionality, whereas the most negatively impacting complaints are related to Installation Problems, Device Compatibility, and Privacy & Ethical Issues. We find that developers mostly reply to complaints related to Privacy & Ethical Issues, Performance Issues, and notification-related issues. Furthermore, we observe that when developers reply, they tend to provide a solution, request more details, or let the user know that they are working on a solution. Our results highlight the issues that users face the most, and the issues to which developers should pay additional attention to due to their negative impact. Based on these results from the first empirical study, we investigate the most negatively impactful complaints. We observe that mainly two permission problems are a common factor to raise issues that cause these complaints -namely the permission mismatch problem and the problem of superfluous features. As a result, we propose a technique to detect permission problems in wearable app. To operationalize our technique we developed a tool, called Permlyzer, that automatically detects these two problems from Android APKs. We then perform an empirical study on of 2,724 free wearable apps. Our findings show that the permission mismatches exist in 6.1% of released apps on the app store. Moreover, we find that 19.2% of studded wearable apps contain superfluous features

Understanding the Helpfulness of Stale Bot for Pull-based Development: An Empirical Study of 20 Large Open-Source Projects

Pull Requests (PRs) that are neither progressed nor resolved clutter the list of PRs, making it difficult for the maintainers to manage and prioritize unresolved PRs. To automatically track, follow up, and close such inactive PRs, Stale bot was introduced by GitHub. Despite its increasing adoption, there are ongoing debates on whether using Stale bot alleviates or exacerbates the problem of inactive PRs. To better understand if and how Stale bot helps projects in their pull-based development workflow, we perform an empirical study of 20 large and popular open-source projects. We find that Stale bot can help deal with a backlog of unresolved PRs as the projects closed more PRs within the first few months of adoption. Moreover, Stale bot can help improve the efficiency of the PR review process as the projects reviewed PRs that ended up merged and resolved PRs that ended up closed faster after the adoption. However, Stale bot can also negatively affect the contributors as the projects experienced a considerable decrease in their number of active contributors after the adoption. Therefore, relying solely on Stale bot to deal with inactive PRs may lead to decreased community engagement and an increased probability of contributor abandonment.Comment: Manuscript submitted to ACM Transactions on Software Engineering and Methodolog

Where to Go Now? Finding Alternatives for Declining Packages in the npm Ecosystem

Software ecosystems (e.g., npm, PyPI) are the backbone of modern software developments. Developers add new packages to ecosystems every day to solve new problems or provide alternative solutions, causing obsolete packages to decline in their importance to the community. Packages in decline are reused less overtime and may become less frequently maintained. Thus, developers usually migrate their dependencies to better alternatives. Replacing packages in decline with better alternatives requires time and effort by developers to identify packages that need to be replaced, find the alternatives, asset migration benefits, and finally, perform the migration. This paper proposes an approach that automatically identifies packages that need to be replaced and finds their alternatives supported with real-world examples of open source projects performing the suggested migrations. At its core, our approach relies on the dependency migration patterns performed in the ecosystem to suggest migrations to other developers. We evaluated our approach on the npm ecosystem and found that 96% of the suggested alternatives are accurate. Furthermore, by surveying expert JavaScript developers, 67% of them indicate that they will use our suggested alternative packages in their future projects

Effective Dependency Management for the JavaScript Software Ecosystem

Open source software ecosystems are essential to software development. Developers depend on packages from the ecosystems to utilize their functionalities and avoid having to reinvent the wheel. On the one hand, this allows developers to write less code, increasing productivity, improving quality, and delivering more features. On the other hand, the package dependencies themselves must be maintained. The overhead starts with the process of selecting a quality package to use out of a large set of packages, going through updating the dependencies and avoiding breakage-inducing versions, ending with replacing obsolete dependencies and finding better alternatives. Neglecting the maintenance of the dependencies can have an expensive negative impact on the software quality. Hence, in this thesis, we propose facilitating the dependency management activities, encouraging developers to keep healthy dependencies in their projects. We employ information extracted from the software ecosystem to help developers better manage their software dependencies. We first present an empirical study on the factors used by developers to select dependency packages from the npm software ecosystem. Next, we propose an approach that leverages tests from the ecosystems to help identify breakage-inducing versions, which increase developers' confidence in updating the dependencies and help them to make more informed decisions when they update dependencies. Also, we propose an approach to identify packages in decline as early as possible. The underlying rationale of our approach is that the decline in community interest leads to having packages used less over time, becoming less frequently maintained, and eventually, could become abandoned. Furthermore, we propose an approach to find alternatives to replace packages in decline. Finally, we empirically evaluated our approach and characterized the alternative packages