Demystifying Application Performance Management Libraries for Android
The performance issues of apps can influence users’ satisfaction. Therefore, developers exploit application perfor- mance management (APM) tools to locate the potential perfor- mance bottleneck of their apps. Unfortunately, most developers do not understand how APMs monitor their apps during the runtime and whether these APMs have security risks (e.g., confidential data leakage). We demystify APMs by inspecting 25 widely-used APMs that target on Android apps. Currently, there is no systematic analysis of APMs in Android apps. In order to bridge this gap, we build a prototype tool, APMHunter, that can automatically detect the usages of APMs in Apps. We conduct a large-scale empirical study on 500,000 Android apps from Google Play to explore the usage patterns of APMs and discover the potential misuses of APMs. This study reveals our findings from two perspectives: 1) some APMs still employ deprecated permissions and approaches, which makes they cannot work as expected; 2) inappropriate APMs utilization can lead to privacy leakages. Thus, based on our research, we suggest that both APM vendors and developers should design and use APMs scrupulously.