The implementation of the detection strategies strongly depends on the network libraries used by developers. To decide the libraries for which CONAN should provide support, we ran a survey investigating which libraries Android developers use to handle network requests. The survey has been designed to last at most 5 minutes to maximize the completion rate and it was structured as reported in Table I. We collected background information about participants (Q1 - Q4). If a participant answered “zero” to Q4 (i.e., no experience with native Android apps) the survey ended and the participant was excluded from the study (4 cases).

Q5 aimed to collect information about the libraries developers use to implement network requests in Android apps. We provided a predefined list of existing libraries, with the possibility of specifying additional libraries. The predefined list included, among others, well-known libraries such as: Retrofit, OkHttp, and Volley.

To avoid a leading answer bias, each participant was presented with a shuffled version of the predefined list. In addition, an option stating “I have never used an API for network request” was included.

Besides sharing the survey with developers from companies we know, it has also been shared in social media and within the Google Android developers group. We collected answers for two months, with a total of 98 participants that completed our survey from 41 countries (e.g., Germany, USA, Ukraine, etc.). On average, participants had ∼10 years of programming experience and ∼5 years of Android development experience. Regarding their job position, 7% of participants are B.Sc. students, 16% M.Sc. students, 2% Ph.D students, 1% Postdoc and 74% professional software engineers having different specializations (e.g., CTO, CoFounder, Developer, etc.).

The achieved results reported five libraries as the ones used by developers for network requests: (i) Retrofit, mentioned by 65 participants; (ii) OkHttp, 61 participants; (iii) HttpURLConnection, 23; (iv) Volley 20; and (v) Apache HTTP client, with 19 participants. Since from Android 6.0 Apache HTTP is no longer recommended and its employment has been discouraged by Google, we decided to excluded it from the final list of libraries to be supported in CONAN, thus including the first four listed by developers.

See the detailed results of the survey!