MASTG-TEST-0245: References to Platform Version APIs
Content in BETA
This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).
Overview¶
This test verifies whether an app is running on a recent version of the Android operating system.
In Kotlin, Android apps can determine the OS version using the Build.VERSION.SDK_INT property, which returns the API level of the current system. By comparing it to a specific version constant, such as Build.VERSION_CODES.UPSIDE_DOWN_CAKE for Android 14 (API level 34), apps can conditionally execute code based on the OS version. In this example, "Upside Down Cake" is the internal codename for Android 14.
Android apps specify a minSdkVersion, which defines the oldest OS version they support. While a high minSdkVersion reduces the need for runtime version checks, dynamically verifying the OS version using Build.VERSION.SDK_INT remains beneficial. It allows apps to take advantage of newer, more secure features when available while maintaining backward compatibility.
Steps¶
- Use either Static Analysis on Android with a tool such as semgrep to identify APIs that check the version of the operating system.
Observation¶
The output should contain a list of locations where relevant APIs are used.
Evaluation¶
The test fails if the app does not include any API calls to verify the operating system version.