Vulnerability Evaluation Method through Correlation Analysis of Android Applications

Yeom, Cheolmin; Won, Young-Shin

doi:10.3390/su11236637

Cited by 1 publication

(1 citation statement)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most of these features are of (i) numeric (i.e., Description Length, Photos, APK Size, Average Rating, Number of Raters and Number of Permissions), (ii) nominal (i.e., Play Store Category and Number of Installs), or (iii) boolean (i.e., Contains Ads, In App Purchase, and each specific Permission in the list) types. Note that, while the relationships between the individual features in Table 2 and security risks have been extensively studied in prior research [29,51,92,95,97], we leverage findings from these previous studies for selecting significant features to train machine learning algorithms.…”

Section: Photosmentioning

confidence: 99%

Exposed! A case study on the vulnerability-proneness of Google Play Apps

Sorbo

Panichella

2021

Empir Software Eng

View full text Add to dashboard Cite

Mobile applications are used for accomplishing everyday life activities, such as shopping, banking, and social communications. To leverage the features of mobile apps, users often need to share sensitive information. However, recent research demonstrated that most of such apps present critical security and privacy defects. In this context, we define as vulnerabilityproneness the risk level(s) that users meet in downloading specific apps, to better understand whether (1) users select apps with lower risk levels and if (2) vulnerability-proneness of an app might affect its success. We use as proxy to measure such risk level the "number of different types of potential security issues exhibited by the app". We conjecture that the vulnerabilityproneness levels may vary based on (i) the types of data handled by the app, and (ii) the operations for which the app is supposed to be used. Hence, we investigate how the vulnerability-proneness of apps varies when observing (i) different app categories, and (ii) apps with different success levels. Finally, to increase the awareness of both users and developers on the vulnerabilityproneness of apps, we evaluate the extent to which contextual information provided by the app market can be exploited to estimate the vulnerabilityproneness levels of mobile apps. Results of our study show that apps in the Medical category exhibit the lowest levels of vulnerability-proneness. Besides, while no strong relations between vulnerability-proneness and average rating are observed, apps with a higher number of downloads tend to have higher vulnerability-proneness levels, but lower vulnerability-proneness density. Fi-* Corresponding author.

show abstract