poster

On vulnerability evolution in Android apps

Authors:

Jun Gao,

Li Li,

Pingfan Kong,

Tegawendé F. Bissyandé,

Jacques KleinAuthors Info & Claims

ICSE '18: Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings

Pages 276 - 277

https://doi.org/10.1145/3183440.3194968

Published: 27 May 2018 Publication History

Get Access

Abstract

In this work, we reconstruct a set of Android app lineages which each of them represents a sequence of app versions that are historically released for the same app. Then, based on these lineages, we empirically investigate the evolution of app vulnerabilities, which are revealed by well-known vulnerability scanners, and subsequently summarise various interesting findings that constitute a tangible knowledge to the community.

References

[1]

Li Li, Tegawendé F Bissyandé, Mike Papadakis, Siegfried Rasthofer, Alexandre Bartel, Damien Octeau, Jacques Klein, and Yves Le Traon. Static analysis of android apps: A systematic literature review. Information and Software Technology, 2017.

Digital Library

Google Scholar

[2]

Li Li, Alexandre Bartel, Tegawendé F Bissyandé, Jacques Klein, Yves Le Traon, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Damien Octeau, and Patrick McDaniel. Iccta: Detecting inter-component privacy leaks in android apps. In Proc. of the 37th Intl. Conference on Software Engineering-Volume 1, pages 280--291. IEEE Press, 2015.

Digital Library

Google Scholar

[3]

Meng Xu, Chengyu Song, Yang Ji, Ming-Wei Shih, Kangjie Lu, Cong Zheng, Ruian Duan, Yeongjin Jang, Byoungyoung Lee, Chenxiong Qian, et al. Toward engineering a secure android ecosystem: A survey of existing techniques. ACM Computing Surveys (CSUR), 49(2):38, 2016.

Digital Library

Google Scholar

[4]

Vincent F Taylor and Ivan Martinovic. To update or not to update: Insights from a two-year study of android app evolution. In Proc. of the 2017 ACM on Asia Conference on Computer and Communications Security, pages 45--57. ACM, 2017.

Digital Library

Google Scholar

[5]

Li Li, Tegawendé F Bissyandé, Yves Le Traon, and Jacques Klein. Accessing inaccessible android apis: An empirical study. In The 32nd Intl. Conference on Software Maintenance and Evolution (ICSME 2016), 2016.

Crossref

Google Scholar

[6]

Li Li, Jun Gao, Médéric Hurier, Pingfan Kong, Tegawendé F Bissyandé, Alexandre Bartel, Jacques Klein, and Yves Le Traon. Androzoo++: Collecting millions of android apps and their metadata for the research community. arXiv preprint arXiv.1709.05281, 2017.

Google Scholar

[7]

Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, and Patrick McDaniel. Flowdroid: Precise context, flow, field, object-sensitive and life cycle-aware taint analysis for android apps. Acm Sigplan Notices, 49(6):259--269, 2014.

Digital Library

Google Scholar

[8]

Yu-Cheng Lin. Androbugs framework: An android application security vulnerability scanner. In Blackhat Europe 2015, 2015.

Google Scholar

[9]

Damien Octeau, Daniel Luchaup, Matthew Dering, Somesh Jha, and Patrick McDaniel. Composite constant propagation: Application to android inter-component communication analysis. In Proc. of the 37th Intl. Conference on Software Engineering-Volume 1, pages 77--88. IEEE Press, 2015.

Digital Library

Google Scholar

Cited By

View all

Xiang XJiang YGuo QZhang XGong XLiu B(2023)AppChainer: investigating the chainability among payloads in android applicationsCybersecurity10.1186/s42400-023-00151-26:1Online publication date: 2-Aug-2023
https://doi.org/10.1186/s42400-023-00151-2
Li LGao JBissyandé TMa LXia XKlein J(2020)CDA: Characterising Deprecated Android APIsEmpirical Software Engineering10.1007/s10664-019-09764-z25:3(2058-2098)Online publication date: 1-May-2020
https://dl.acm.org/doi/10.1007/s10664-019-09764-z
Wang HLi HGuo Y(2019)Understanding the Evolution of Mobile App Ecosystems: A Longitudinal Measurement Study of Google PlayThe World Wide Web Conference10.1145/3308558.3313611(1988-1999)Online publication date: 13-May-2019
https://dl.acm.org/doi/10.1145/3308558.3313611
Show More Cited By

