Taxonomy of Security-related Issues in Android Apps: An Empirical Study
Nowadays, smart applications (apps) have become the primary means of obtaining digital services in many aspects of our daily lives such as health care, e-banking, and online shopping etc. With the growing number of smart apps being created, the likelihood of security vulnerabilities has increased significantly. Smartphone developers remain vigilant about security concerns during the development, installation, and maintenance of their mobile apps. This research paper presents a large-scale study aimed at empirically examining critical security issues in open-source Android apps, obtained from the GitHub. We analyzed a total of 111,224 commits across 2,187 apps and identified 689 commits that were explicitly related to security issues. Additionally, we utilized the card-sorting approach to construct a taxonomy/catalogue of ten distinct categories of security-related issues. According to our findings, the most frequent security-related problem in our dataset was related to \textit{permission} issues, accounting for 370 instances (53.7%), followed by \textit{Login}, with 160 instances, representing 23.22%. On the other hand, \textit{Privacy} and \textit{Framework} issues were less frequent, with only 5 (0.72%) and 3 (0.43%) instances, respectively, in our dataset. Moreover, our taxonomy also included 71 sub-categories/sub-themes, with \textit{permission issues} having the highest number of sub-categories (23) and \textit{Framework issues} with the lowest numbers (2). Developers discussed \textit{permission} sub-categories, such as \textit{camera permission, WiFi permissions, storage permission, WRITE/READ_PHONE_STATE permission}, and \textit{location permission}, among others, in their code commits. The insights gained from our study provide a foundation for comprehending the primary security concerns from the viewpoints of both researchers and software practitioners.
Mon 28 OctDisplayed time zone: Pacific Time (US & Canada) change
10:30 - 12:00 | |||
10:30 10mTalk | Automatic Generation of Logical Specifications for Behavioural Models [Workshop] RENE | ||
10:40 20mTalk | Group Discussion [Workshop] RENE | ||
11:00 20mTalk | MorphQ++: A Reproducibility Study of Metamorphic Testing on Quantum Compilers [Workshop] RENE | ||
11:20 20mDay opening | RENE Track Opening Session [Workshop] RENE | ||
11:40 20mTalk | Taxonomy of Security-related Issues in Android Apps: An Empirical Study [Workshop] RENE Teerath Das University of Jyväskylä, Adam Ali Mohammad Ali JInnah University, Tommi Mikkonen University of Jyvaskyla |