On the Evolution of Security Issues in Android App Versions

Kalysch A, Schilling J, Müller T (2020)


Publication Language: English

Publication Type: Book chapter / Article in edited volumes

Publication year: 2020

Publisher: Springer Nature Switzerland AG

Edited Volumes: ACNS: International Conference on Applied Cryptography and Network Security

Series: Lecture Notes in Computer Science

City/Town: Cham, Switzerland

Pages Range: 523 - 541

ISBN: 978-3-030-61637-3

URI: https://link.springer.com/chapter/10.1007/978-3-030-61638-0_29

DOI: 10.1007/978-3-030-61638-0_29

Abstract

Since its launch in 2008, the Android platform has seen a lot of development and improvements to this day. Android developer studios had to refine their understanding and available codebases considerably in the past decade since Android’s conception. For example, they had to handle monumental changes in the OS, like the introduction of ART or the continually evolving permission system. With this study, we look into the code-base of 1,250 apps from 57 different development studios and analyze the evolution of security-related issues in past versions of an app. To analyze a total of 11,002 APKs, we build on popular vulnerability assessment tools like QARK and drozer and extend them with our own security checks. We discover that the attack surface of an app usually grows over time, including issues that are open for a long time or remain unclosed. Considering the false positive rate of automated vulnerability scanners like QARK or drozer, the total number of vulnerabilities in an app must be taken with care, but nevertheless our study substantiates that the number of security issues typically grows with code complexity and size, rather than shrinking over time.

Authors with CRIS profile

How to cite

APA:

Kalysch, A., Schilling, J., & Müller, T. (2020). On the Evolution of Security Issues in Android App Versions. In Jianying Zhou, Mauro Conti, Chuadhry Mujeeb Ahmed, Man Ho Au, Lejla Batina, Zhou Li, Jingqiang Lin, Eleonora Losiouk, Bo Luo, Suryadipta Majumdar, Weizhi Meng, Martín Ochoa, Stjepan Picek, Georgios Portokalidis, Cong Wang, Kehuan Zhang (Eds.), ACNS: International Conference on Applied Cryptography and Network Security. (pp. 523 - 541). Cham, Switzerland: Springer Nature Switzerland AG.

MLA:

Kalysch, Anatoli, Joschua Schilling, and Tilo Müller. "On the Evolution of Security Issues in Android App Versions." ACNS: International Conference on Applied Cryptography and Network Security. Ed. Jianying Zhou, Mauro Conti, Chuadhry Mujeeb Ahmed, Man Ho Au, Lejla Batina, Zhou Li, Jingqiang Lin, Eleonora Losiouk, Bo Luo, Suryadipta Majumdar, Weizhi Meng, Martín Ochoa, Stjepan Picek, Georgios Portokalidis, Cong Wang, Kehuan Zhang, Cham, Switzerland: Springer Nature Switzerland AG, 2020. 523 - 541.

BibTeX: Download