Security vulnerabilities in android applications

Montealegre, Crischell; Njuguna, Charles Rubia; Malik, Muhammad Imran; Hannay, Peter; McAteer, Ian Noel

doi:10.25958/5c5274d466691

Cited by 1 publication

(1 citation statement)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To each detected vulnerability a severity score (e.g., Critical in Listing 1) and a type (e.g., Runtime Command Checking in Listing 1) is assigned. It is worth noticing that we only collected vulnerabilities which are marked as Critical, Warning, or Notice by AndroBugs, as vulnerabilities with a Info categorization indicate that the specific issue was not found on the specific apk [59]. Some of the potential security weaknesses that the AndroBugs static analyzer is able to detect are related to: (i) SSL connections, implementation and certificate validation, (ii) WebView-and Fragment-related vulnerabilities, (iii) implicit intents, (iv) data storage, (v) KeyStore protection, (vi) Android Manifest settings, and (vii) entry points for command injection.…”

Section: Context Selection and Dataset Constructionmentioning

confidence: 99%

Exposed! A case study on the vulnerability-proneness of Google Play Apps

Sorbo

Panichella

2021

Empir Software Eng

View full text Add to dashboard Cite

Mobile applications are used for accomplishing everyday life activities, such as shopping, banking, and social communications. To leverage the features of mobile apps, users often need to share sensitive information. However, recent research demonstrated that most of such apps present critical security and privacy defects. In this context, we define as vulnerabilityproneness the risk level(s) that users meet in downloading specific apps, to better understand whether (1) users select apps with lower risk levels and if (2) vulnerability-proneness of an app might affect its success. We use as proxy to measure such risk level the "number of different types of potential security issues exhibited by the app". We conjecture that the vulnerabilityproneness levels may vary based on (i) the types of data handled by the app, and (ii) the operations for which the app is supposed to be used. Hence, we investigate how the vulnerability-proneness of apps varies when observing (i) different app categories, and (ii) apps with different success levels. Finally, to increase the awareness of both users and developers on the vulnerabilityproneness of apps, we evaluate the extent to which contextual information provided by the app market can be exploited to estimate the vulnerabilityproneness levels of mobile apps. Results of our study show that apps in the Medical category exhibit the lowest levels of vulnerability-proneness. Besides, while no strong relations between vulnerability-proneness and average rating are observed, apps with a higher number of downloads tend to have higher vulnerability-proneness levels, but lower vulnerability-proneness density. Fi-* Corresponding author.

show abstract

Section: Context Selection and Dataset Constructionmentioning

confidence: 99%