Recommendations

Supporting evolution and maintenance of Android apps
ICSE Companion 2014: Companion Proceedings of the 36th International Conference on Software Engineering

In recent years, the market of mobile software applications (apps) has maintained an impressive upward trajectory. As of today, the market for such devices features over 850K+ apps for Android, and 19 versions of the Android API have been released in 4 ...
Pro Android Web Apps: Develop for Android using HTML5, CSS3 & JavaScript
Analyzing GUI running fluency for Android apps
MSCC '16: Proceedings of the 3rd ACM Workshop on Mobile Sensing, Computing and Communication

Android as a free open platform has become increasingly popular and been widespread adopted in mobile, tablet, and other devices. However, a great number of issues, such as inadequate quality and the fragmentation phenomenon, have emerged, enhancing the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ICSE '18: Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings

May 2018

231 pages

ISBN:9781450356633

DOI:10.1145/3183440

Conference Chair:
Michel Chaudron
Chalmers University of Technology, University of Gothenburg, Sweden
,
General Chair:
Ivica Crnkovic
Chalmers University of Technology, University of Gothenburg, Sweden
,
Program Chairs:
Marsha Chechik
University of Toronto, Canada
,
Mark Harman
Facebook and University College London, United Kingdom

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 May 2018

Check for updates

Qualifiers

Poster

Funding Sources

Conference

ICSE '18

Sponsor:

SIGSOFT
IEEE-CS

ICSE '18: 40th International Conference on Software Engineering

May 27 - June 3, 2018

Gothenburg, Sweden

Acceptance Rates

Overall Acceptance Rate 276 of 1,856 submissions, 15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
225
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Xiang XJiang YGuo QZhang XGong XLiu B(2023)AppChainer: investigating the chainability among payloads in android applicationsCybersecurity10.1186/s42400-023-00151-26:1Online publication date: 2-Aug-2023
https://doi.org/10.1186/s42400-023-00151-2
Li LGao JBissyandé TMa LXia XKlein J(2020)CDA: Characterising Deprecated Android APIsEmpirical Software Engineering10.1007/s10664-019-09764-z25:3(2058-2098)Online publication date: 1-May-2020
https://dl.acm.org/doi/10.1007/s10664-019-09764-z
Wang HLi HGuo Y(2019)Understanding the Evolution of Mobile App Ecosystems: A Longitudinal Measurement Study of Google PlayThe World Wide Web Conference10.1145/3308558.3313611(1988-1999)Online publication date: 13-May-2019
https://dl.acm.org/doi/10.1145/3308558.3313611
Kong PLi LGao JBissyandé TKlein JZhang DMøller A(2019)Mining Android crash fixes in the absence of issue- and change-tracking systemsProceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3293882.3330572(78-89)Online publication date: 10-Jul-2019
https://dl.acm.org/doi/10.1145/3293882.3330572
Gao JKong PLi LBissyandé TKlein JStorey MAdams BHaiduc S(2019)Negative results on mining crypto-API usage rules in Android appsProceedings of the 16th International Conference on Mining Software Repositories10.1109/MSR.2019.00065(388-398)Online publication date: 26-May-2019
https://dl.acm.org/doi/10.1109/MSR.2019.00065
Gao JLi LBissyande TKlein J(2019)On the Evolution of Mobile App Complexity2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS)10.1109/ICECCS.2019.00029(200-209)Online publication date: Nov-2019
https://doi.org/10.1109/ICECCS.2019.00029
Li LBissyandé TWang HKlein J(2019)On Identifying and Explaining Similarities in Android AppsJournal of Computer Science and Technology10.1007/s11390-019-1918-834:2(437-455)Online publication date: 22-Mar-2019
https://doi.org/10.1007/s11390-019-1918-8
Wang HLi HLi LGuo YXu GZaidman AKamei YHill E(2018)Why are Android apps removed from Google Play?Proceedings of the 15th International Conference on Mining Software Repositories10.1145/3196398.3196412(231-242)Online publication date: 28-May-2018
https://dl.acm.org/doi/10.1145/3196398.3196412

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Recommendations

Supporting evolution and maintenance of Android apps

Pro Android Web Apps: Develop for Android using HTML5, CSS3 & JavaScript

Analyzing GUI running fluency for Android apps