B3 Vertaisarvioimaton artikkeli konferenssijulkaisussa
Taxonomy of Security-related Issues in Android Apps : An Empirical Study (2024)
Das, T., Ali, A., & Mikkonen, T. (2024). Taxonomy of Security-related Issues in Android Apps : An Empirical Study. In R. Yedida, & T. Menzies (Eds.), RENE '24 : Proceedings of the 2024 Workshop on Replications and Negative Results (pp. 8-14). ACM. https://doi.org/10.1145/3695750.3695824
JYU-tekijät tai -toimittajat
Julkaisun tiedot
Julkaisun kaikki tekijät tai toimittajat: Das, Teerath; Ali, Adam; Mikkonen, Tommi
Emojulkaisu: RENE '24 : Proceedings of the 2024 Workshop on Replications and Negative Results
Emojulkaisun toimittajat: Yedida, Rahul; Menzies, Tim
Konferenssin paikka ja aika: Sacramento, CA, USA, 27.10.-1.11.2024
eISBN: 979-8-4007-1270-8
Julkaisuvuosi: 2024
Ilmestymispäivä: 27.10.2024
Artikkelin sivunumerot: 8-14
Kirjan kokonaissivumäärä: 22
Kustantaja: ACM
Kustannuspaikka: New York
Julkaisumaa: Yhdysvallat (USA)
Julkaisun kieli: englanti
DOI: https://doi.org/10.1145/3695750.3695824
Julkaisun avoin saatavuus: Avoimesti saatavilla
Julkaisukanavan avoin saatavuus: Kokonaan avoin julkaisukanava
Julkaisu on rinnakkaistallennettu (JYX): https://jyx.jyu.fi/handle/123456789/98475
Lisätietoja: Part of the ASE '24: 39th IEEE/ACM International Conference on Automated Software Engineering Workshops. Sacramento, CA, USA, 27 October 2024 - 1 November 2024.
Tiivistelmä
Smart applications (apps) have become the primary means of obtaining digital services in many aspects of our daily lives, such as health care, e-banking, online shopping, etc. With the growing number of smart apps being created, the likelihood of security vulnerabilities has increased significantly. Smartphone developers remain vigilant about security concerns during their mobile app development, installation, and maintenance. This paper presents a large-scale empirical study examining critical security issues in open-source Android apps obtained from GitHub. We analyzed 111,224 commits across 2,187 apps and identified 689 commits explicitly related to security issues. Additionally, we utilized the card-sorting approach to construct a taxonomy/catalog of ten distinct categories of security-related issues. According to our findings, the most frequent security-related problem in our dataset was related to permission issues, accounting for 370 instances (53.7%), followed by Login, with 160 instances, representing 23.22%. On the other hand, Privacy and Framework issues were less frequent, with only 5 (0.72%) and 3 (0.43%) instances, respectively, in our dataset. Moreover, our taxonomy also included 71 sub-categories/sub-themes, with permission issues having the highest number of sub-categories (23) and Framework issues with the lowest numbers (2). Developers discussed permission sub-categories, such as camera permission, WiFi permissions, storage permission, WRITE/READ_PHONE_STATE permission, and location permission, among others, in their code commits. The insights gained from our study provide a foundation for comprehending the primary security concerns from the viewpoints of both researchers and software practitioners.
YSO-asiasanat: mobiilisovellukset; tietoturva; haavoittuvuus; luokitus (toiminta); Android; avoin lähdekoodi
Liittyvät organisaatiot
OKM-raportointi: Kyllä
VIRTA-lähetysvuosi: 2024