5,649 research outputs found
Longitudinal Analysis of Android Ad Library Permissions
This paper investigates changes over time in the behavior of Android ad
libraries. Taking a sample of 100,000 apps, we extract and classify the ad
libraries. By considering the release dates of the applications that use a
specific ad library version, we estimate the release date for the library, and
thus build a chronological map of the permissions used by various ad libraries
over time. We find that the use of most permissions has increased over the last
several years, and that more libraries are able to use permissions that pose
particular risks to user privacy and security.Comment: Most 201
Comprehension of Ads-supported and Paid Android Applications: Are They Different?
The Android market is a place where developers offer paid and-or free apps to
users. Free apps are interesting to users because they can try them immediately
without incurring a monetary cost. However, free apps often have limited
features and-or contain ads when compared to their paid counterparts. Thus,
users may eventually need to pay to get additional features and-or remove ads.
While paid apps have clear market values, their ads-supported versions are not
entirely free because ads have an impact on performance.
In this paper, first, we perform an exploratory study about ads-supported and
paid apps to understand their differences in terms of implementation and
development process. We analyze 40 Android apps and we observe that (i)
ads-supported apps are preferred by users although paid apps have a better
rating, (ii) developers do not usually offer a paid app without a corresponding
free version, (iii) ads-supported apps usually have more releases and are
released more often than their corresponding paid versions, (iv) there is no a
clear strategy about the way developers set prices of paid apps, (v) paid apps
do not usually include more functionalities than their corresponding
ads-supported versions, (vi) developers do not always remove ad networks in
paid versions of their ads-supported apps, and (vii) paid apps require less
permissions than ads-supported apps. Second, we carry out an experimental study
to compare the performance of ads-supported and paid apps and we propose four
equations to estimate the cost of ads-supported apps. We obtain that (i)
ads-supported apps use more resources than their corresponding paid versions
with statistically significant differences and (ii) paid apps could be
considered a most cost-effective choice for users because their cost can be
amortized in a short period of time, depending on their usage.Comment: Accepted for publication in the proceedings of the IEEE International
Conference on Program Comprehension 201
A survey of app store analysis for software engineering
App Store Analysis studies information about applications obtained from app stores. App stores provide a wealth of information derived from users that would not exist had the applications been distributed via previous software deployment methods. App Store Analysis combines this non-technical information with technical information to learn trends and behaviours within these forms of software repositories. Findings from App Store Analysis have a direct and actionable impact on the software teams that develop software for app stores, and have led to techniques for requirements engineering, release planning, software design, security and testing. This survey describes and compares the areas of research that have been explored thus far, drawing out common aspects, trends and directions future research should take to address open problems and challenges
Improving Android app security and privacy with developers
Existing research has uncovered many security vulnerabilities in Android applications (apps) caused by inexperienced, and unmotivated developers. Especially, the lack of tool support makes it hard for developers to avoid common security and privacy problems in Android apps. As a result, this leads to apps with security vulnerability that exposes end users to a multitude of attacks. This thesis presents a line of work that studies and supports Android developers in writing more secure code. We first studied to which extent tool support can help developers in creating more secure applications. To this end, we developed and evaluated an Android Studio extension that identifies common security problems of Android apps, and provides developers suggestions to more secure alternatives. Subsequently, we focused on the issue of outdated third-party libraries in apps which also is the root cause for a variety of security vulnerabilities. Therefore, we analyzed all popular 3rd party libraries in the Android ecosystem, and provided developers feedback and guidance in the form of tool support in their development environment to fix such security problems. In the second part of this thesis, we empirically studied and measured the impact of user reviews on app security and privacy evolution. Thus, we built a review classifier to identify security and privacy related reviews and performed regression analysis to measure their impact on the evolution of security and privacy in Android apps. Based on our results we proposed several suggestions to improve the security and privacy of Android apps by leveraging user feedbacks to create incentives for developers to improve their apps toward better versions.Die bisherige Forschung zeigt eine Vielzahl von Sicherheitslücken in Android-Applikationen auf, welche sich auf unerfahrene und unmotivierte Entwickler zurückführen lassen. Insbesondere ein Mangel an Unterstützung durch Tools erschwert es den Entwicklern, häufig auftretende Sicherheits- und Datenschutzprobleme in Android Apps zu vermeiden. Als Folge führt dies zu Apps mit Sicherheitsschwachstellen, die Benutzer einer Vielzahl von Angriffen aussetzen. Diese Dissertation präsentiert eine Reihe von Forschungsarbeiten, die Android-Entwickler bei der Entwicklung von sichereren Apps untersucht und unterstützt. In einem ersten Schritt untersuchten wir, inwieweit die Tool-Unterstützung Entwicklern beim Schreiben von sicherem Code helfen kann. Zu diesem Zweck entwickelten und evaluierten wir eine Android Studio-Erweiterung, die gängige Sicherheitsprobleme von Android-Apps identifiziert und Entwicklern Vorschläge für sicherere Alternativen bietet. Daran anknüpfend, konzentrierten wir uns auf das Problem veralteter Bibliotheken von Drittanbietern in Apps, die ebenfalls häufig die Ursache von Sicherheitslücken sein können. Hierzu analysierten wir alle gängigen 3rd-Party-Bibliotheken im Android-Ökosystem und gaben den Entwicklern Feedback und Anleitung in Form von Tool-Unterstützung in ihrer Entwicklungsumgebung, um solche Sicherheitsprobleme zu beheben. Im zweiten Teil dieser Dissertation untersuchten wir empirisch die Auswirkungen von Benutzer-Reviews im Android Appstore auf die Entwicklung der Sicherheit und des Datenschutzes von Apps. Zu diesem Zweck entwickelten wir einen Review-Klassifikator, welcher in der Lage ist sicherheits- und datenschutzbezogene Reviews zu identifizieren. Nachfolgend untersuchten wir den Einfluss solcher Reviews auf die Entwicklung der Sicherheit und des Datenschutzes in Android-Apps mithilfe einer Regressionsanalyse. Basierend auf unseren Ergebnissen präsentieren wir verschiedene Vorschläge zur Verbesserung der Sicherheit und des Datenschutzes von Android-Apps, welche die Reviews der Benutzer zur Schaffung von Anreizen für Entwickler nutzen
- …