Don't Mess with Bro's Cheese! An Empirical Study of Resource Conflict in Android Multi-window

The multi-window mode in Android has greatly improved productivity and usability by allowing multiple apps to run concurrently. However, alongside the advantages, such mode also introduces unforeseen risks in both functionality and security. In this work, we present the first systematic study to identify a previously unexplored class of issues, termed Multi-window Resource Conflicts (MRCs). Such conflicts occur when multiple app windows access the same system resource concurrently, potentially leading to crashes, functionality failures or unintended behaviors. To enhance the robustness and security of Android multi-window execution, we conduct a systematic and in-depth empirical study on the MRCs. We begin with a comprehensive root cause analysis, categorizing MRCs into three fundamental types based on their triggering patterns and affected resource states. To enable large-scale detection, we develop MRC-Detector, a static analysis framework that automatically identifies MRC issues in Android apps. Our manual verification confirms its high accuracy and effectiveness. We apply the MRC-Detector to the detection of over 150k real-world apps from F-droid and Google Play, uncovering the prevalence of MRC risks. Additionally, the distribution of MRC issues is analyzed in depth across multiple dimensions, including MRC type, APK size, app source and security classification. We further investigated the recognition and confirmation from developers and received 14 positive responses from vendors and project maintainers. Finally, comprehensive mitigation strategies are discussed. The materials of the study are available at: https://github.com/Huimilia/MRC.