B3 Non-refereed conference proceedings
Taxonomy of Security-related Issues in Android Apps : An Empirical Study (2024)


Das, T., Ali, A., & Mikkonen, T. (2024). Taxonomy of Security-related Issues in Android Apps : An Empirical Study. In R. Yedida, & T. Menzies (Eds.), RENE '24 : Proceedings of the 2024 Workshop on Replications and Negative Results (pp. 8-14). ACM. https://doi.org/10.1145/3695750.3695824


JYU authors or editors


Publication details

All authors or editorsDas, Teerath; Ali, Adam; Mikkonen, Tommi

Parent publicationRENE '24 : Proceedings of the 2024 Workshop on Replications and Negative Results

Parent publication editorsYedida, Rahul; Menzies, Tim

Place and date of conferenceSacramento, CA, USA27.10.-1.11.2024

eISBN979-8-4007-1270-8

Publication year2024

Publication date27/10/2024

Pages range8-14

Number of pages in the book22

PublisherACM

Place of PublicationNew York

Publication countryUnited States

Publication languageEnglish

DOIhttps://doi.org/10.1145/3695750.3695824

Publication open accessOpenly available

Publication channel open accessOpen Access channel

Publication is parallel published (JYX)https://jyx.jyu.fi/handle/123456789/98475

Additional informationPart of the ASE '24: 39th IEEE/ACM International Conference on Automated Software Engineering Workshops. Sacramento, CA, USA, 27 October 2024 - 1 November 2024.


Abstract

Smart applications (apps) have become the primary means of obtaining digital services in many aspects of our daily lives, such as health care, e-banking, online shopping, etc. With the growing number of smart apps being created, the likelihood of security vulnerabilities has increased significantly. Smartphone developers remain vigilant about security concerns during their mobile app development, installation, and maintenance. This paper presents a large-scale empirical study examining critical security issues in open-source Android apps obtained from GitHub. We analyzed 111,224 commits across 2,187 apps and identified 689 commits explicitly related to security issues. Additionally, we utilized the card-sorting approach to construct a taxonomy/catalog of ten distinct categories of security-related issues. According to our findings, the most frequent security-related problem in our dataset was related to permission issues, accounting for 370 instances (53.7%), followed by Login, with 160 instances, representing 23.22%. On the other hand, Privacy and Framework issues were less frequent, with only 5 (0.72%) and 3 (0.43%) instances, respectively, in our dataset. Moreover, our taxonomy also included 71 sub-categories/sub-themes, with permission issues having the highest number of sub-categories (23) and Framework issues with the lowest numbers (2). Developers discussed permission sub-categories, such as camera permission, WiFi permissions, storage permission, WRITE/READ_PHONE_STATE permission, and location permission, among others, in their code commits. The insights gained from our study provide a foundation for comprehending the primary security concerns from the viewpoints of both researchers and software practitioners.


Keywordsmobile appsdata securityvulnerabilityclassificationAndroidopen source code


Contributing organizations


Ministry reportingYes

VIRTA submission year2024


Last updated on 2024-20-11 at 20:05