Study on the vulnerabilities of free and paid mobile apps associated with software library

Takuya Watanabe, Mitsuaki Akiyama, Fumihiro Kanei, Eitaro Shioji, Yuta Takata, Bo Sun, Yuta Ishii, Toshiki Shibahara, Takeshi Yagi, Tatsuya Mori

Research output: Contribution to journalArticle

Abstract

This paper reports a large-scale study that aims to understand how mobile application (app) vulnerabilities are associated with software libraries. We analyze both free and paid apps. Studying paid apps was quite meaningful because it helped us understand how differences in app development/maintenance affect the vulnerabilities associated with libraries. We analyzed 30k free and paid apps collected from the official Android marketplace. Our extensive analyses revealed that approximately 70%/50% of vulnerabilities of free/paid apps stem from software libraries, particularly from third-party libraries. Somewhat paradoxically, we found that more expensive/popular paid apps tend to have more vulnerabilities. This comes from the fact that more expensive/popular paid apps tend to have more functionality, i.e., more code and libraries, which increases the probability of vulnerabilities. Based on our findings, we provide suggestions to stakeholders of mobile app distribution ecosystems.

Original languageEnglish
Pages (from-to)276-291
Number of pages16
JournalIEICE Transactions on Information and Systems
VolumeE103D
Issue number2
DOIs
Publication statusPublished - 2020

Keywords

  • Mobile app
  • Software library
  • Vulnerability

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Vision and Pattern Recognition
  • Electrical and Electronic Engineering
  • Artificial Intelligence

Fingerprint Dive into the research topics of 'Study on the vulnerabilities of free and paid mobile apps associated with software library'. Together they form a unique fingerprint.

  • Cite this

    Watanabe, T., Akiyama, M., Kanei, F., Shioji, E., Takata, Y., Sun, B., Ishii, Y., Shibahara, T., Yagi, T., & Mori, T. (2020). Study on the vulnerabilities of free and paid mobile apps associated with software library. IEICE Transactions on Information and Systems, E103D(2), 276-291. https://doi.org/10.1587/transinf.2019INP0011