Kalysch A, Schilling J, Müller T (2020)
Publication Language: English
Publication Type: Book chapter / Article in edited volumes
Publication year: 2020
Publisher: Springer Nature Switzerland AG
Edited Volumes: ACNS: International Conference on Applied Cryptography and Network Security
Series: Lecture Notes in Computer Science
City/Town: Cham, Switzerland
Pages Range: 523 - 541
ISBN: 978-3-030-61637-3
URI: https://link.springer.com/chapter/10.1007/978-3-030-61638-0_29
DOI: 10.1007/978-3-030-61638-0_29
Since its launch in 2008, the Android platform has seen a lot of development and improvements to this day. Android developer studios had to refine their understanding and available codebases considerably in the past decade since Android’s conception. For example, they had to handle monumental changes in the OS, like the introduction of ART or the continually evolving permission system. With this study, we look into the code-base of 1,250 apps from 57 different development studios and analyze the evolution of security-related issues in past versions of an app. To analyze a total of 11,002 APKs, we build on popular vulnerability assessment tools like QARK and drozer and extend them with our own security checks. We discover that the attack surface of an app usually grows over time, including issues that are open for a long time or remain unclosed. Considering the false positive rate of automated vulnerability scanners like QARK or drozer, the total number of vulnerabilities in an app must be taken with care, but nevertheless our study substantiates that the number of security issues typically grows with code complexity and size, rather than shrinking over time.
APA:
Kalysch, A., Schilling, J., & Müller, T. (2020). On the Evolution of Security Issues in Android App Versions. In Jianying Zhou, Mauro Conti, Chuadhry Mujeeb Ahmed, Man Ho Au, Lejla Batina, Zhou Li, Jingqiang Lin, Eleonora Losiouk, Bo Luo, Suryadipta Majumdar, Weizhi Meng, Martín Ochoa, Stjepan Picek, Georgios Portokalidis, Cong Wang, Kehuan Zhang (Eds.), ACNS: International Conference on Applied Cryptography and Network Security. (pp. 523 - 541). Cham, Switzerland: Springer Nature Switzerland AG.
MLA:
Kalysch, Anatoli, Joschua Schilling, and Tilo Müller. "On the Evolution of Security Issues in Android App Versions." ACNS: International Conference on Applied Cryptography and Network Security. Ed. Jianying Zhou, Mauro Conti, Chuadhry Mujeeb Ahmed, Man Ho Au, Lejla Batina, Zhou Li, Jingqiang Lin, Eleonora Losiouk, Bo Luo, Suryadipta Majumdar, Weizhi Meng, Martín Ochoa, Stjepan Picek, Georgios Portokalidis, Cong Wang, Kehuan Zhang, Cham, Switzerland: Springer Nature Switzerland AG, 2020. 523 - 541.
BibTeX: Download