Mobile App Security Trends and Topics: An Examination of Questions From Stack Overflow

arXiv - CS - Software Engineering Pub Date : 2024-09-12 DOI:arxiv-2409.07926

Timothy Huo, Ana Catarina Araújo, Jake Imanaka, Anthony Peruma, Rick Kazman

{"title":"Mobile App Security Trends and Topics: An Examination of Questions From Stack Overflow","authors":"Timothy Huo, Ana Catarina Araújo, Jake Imanaka, Anthony Peruma, Rick Kazman","doi":"arxiv-2409.07926","DOIUrl":null,"url":null,"abstract":"The widespread use of smartphones and tablets has made society heavily\nreliant on mobile applications (apps) for accessing various resources and\nservices. These apps often handle sensitive personal, financial, and health\ndata, making app security a critical concern for developers. While there is\nextensive research on software security topics like malware and\nvulnerabilities, less is known about the practical security challenges mobile\napp developers face and the guidance they seek. \\rev{In this study, we mine\nStack Overflow for questions on mobile app security, which we analyze using\nquantitative and qualitative techniques.} The findings reveal that Stack\nOverflow is a major resource for developers seeking help with mobile app\nsecurity, especially for Android apps, and identifies seven main categories of\nsecurity questions: Secured Communications, Database, App Distribution Service,\nEncryption, Permissions, File-Specific, and General Security. Insights from\nthis research can inform the development of tools, techniques, and resources by\nthe research and vendor community to better support developers in securing\ntheir mobile apps.","PeriodicalId":501278,"journal":{"name":"arXiv - CS - Software Engineering","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.07926","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The widespread use of smartphones and tablets has made society heavily reliant on mobile applications (apps) for accessing various resources and services. These apps often handle sensitive personal, financial, and health data, making app security a critical concern for developers. While there is extensive research on software security topics like malware and vulnerabilities, less is known about the practical security challenges mobile app developers face and the guidance they seek. \rev{In this study, we mine Stack Overflow for questions on mobile app security, which we analyze using quantitative and qualitative techniques.} The findings reveal that Stack Overflow is a major resource for developers seeking help with mobile app security, especially for Android apps, and identifies seven main categories of security questions: Secured Communications, Database, App Distribution Service, Encryption, Permissions, File-Specific, and General Security. Insights from this research can inform the development of tools, techniques, and resources by the research and vendor community to better support developers in securing their mobile apps.

查看原文本刊更多论文

移动应用程序安全趋势和主题：对 Stack Overflow 问题的研究

智能手机和平板电脑的广泛使用使社会高度依赖移动应用程序（App）来访问各种资源和服务。这些应用程序通常会处理敏感的个人、财务和健康数据，因此应用程序的安全性成为开发人员关注的焦点。虽然对恶意软件和漏洞等软件安全主题有广泛的研究，但对移动应用开发者面临的实际安全挑战和他们寻求的指导却知之甚少。\rev{在这项研究中，我们挖掘了Stack Overflow中有关移动应用安全的问题，并使用定量和定性技术对其进行了分析。｝研究结果表明，StackOverflow 是开发人员寻求移动应用程序安全帮助的主要资源，尤其是针对安卓应用程序，并确定了七大类安全问题：安全通信、数据库、应用程序分发服务、加密、权限、特定文件和一般安全。这项研究的启示可以为研究人员和供应商开发工具、技术和资源提供参考，从而更好地支持开发人员保护其移动应用程序的安全。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

arXiv - CS - Software Engineering

自引率

0.00%

发文量