Short Paper: A Longitudinal Study of Financial Apps in the Google Play Store

Taylor, Vincent; Martinovic, Ivan

doi:10.1007/978-3-319-70972-7_16

Cited by 9 publications

(4 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some existing longitudinal studies use static analysis to study how apps across several categories [54], and finance apps in particular [53], change over time in terms of permission requests and security features and vulnerabilities, including HTTP(S) usage. Similarly, Book et al conduct a longitudinal analysis of ad libraries [15], but they focus only on permission usage.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions

Ren

Lindorfer

Dubois

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-Is mobile privacy getting better or worse over time? In this paper, we address this question by studying privacy leaks from historical and current versions of 512 popular Android apps, covering 7,665 app releases over 8 years of app version history. Through automated and scripted interaction with apps and analysis of the network traffic they generate on real mobile devices, we identify how privacy changes over time for individual apps and in aggregate. We find several trends that include increased collection of personally identifiable information (PII) across app versions, slow adoption of HTTPS to secure the information sent to other parties, and a large number of third parties being able to link user activity and locations across apps. Interestingly, while privacy is getting worse in aggregate, we find that the privacy risk of individual apps varies greatly over time, and a substantial fraction of apps see little change or even improvement in privacy. Given these trends, we propose metrics for quantifying privacy risk and for providing this risk assessment proactively to help users balance the risks and benefits of installing new versions of apps.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Moreover, most existing longitudinal studies infer privacy risks by using static analysis to monitor library usage and permission requests [12], [15], [53], [54]. In contrast, we detect actual PII transmitted in network traffic to other parties while an app is used.…”

Section: Introductionmentioning

confidence: 99%

Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions

Ren

Lindorfer

Dubois

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Complementary to what reported also by Gartner, recent research [5,80], conducted on popular apps handling sensitive user data (i.e., Financial and Health apps), demonstrated that the vast majority of mobile apps tend to suffer from security and/or privacy issues.…”

Section: Introductionmentioning

confidence: 65%

Exposed! A case study on the vulnerability-proneness of Google Play Apps

Sorbo

Panichella

2021

Empir Software Eng

View full text Add to dashboard Cite

Mobile applications are used for accomplishing everyday life activities, such as shopping, banking, and social communications. To leverage the features of mobile apps, users often need to share sensitive information. However, recent research demonstrated that most of such apps present critical security and privacy defects. In this context, we define as vulnerabilityproneness the risk level(s) that users meet in downloading specific apps, to better understand whether (1) users select apps with lower risk levels and if (2) vulnerability-proneness of an app might affect its success. We use as proxy to measure such risk level the "number of different types of potential security issues exhibited by the app". We conjecture that the vulnerabilityproneness levels may vary based on (i) the types of data handled by the app, and (ii) the operations for which the app is supposed to be used. Hence, we investigate how the vulnerability-proneness of apps varies when observing (i) different app categories, and (ii) apps with different success levels. Finally, to increase the awareness of both users and developers on the vulnerabilityproneness of apps, we evaluate the extent to which contextual information provided by the app market can be exploited to estimate the vulnerabilityproneness levels of mobile apps. Results of our study show that apps in the Medical category exhibit the lowest levels of vulnerability-proneness. Besides, while no strong relations between vulnerability-proneness and average rating are observed, apps with a higher number of downloads tend to have higher vulnerability-proneness levels, but lower vulnerability-proneness density. Fi-* Corresponding author.

show abstract

“…Also in 2014, Gorla et al (2014) collected apps and their associated descriptions and automatically verified whether the descriptions actually matched the app behaviors while Qu et al (2014) checked the descriptions against the permission usages. Other works focused on financial apps (Taylor and Martinovic 2017), on app maintenance and prices (Carbunar and Potharaju 2015), on malware (Zhou and Jiang 2012), or on the quality of apps descriptions (Jiang et al 2014).…”

Section: Related Workmentioning

confidence: 99%

A First Look at Android Applications in Google Play related to Covid-19

Samhi¹,

Allix²,

Bissyandé³

et al. 2020

Preprint

View full text Add to dashboard Cite

Due to the convenience of access-on-demand to information and business solutions, mobile apps have become an important asset in the digital world. In the context of the Covid-19 pandemic, app developers have joined the response effort in various ways by releasing apps that target different user bases (e.g., all citizens or journalists), offer different services (e.g., location tracking or diagnostic-aid), provide generic or specialized information, etc. While many apps have raised some concerns by spreading misinformation or even malware, the literature does not yet provide a clear landscape of the different apps that were developed. In this study, we focus on the Android ecosystem and investigate Covid-related Android apps. In a best-effort scenario, we attempt to systematically identify all relevant apps and study their characteristics with the objective to provide a first taxonomy of Covid-related apps, broadening the relevance beyond the implementation of contact tracing. Overall, our study yields a number of empirical insights that contribute to enlarge the knowledge on Covid-related apps: (1) Developer communities contributed rapidly to the Covid-19, with apps released as early as February 2020; (2) Covid-related apps deliver digital tools to users (e.g., health diaries), serve to broadcast information to users (e.g., spread statistics), and collect data from users (e.g., for tracing); (3) Covid-related apps are less complex than standard apps; (4) they generally do not seem to leak sensitive data; (5) in the majority of cases, Covid-related apps are released by entities with past experience on the market, mostly official government entities or public health organizations.

show abstract

Short Paper: A Longitudinal Study of Financial Apps in the Google Play Store

Cited by 9 publications

References 5 publications

Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions

Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions

Exposed! A case study on the vulnerability-proneness of Google Play Apps

A First Look at Android Applications in Google Play related to Covid-19

Contact Info

Product

Resources

About