{"title":"KotlinDetector:了解在Android应用程序中使用Kotlin的含义","authors":"Fadi Mohsen, Loran Oosterhaven, F. Turkmen","doi":"10.1109/MobileSoft52590.2021.00018","DOIUrl":null,"url":null,"abstract":"Java programming language has been long used to develop native Android mobile applications. In the last few years many companies and freelancers have switched into using Kotlin partially or entirely. As such, many projects are released as binaries and employ a mix of Java and Kotlin language constructs. Yet, the true security and privacy implications of this shift have not been thoroughly studied. In this work, a state-of-the-art tool, KotlinDetector, is developed to directly extract any Kotlin presence, percentages, and numerous language features from Android Application Packages (APKs) by performing heuristic pattern scanning and invocation tracing. Our evaluation study shows that the tool is considerably efficient and accurate. We further provide a use case in which the output of the KotlinDetector is combined with the output of an existing vulnerability scanner tool called AndroBugs to infer any security and/or privacy implications.","PeriodicalId":257528,"journal":{"name":"2021 IEEE/ACM 8th International Conference on Mobile Software Engineering and Systems (MobileSoft)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"KotlinDetector: Towards Understanding the Implications of Using Kotlin in Android Applications\",\"authors\":\"Fadi Mohsen, Loran Oosterhaven, F. Turkmen\",\"doi\":\"10.1109/MobileSoft52590.2021.00018\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Java programming language has been long used to develop native Android mobile applications. In the last few years many companies and freelancers have switched into using Kotlin partially or entirely. As such, many projects are released as binaries and employ a mix of Java and Kotlin language constructs. Yet, the true security and privacy implications of this shift have not been thoroughly studied. In this work, a state-of-the-art tool, KotlinDetector, is developed to directly extract any Kotlin presence, percentages, and numerous language features from Android Application Packages (APKs) by performing heuristic pattern scanning and invocation tracing. Our evaluation study shows that the tool is considerably efficient and accurate. We further provide a use case in which the output of the KotlinDetector is combined with the output of an existing vulnerability scanner tool called AndroBugs to infer any security and/or privacy implications.\",\"PeriodicalId\":257528,\"journal\":{\"name\":\"2021 IEEE/ACM 8th International Conference on Mobile Software Engineering and Systems (MobileSoft)\",\"volume\":\"11 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE/ACM 8th International Conference on Mobile Software Engineering and Systems (MobileSoft)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MobileSoft52590.2021.00018\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE/ACM 8th International Conference on Mobile Software Engineering and Systems (MobileSoft)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MobileSoft52590.2021.00018","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
KotlinDetector: Towards Understanding the Implications of Using Kotlin in Android Applications
Java programming language has been long used to develop native Android mobile applications. In the last few years many companies and freelancers have switched into using Kotlin partially or entirely. As such, many projects are released as binaries and employ a mix of Java and Kotlin language constructs. Yet, the true security and privacy implications of this shift have not been thoroughly studied. In this work, a state-of-the-art tool, KotlinDetector, is developed to directly extract any Kotlin presence, percentages, and numerous language features from Android Application Packages (APKs) by performing heuristic pattern scanning and invocation tracing. Our evaluation study shows that the tool is considerably efficient and accurate. We further provide a use case in which the output of the KotlinDetector is combined with the output of an existing vulnerability scanner tool called AndroBugs to infer any security and/or privacy implications.