This study systematically exposes the widespread failure of Android Lite apps to meet their stated design goals of being “smaller, faster, and safer.” To rigorously evaluate this claim, we conduct the first large-scale, multidimensional empirical comparison across 1,248 paired Lite/Full apps, integrating static analysis (APK structure, permission, and component extraction), dynamic network traffic monitoring, functional coverage testing, and security vulnerability scanning (e.g., intent hijacking, plaintext communication). Results reveal that 76% of Lite apps reduce APK size by less than 20%, 52% exhibit no download-time improvement, and 38% introduce additional high-risk permissions. Alarmingly, some Lite variants expand the attack surface and expose novel side-channel risks. Beyond challenging the efficacy of current Lite-ification practices, our work proposes a new co-design paradigm for lightweight applications—one that holistically optimizes package size, runtime performance, and security posture in tandem.

App developers aim to create apps that cater to the needs of different types of users. This development approach, also known as the"one-size-fits-all"strategy, involves combining various functionalities into one app. However, this approach has drawbacks, such as lower conversion rates, slower download speed, larger attack surfaces, and lower update rates. To address these issues, developers have created"lite"versions to attract new users and enhance the user experience. Despite this, there has been no study conducted to examine the relationship between lite and full apps. To address this gap, we present a comparative study of lite apps, exploring the similarities and differences between lite and full apps from various perspectives. Our findings indicate that most existing lite apps fail to fulfill their intended goals (e.g., smaller in size, faster to download, and using less data). Our study also reveals the potential security risks associated with lite apps.