ASE 2024
Sun 27 October - Fri 1 November 2024 Sacramento, California, United States
Mon 28 Oct 2024 11:40 - 12:00 at Carr - RENE Track Session

Nowadays, smart applications (apps) have become the primary means of obtaining digital services in many aspects of our daily lives such as health care, e-banking, and online shopping etc. With the growing number of smart apps being created, the likelihood of security vulnerabilities has increased significantly. Smartphone developers remain vigilant about security concerns during the development, installation, and maintenance of their mobile apps. This research paper presents a large-scale study aimed at empirically examining critical security issues in open-source Android apps, obtained from the GitHub. We analyzed a total of 111,224 commits across 2,187 apps and identified 689 commits that were explicitly related to security issues. Additionally, we utilized the card-sorting approach to construct a taxonomy/catalogue of ten distinct categories of security-related issues. According to our findings, the most frequent security-related problem in our dataset was related to \textit{permission} issues, accounting for 370 instances (53.7%), followed by \textit{Login}, with 160 instances, representing 23.22%. On the other hand, \textit{Privacy} and \textit{Framework} issues were less frequent, with only 5 (0.72%) and 3 (0.43%) instances, respectively, in our dataset. Moreover, our taxonomy also included 71 sub-categories/sub-themes, with \textit{permission issues} having the highest number of sub-categories (23) and \textit{Framework issues} with the lowest numbers (2). Developers discussed \textit{permission} sub-categories, such as \textit{camera permission, WiFi permissions, storage permission, WRITE/READ_PHONE_STATE permission}, and \textit{location permission}, among others, in their code commits. The insights gained from our study provide a foundation for comprehending the primary security concerns from the viewpoints of both researchers and software practitioners.

Mon 28 Oct

Displayed time zone: Pacific Time (US & Canada) change

10:30 - 12:00
RENE Track Session[Workshop] RENE at Carr
10:30
10m
Talk
Automatic Generation of Logical Specifications for Behavioural Models
[Workshop] RENE
Radoslaw Klimek AGH University of Krakow, Julia Witek AGH University of Krakow
10:40
20m
Talk
Group Discussion
[Workshop] RENE

11:00
20m
Talk
MorphQ++: A Reproducibility Study of Metamorphic Testing on Quantum Compilers
[Workshop] RENE
Linsey Kitt Iowa State University, Myra Cohen Iowa State University
11:20
20m
Day opening
RENE Track Opening Session
[Workshop] RENE

11:40
20m
Talk
Taxonomy of Security-related Issues in Android Apps: An Empirical Study
[Workshop] RENE
Teerath Das University of Jyväskylä, Adam Ali Mohammad Ali JInnah University, Tommi Mikkonen University of Jyvaskyla