SwiftDependencyChecker: Detecting Vulnerable Dependencies Declared Through CocoaPods, Carthage and Swift PM (MOBILESoft 2022 - Tool Demos and Mobile Apps)

Who

Kristiina Rahkema, Dietmar Pfahl

Track

MOBILESoft 2022 Tool Demos and Mobile Apps

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Wed 18 May 2022 10:00 - 10:13 at MOBILESoft room - Session 5: Mobile App Qualit and Third-party Software + Closing Chair(s): Leonardo Mariani, Ali Ouni

Abstract

Vulnerable versions of third party libraries can remain a threat even after a security fix has been published. Developers are hesitant to update dependencies and could unknowingly depend on an outdated vulnerable library version. We developed SwiftDependencyChecker to make data from public vulnerability databases more accessible to Swift developers. SwiftDependencyChecker analyses dependencies declared through CocoaPods, Carthage and Swift PM, queries the NVD database, and shows warnings for used vulnerable library versions in Xcode. Preliminary evaluation of the tool showed that the vulnerability analysis is effective. General feedback from independent developers was encouraging with some improvement potential on performance for the initial analysis of a project.

Link to Preprint

https://drive.google.com/file/d/1zZUZplpSoFvpGcsCWDMvJpQXHuzSEnUd/view?usp=sharing

Kristiina Rahkema

University of Tartu

Estonia

Dietmar Pfahl

University of Tartu

Estonia

Video

Time Zone

The program is currently displayed in (GMT-04:00) Eastern Time (US & Canada).

Use conference time zone: (GMT-04:00) Eastern Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Wed 18 May
Displayed time zone: Eastern Time (US & Canada) change

10:00 - 11:30	Session 5: Mobile App Qualit and Third-party Software + ClosingTechnical Papers / Plenary / Student Research Competition / Tool Demos and Mobile Apps at MOBILESoft room Chair(s): Leonardo Mariani University of Milano-Bicocca, Ali Ouni ETS Montreal, University of Quebec

10:00 13m Paper		SwiftDependencyChecker: Detecting Vulnerable Dependencies Declared Through CocoaPods, Carthage and Swift PM Tool Demos and Mobile Apps Kristiina Rahkema University of Tartu, Dietmar Pfahl University of Tartu Pre-print Media Attached
10:13 8m Paper		Mobile GUI test script generation from natural language descriptions using pre-trained model Student Research Competition Chun Li Nanjing University
10:21 20m Paper		An empirical study of privacy labels on the Apple iOS mobile app store Technical Papers Gian Luca Scoccia University of L'Aquila, Marco Autili University of L'Aquila, Italy, Giovanni Stilo , Paola Inverardi University of L'Aquila Pre-print
10:41 20m Paper		Adoption of Third-party Libraries in Mobile Apps: A Case Study on Open-source Android Applications Technical Papers Aidan Polese , Yuan Tian Queens University, Kingston, Canada, Safwat Hassan Thompson Rivers University Pre-print
11:01 19m Other		Breakout rooms with the authors Plenary
11:20 10m Day closing		MOBILESoft Closing Plenary Leonardo Mariani University of Milano-Bicocca, Gemma Catolino Tilburg University & Jheronimus Academy of Data Science, Mei Nagappan University of Waterloo

Information for Participants

Wed 18 May 2022 10:00 - 11:30 at MOBILESoft room - Session 5: Mobile App Qualit and Third-party Software + Closing Chair(s): Leonardo Mariani, Ali Ouni

Info for room MOBILESoft room:

Click here to go to the room on Midspace