Understanding the responsiveness of mobile app developers to software library updates

Tatsuhiko Yasumatsu, Takuya Watanabe, Fumihiro Kanei, Eitaro Shioji, Mitsuaki Akiyama, Tatsuya Mori

研究成果: Conference contribution

2 被引用数 (Scopus)

抄録

This paper reports a longitudinal measurement study aiming to understand how mobile app developers are responsive to updates of software libraries over time. To quantify their responsiveness to library updates, we collected 21,046 Android apps, which equated 142,611 unique application package kit (APK) files, each corresponding to a different version of an app. The release dates of these APK files spanned across 9 years. The key findings we derived from our analysis are as follows. (1) We observed an undesirable level of responsiveness of app developers; 50% of library update adoptions by app developers were performed for more than 3 months after the release date of the library, and 50% of outdated libraries used in apps were retained for over 10 months. (2) Deploying a security fix campaign in the app distribution market effectively reduced the number of apps with unfixed vulnerabilities; however, CVE-numbered vulnerabilities (without a campaign) were prone to remain unfixed. (3) The responsiveness of app developers varied and depended on multiple factors, for example, popular apps with a high number of installations had a better response to library updates and, while it took 77 days on average for app developers to adopt version updates for advertising libraries, it took 237 days for updates of utility libraries to be adopted. We discuss practical ways to eliminate libraries with vulnerabilities and to improve the responsiveness of app developers to library updates.

本文言語English
ホスト出版物のタイトルCODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy
出版社Association for Computing Machinery, Inc
ページ13-24
ページ数12
ISBN(電子版)9781450360999
DOI
出版ステータスPublished - 2019 3 13
イベント9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019 - Richardson, United States
継続期間: 2019 3 252019 3 27

出版物シリーズ

名前CODASPY 2019 - Proceedings of the 9th ACM Conference on Data and Application Security and Privacy

Conference

Conference9th ACM Conference on Data and Application Security and Privacy, CODASPY 2019
国/地域United States
CityRichardson
Period19/3/2519/3/27

ASJC Scopus subject areas

  • 情報システム
  • コンピュータ サイエンスの応用
  • ソフトウェア

フィンガープリント

「Understanding the responsiveness of mobile app developers to software library updates」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル