IEICE Transactions on Information and Systems
Online ISSN : 1745-1361
Print ISSN : 0916-8532
Special Section on Security, Privacy, Anonymity and Trust in Cyberspace Computing and Communications
Study on the Vulnerabilities of Free and Paid Mobile Apps Associated with Software Library
Takuya WATANABEMitsuaki AKIYAMAFumihiro KANEIEitaro SHIOJIYuta TAKATABo SUNYuta ISHIIToshiki SHIBAHARATakeshi YAGITatsuya MORI
Author information
Keywords: mobile app, software library, vulnerability
JOURNAL FREE ACCESS

2020 Volume E103.D Issue 2 Pages 276-291

Details
Download PDF (1744K)
Download citation RIS

(compatible with EndNote, Reference Manager, ProCite, RefWorks)

BIB TEX

(compatible with BibDesk, LaTeX)

Text
How to download citation
Contact us
Abstract

This paper reports a large-scale study that aims to understand how mobile application (app) vulnerabilities are associated with software libraries. We analyze both free and paid apps. Studying paid apps was quite meaningful because it helped us understand how differences in app development/maintenance affect the vulnerabilities associated with libraries. We analyzed 30k free and paid apps collected from the official Android marketplace. Our extensive analyses revealed that approximately 70%/50% of vulnerabilities of free/paid apps stem from software libraries, particularly from third-party libraries. Somewhat paradoxically, we found that more expensive/popular paid apps tend to have more vulnerabilities. This comes from the fact that more expensive/popular paid apps tend to have more functionality, i.e., more code and libraries, which increases the probability of vulnerabilities. Based on our findings, we provide suggestions to stakeholders of mobile app distribution ecosystems.

Content from these authors
© 2020 The Institute of Electronics, Information and Communication Engineers
Previous article Next article
Favorites & Alerts

Recently viewed articles
Announcements from publisher
Share this page
feedback
 Top