Developer mistakes in writing Android manifests: an empirical study of configuration errors.

Each Android app must have an Android manifest file. It is one of the most important configuration files manually written by developers. In addition to various configuration parameters required to run an app, it also contains configuration parameters which are used to implement security, compatibility, and accessibility of an app. Any mistakes in writing the manifest file can cause serious implications in terms of security, reliability, and availability of an app. In this paper, we study and report different types of mistakes committed by developers in writing Android manifest files. The study was performed on 13,483 real-world Android apps. We also present an open source rule-based static analysis tool which detects developer mistakes in the manifest file. The tool generates a warning message if it detects any misconfigurations in the manifest file. We used the tool to perform the empirical study and it generated total 59,547 configuration errors in 11,110 apps. Only 2,373 apps, among studied apps, do not have any configuration errors.