B3 Non-refereed conference proceedings
Taxonomy of Security-related Issues in Android Apps : An Empirical Study (2024)
Das, T., Ali, A., & Mikkonen, T. (2024). Taxonomy of Security-related Issues in Android Apps : An Empirical Study. In R. Yedida, & T. Menzies (Eds.), RENE '24 : Proceedings of the 2024 Workshop on Replications and Negative Results (pp. 8-14). ACM. https://doi.org/10.1145/3695750.3695824
JYU authors or editors
Publication details
All authors or editors: Das, Teerath; Ali, Adam; Mikkonen, Tommi
Parent publication: RENE '24 : Proceedings of the 2024 Workshop on Replications and Negative Results
Parent publication editors: Yedida, Rahul; Menzies, Tim
Place and date of conference: Sacramento, CA, USA, 27.10.-1.11.2024
eISBN: 979-8-4007-1270-8
Publication year: 2024
Publication date: 27/10/2024
Pages range: 8-14
Number of pages in the book: 22
Publisher: ACM
Place of Publication: New York
Publication country: United States
Publication language: English
DOI: https://doi.org/10.1145/3695750.3695824
Publication open access: Openly available
Publication channel open access: Open Access channel
Publication is parallel published (JYX): https://jyx.jyu.fi/handle/123456789/98475
Additional information: Part of the ASE '24: 39th IEEE/ACM International Conference on Automated Software Engineering Workshops. Sacramento, CA, USA, 27 October 2024 - 1 November 2024.
Abstract
Smart applications (apps) have become the primary means of obtaining digital services in many aspects of our daily lives, such as health care, e-banking, online shopping, etc. With the growing number of smart apps being created, the likelihood of security vulnerabilities has increased significantly. Smartphone developers remain vigilant about security concerns during their mobile app development, installation, and maintenance. This paper presents a large-scale empirical study examining critical security issues in open-source Android apps obtained from GitHub. We analyzed 111,224 commits across 2,187 apps and identified 689 commits explicitly related to security issues. Additionally, we utilized the card-sorting approach to construct a taxonomy/catalog of ten distinct categories of security-related issues. According to our findings, the most frequent security-related problem in our dataset was related to permission issues, accounting for 370 instances (53.7%), followed by Login, with 160 instances, representing 23.22%. On the other hand, Privacy and Framework issues were less frequent, with only 5 (0.72%) and 3 (0.43%) instances, respectively, in our dataset. Moreover, our taxonomy also included 71 sub-categories/sub-themes, with permission issues having the highest number of sub-categories (23) and Framework issues with the lowest numbers (2). Developers discussed permission sub-categories, such as camera permission, WiFi permissions, storage permission, WRITE/READ_PHONE_STATE permission, and location permission, among others, in their code commits. The insights gained from our study provide a foundation for comprehending the primary security concerns from the viewpoints of both researchers and software practitioners.
Keywords: mobile apps; data security; vulnerability; classification; Android; open source code
Contributing organizations
Ministry reporting: Yes
VIRTA submission year: 2024