Investigation of Security-related Commits in Android Apps

Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering Pub Date : 2023-06-14 DOI:10.1145/3593434.3593437

Teerath Das, Adam Ali, T. Mikkonen

{"title":"Investigation of Security-related Commits in Android Apps","authors":"Teerath Das, Adam Ali, T. Mikkonen","doi":"10.1145/3593434.3593437","DOIUrl":null,"url":null,"abstract":"The exponential increase in smartphone usage has fueled the rapid growth of Android applications (apps). Unfortunately, this growth has also resulted in an alarming rise in security vulnerabilities, posing a significant challenge for developers of smartphone apps. In this paper, we conducted a quantitative and qualitative study to analyze security-related issues in open-source Android apps available on GitHub. Our study included a total set of 689 security-related commits identified from 111,224 commits distributed over 2,187 apps. We proposed a taxonomy of ten distinct categories of security issues, which we identified using the card-sorting technique. Our findings showed that Permission issues were the most prevalent in our dataset (370, 53.7%), followed by Login issues (160, 23.22%). Issues such as Privacy (5, 0.72%) and Framework (3, 0.43%) were rare in our dataset. These preliminary findings serve as an initial step towards comprehending the primary security concerns from the perspective of both developers and researchers.","PeriodicalId":178596,"journal":{"name":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","volume":"84 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3593434.3593437","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The exponential increase in smartphone usage has fueled the rapid growth of Android applications (apps). Unfortunately, this growth has also resulted in an alarming rise in security vulnerabilities, posing a significant challenge for developers of smartphone apps. In this paper, we conducted a quantitative and qualitative study to analyze security-related issues in open-source Android apps available on GitHub. Our study included a total set of 689 security-related commits identified from 111,224 commits distributed over 2,187 apps. We proposed a taxonomy of ten distinct categories of security issues, which we identified using the card-sorting technique. Our findings showed that Permission issues were the most prevalent in our dataset (370, 53.7%), followed by Login issues (160, 23.22%). Issues such as Privacy (5, 0.72%) and Framework (3, 0.43%) were rare in our dataset. These preliminary findings serve as an initial step towards comprehending the primary security concerns from the perspective of both developers and researchers.

查看原文本刊更多论文

Android应用中安全相关提交的调查

智能手机使用的指数级增长推动了Android应用程序(app)的快速增长。不幸的是，这种增长也导致了安全漏洞的惊人增加，给智能手机应用程序的开发人员带来了重大挑战。在本文中，我们进行了定量和定性研究，分析GitHub上可用的开源Android应用程序的安全相关问题。我们的研究包括从分布在2187个应用程序上的111,224个提交中识别出的689个安全相关提交。我们提出了一个安全问题的十种不同类别的分类法，我们使用卡片分类技术来识别它们。我们的研究结果显示，权限问题在我们的数据集中最为普遍(370个，53.7%)，其次是登录问题(160个，23.22%)。隐私(5.0.72%)和框架(3.0.43%)等问题在我们的数据集中很少见。这些初步的发现可以作为从开发人员和研究人员的角度理解主要安全问题的第一步。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 27th International Conference on Evaluation and Assessment in Software Engineering

自引率

0.00%

发文量