Chronological Analysis of Source Code Reuse Impact on Android Application Security

抄録

Application developers consider open discussion forum on software development such as question and answer (Q&A) forums to be very important. There are cases where snippets which are partial source code on such forums contains vulnerabilities, and application developers divert snippets without knowing it. Previous works were focused on security-related codes such as a TLS connection, and not on actual vulnerable codes that are used widely. Thus, a time series investigation on the spread of such codes has not been conducted. In this paper, a method that enables the chronological analysis of source code reuse is proposed. By determining source code reuse in applications, we can investigate the context using time information such as the respective publication dates and time, and clarify how many cases are not source code reuse. An evaluation of the proposed method is achieved using large-scale data which includes 527, 249 snippets of source code and 249, 987 applications. The result shows that the appearance rate of applications having the same code as the snippet has increased after the release of the snippet. Furthermore, experiments on extracting vulnerable snippets from all snippets show that vulnerable snippets often have a greater impact than the overall snippet trend.