B3 Vertaisarvioimaton artikkeli konferenssijulkaisussa
Taxonomy of Security-related Issues in Android Apps : An Empirical Study (2024)


Das, T., Ali, A., & Mikkonen, T. (2024). Taxonomy of Security-related Issues in Android Apps : An Empirical Study. In R. Yedida, & T. Menzies (Eds.), RENE '24 : Proceedings of the 2024 Workshop on Replications and Negative Results (pp. 8-14). ACM. https://doi.org/10.1145/3695750.3695824


JYU-tekijät tai -toimittajat


Julkaisun tiedot

Julkaisun kaikki tekijät tai toimittajatDas, Teerath; Ali, Adam; Mikkonen, Tommi

EmojulkaisuRENE '24 : Proceedings of the 2024 Workshop on Replications and Negative Results

Emojulkaisun toimittajatYedida, Rahul; Menzies, Tim

Konferenssin paikka ja aikaSacramento, CA, USA27.10.-1.11.2024

eISBN979-8-4007-1270-8

Julkaisuvuosi2024

Ilmestymispäivä27.10.2024

Artikkelin sivunumerot8-14

Kirjan kokonaissivumäärä22

KustantajaACM

KustannuspaikkaNew York

JulkaisumaaYhdysvallat (USA)

Julkaisun kielienglanti

DOIhttps://doi.org/10.1145/3695750.3695824

Julkaisun avoin saatavuusAvoimesti saatavilla

Julkaisukanavan avoin saatavuusKokonaan avoin julkaisukanava

Julkaisu on rinnakkaistallennettu (JYX)https://jyx.jyu.fi/handle/123456789/98475

LisätietojaPart of the ASE '24: 39th IEEE/ACM International Conference on Automated Software Engineering Workshops. Sacramento, CA, USA, 27 October 2024 - 1 November 2024.


Tiivistelmä

Smart applications (apps) have become the primary means of obtaining digital services in many aspects of our daily lives, such as health care, e-banking, online shopping, etc. With the growing number of smart apps being created, the likelihood of security vulnerabilities has increased significantly. Smartphone developers remain vigilant about security concerns during their mobile app development, installation, and maintenance. This paper presents a large-scale empirical study examining critical security issues in open-source Android apps obtained from GitHub. We analyzed 111,224 commits across 2,187 apps and identified 689 commits explicitly related to security issues. Additionally, we utilized the card-sorting approach to construct a taxonomy/catalog of ten distinct categories of security-related issues. According to our findings, the most frequent security-related problem in our dataset was related to permission issues, accounting for 370 instances (53.7%), followed by Login, with 160 instances, representing 23.22%. On the other hand, Privacy and Framework issues were less frequent, with only 5 (0.72%) and 3 (0.43%) instances, respectively, in our dataset. Moreover, our taxonomy also included 71 sub-categories/sub-themes, with permission issues having the highest number of sub-categories (23) and Framework issues with the lowest numbers (2). Developers discussed permission sub-categories, such as camera permission, WiFi permissions, storage permission, WRITE/READ_PHONE_STATE permission, and location permission, among others, in their code commits. The insights gained from our study provide a foundation for comprehending the primary security concerns from the viewpoints of both researchers and software practitioners.


YSO-asiasanatmobiilisovelluksettietoturvahaavoittuvuusluokitus (toiminta)Androidavoin lähdekoodi


Liittyvät organisaatiot


OKM-raportointiKyllä

VIRTA-lähetysvuosi2024


Viimeisin päivitys 2024-20-11 klo 20:05