You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have recently developed a state-of-the-art static analysis tool for uncovering API compatibility issues in Android apps. Applying this tool to open source apps on F-droid, we have exposed a few instances of compatibility issues and submitting them to development teams for a fix.
For your app, we have found that this project has accessed the following APIs which are available only on an API level higher than the declared minSdkVersion and which are accessed without proper protection. In other words, if those APIs get called at runtime, it will trigger a NoSuchMethodError and thus result in a crash of the running application.
Note that, because of the nature of the static analysis, we cannot confirm whether the flagged APIs would actually be called at runtime (e.g., unreachable code). However, we still believe that those APIs, which may cause compatibility issues, should not be accessed or at least be accessed with proper protections.
In addition to the aforementioned APIs (i.e., backward-compatibility), which could cause app crashes if accessed, we have also identified that this project has also accessed some APIs that have been removed from the latest public SDK, making the app possibly suffer from forward-compatibility issues.
We would be very much appreciated if you can acknowledge to us that those reported APIs are indeed problematic for the project’s long-term stability. please let us know if you need any more information relating to this issue report.
The text was updated successfully, but these errors were encountered:
Dear developers,
We have recently developed a state-of-the-art static analysis tool for uncovering API compatibility issues in Android apps. Applying this tool to open source apps on F-droid, we have exposed a few instances of compatibility issues and submitting them to development teams for a fix.
For your app, we have found that this project has accessed the following APIs which are available only on an API level higher than the declared minSdkVersion and which are accessed without proper protection. In other words, if those APIs get called at runtime, it will trigger a NoSuchMethodError and thus result in a crash of the running application.
<android.preference.PreferenceFragment: void ()>:[11,25]
<android.app.Notification.Builder: android.app.Notification.Builder setContentText(java.lang.CharSequence)>:[11,25]
<android.app.Notification.Builder: android.app.Notification getNotification()>:[11,25]
<android.preference.PreferenceActivity: void loadHeadersFromResource(int,java.util.List)>:[11,25]
<android.preference.PreferenceFragment: android.preference.PreferenceScreen getPreferenceScreen()>:[11,25]
<android.app.Notification.Builder: void (android.content.Context)>:[11,25]
<android.app.Notification.Builder: android.app.Notification.Builder setDefaults(int)>:[11,25]
<android.preference.PreferenceFragment: void addPreferencesFromResource(int)>:[11,25]
<android.app.Fragment: void onCreate(android.os.Bundle)>:[11,25]
<android.app.Notification.Builder: android.app.Notification.Builder setContentIntent(android.app.PendingIntent)>:[11,25]
<android.app.Notification.Builder: android.app.Notification.Builder setAutoCancel(boolean)>:[11,25]
<android.preference.TwoStatePreference: void setChecked(boolean)>:[14,25]
<android.app.Notification.Builder: android.app.Notification.Builder setSmallIcon(int)>:[11,25]
<android.app.Notification.Builder: android.app.Notification.Builder setTicker(java.lang.CharSequence)>:[11,25]
<android.app.Notification.Builder: android.app.Notification.Builder setWhen(long)>:[11,25]
<android.view.View: void setSystemUiVisibility(int)>:[11,25]
<android.view.View: void setLayerType(int,android.graphics.Paint)>:[11,25]
<android.app.Notification.Builder: android.app.Notification.Builder setContentTitle(java.lang.CharSequence)>:[11,25]
Note that, because of the nature of the static analysis, we cannot confirm whether the flagged APIs would actually be called at runtime (e.g., unreachable code). However, we still believe that those APIs, which may cause compatibility issues, should not be accessed or at least be accessed with proper protections.
In addition to the aforementioned APIs (i.e., backward-compatibility), which could cause app crashes if accessed, we have also identified that this project has also accessed some APIs that have been removed from the latest public SDK, making the app possibly suffer from forward-compatibility issues.
<org.apache.http.HttpResponse: org.apache.http.StatusLine getStatusLine()>:[1,22]
<org.apache.http.message.AbstractHttpMessage: void setHeader(java.lang.String,java.lang.String)>:[1,22]
<org.apache.http.HttpEntity: long getContentLength()>:[1,22]
<org.apache.http.HttpResponse: org.apache.http.HttpEntity getEntity()>:[1,22]
<java.lang.reflect.Array: java.lang.Object newInstance(java.lang.Class,int[])>:[1,8]
<org.apache.http.HttpEntity: org.apache.http.Header getContentEncoding()>:[1,22]
<org.apache.http.auth.UsernamePasswordCredentials: java.lang.String getPassword()>:[1,22]
<org.apache.http.message.AbstractHttpMessage: org.apache.http.Header getFirstHeader(java.lang.String)>:[1,22]
<org.apache.http.client.methods.HttpRequestBase: java.net.URI getURI()>:[1,22]
<org.apache.http.auth.UsernamePasswordCredentials: void (java.lang.String,java.lang.String)>:[1,22]
<org.apache.http.auth.UsernamePasswordCredentials: java.lang.String getUserName()>:[1,22]
<org.apache.http.StatusLine: java.lang.String getReasonPhrase()>:[1,22]
<org.apache.http.Header: java.lang.String getValue()>:[1,22]
<android.net.http.AndroidHttpClient: android.net.http.AndroidHttpClient newInstance(java.lang.String)>:[8,22]
<android.net.http.AndroidHttpClient: org.apache.http.HttpResponse execute(org.apache.http.client.methods.HttpUriRequest)>:[1,22]
<org.apache.http.HttpEntity: org.apache.http.Header getContentType()>:[1,22]
<org.apache.http.HttpEntity: java.io.InputStream getContent()>:[1,22]
<org.apache.http.HttpMessage: org.apache.http.Header getFirstHeader(java.lang.String)>:[1,22]
<android.net.http.AndroidHttpClient: void close()>:[8,22]
<org.apache.http.message.AbstractHttpMessage: void setHeader(org.apache.http.Header)>:[1,22]
<org.apache.http.StatusLine: int getStatusCode()>:[1,22]
<org.apache.http.client.methods.HttpGet: void (java.net.URI)>:[1,22]
<org.apache.http.message.BasicHeader: void (java.lang.String,java.lang.String)>:[1,22]
We would be very much appreciated if you can acknowledge to us that those reported APIs are indeed problematic for the project’s long-term stability. please let us know if you need any more information relating to this issue report.
The text was updated successfully, but these errors were encountered: