The search functionality is under construction.
The search functionality is under construction.

Study on the Vulnerabilities of Free and Paid Mobile Apps Associated with Software Library

Takuya WATANABE, Mitsuaki AKIYAMA, Fumihiro KANEI, Eitaro SHIOJI, Yuta TAKATA, Bo SUN, Yuta ISHII, Toshiki SHIBAHARA, Takeshi YAGI, Tatsuya MORI

  • Full Text Views

    0

  • Cite this

Summary :

This paper reports a large-scale study that aims to understand how mobile application (app) vulnerabilities are associated with software libraries. We analyze both free and paid apps. Studying paid apps was quite meaningful because it helped us understand how differences in app development/maintenance affect the vulnerabilities associated with libraries. We analyzed 30k free and paid apps collected from the official Android marketplace. Our extensive analyses revealed that approximately 70%/50% of vulnerabilities of free/paid apps stem from software libraries, particularly from third-party libraries. Somewhat paradoxically, we found that more expensive/popular paid apps tend to have more vulnerabilities. This comes from the fact that more expensive/popular paid apps tend to have more functionality, i.e., more code and libraries, which increases the probability of vulnerabilities. Based on our findings, we provide suggestions to stakeholders of mobile app distribution ecosystems.

Publication
IEICE TRANSACTIONS on Information Vol.E103-D No.2 pp.276-291
Publication Date
2020/02/01
Publicized
2019/11/22
Online ISSN
1745-1361
DOI
10.1587/transinf.2019INP0011
Type of Manuscript
Special Section PAPER (Special Section on Security, Privacy, Anonymity and Trust in Cyberspace Computing and Communications)
Category
Network Security

Authors

Takuya WATANABE
  NTT Secure Platform Laboratories,Waseda University
Mitsuaki AKIYAMA
  NTT Secure Platform Laboratories
Fumihiro KANEI
  NTT Secure Platform Laboratories
Eitaro SHIOJI
  NTT Secure Platform Laboratories
Yuta TAKATA
  PwC Cyber Services LLC
Bo SUN
  National Institute of Information and Communications Technology
Yuta ISHII
  NTT Secure Platform Laboratories
Toshiki SHIBAHARA
  NTT Security (Japan) KK
Takeshi YAGI
  Waseda University
Tatsuya MORI

Keyword