The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Cet article rend compte d'une étude à grande échelle visant à comprendre comment les vulnérabilités des applications mobiles (app) sont associées aux bibliothèques de logiciels. Nous analysons applications gratuites et payantes. L'étude des applications payantes s'est avérée très significative car elle nous a aidé à comprendre comment les différences dans le développement/maintenance des applications affectent les vulnérabilités associées aux bibliothèques. Nous avons analysé 30 70 applications gratuites et payantes collectées sur le marché officiel Android. Nos analyses approfondies ont révélé qu'environ 50 %/XNUMX % des vulnérabilités des applications gratuites/payantes proviennent de bibliothèques de logiciels, en particulier de bibliothèques tierces. Paradoxalement, nous avons constaté que les applications payantes les plus chères et les plus populaires ont tendance à présenter davantage de vulnérabilités. Cela vient du fait que les applications payantes plus chères/populaires ont tendance à avoir plus de fonctionnalités, c'est-à-dire plus de code et de bibliothèques, ce qui augmente la probabilité de vulnérabilités. Sur la base de nos conclusions, nous proposons des suggestions aux parties prenantes des écosystèmes de distribution d'applications mobiles.
Takuya WATANABE
NTT Secure Platform Laboratories,Waseda University
Mitsuaki AKIYAMA
NTT Secure Platform Laboratories
Fumihiro KANEI
NTT Secure Platform Laboratories
Eitaro SHIOJI
NTT Secure Platform Laboratories
Yuta TAKATA
PwC Cyber Services LLC
Bo SUN
National Institute of Information and Communications Technology
Yuta ISHII
NTT Secure Platform Laboratories
Toshiki SHIBAHARA
NTT Security (Japan) KK
Takeshi YAGI
Waseda University
Tatsuya MORI
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Takuya WATANABE, Mitsuaki AKIYAMA, Fumihiro KANEI, Eitaro SHIOJI, Yuta TAKATA, Bo SUN, Yuta ISHII, Toshiki SHIBAHARA, Takeshi YAGI, Tatsuya MORI, "Study on the Vulnerabilities of Free and Paid Mobile Apps Associated with Software Library" in IEICE TRANSACTIONS on Information,
vol. E103-D, no. 2, pp. 276-291, February 2020, doi: 10.1587/transinf.2019INP0011.
Abstract: This paper reports a large-scale study that aims to understand how mobile application (app) vulnerabilities are associated with software libraries. We analyze both free and paid apps. Studying paid apps was quite meaningful because it helped us understand how differences in app development/maintenance affect the vulnerabilities associated with libraries. We analyzed 30k free and paid apps collected from the official Android marketplace. Our extensive analyses revealed that approximately 70%/50% of vulnerabilities of free/paid apps stem from software libraries, particularly from third-party libraries. Somewhat paradoxically, we found that more expensive/popular paid apps tend to have more vulnerabilities. This comes from the fact that more expensive/popular paid apps tend to have more functionality, i.e., more code and libraries, which increases the probability of vulnerabilities. Based on our findings, we provide suggestions to stakeholders of mobile app distribution ecosystems.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2019INP0011/_p
Copier
@ARTICLE{e103-d_2_276,
author={Takuya WATANABE, Mitsuaki AKIYAMA, Fumihiro KANEI, Eitaro SHIOJI, Yuta TAKATA, Bo SUN, Yuta ISHII, Toshiki SHIBAHARA, Takeshi YAGI, Tatsuya MORI, },
journal={IEICE TRANSACTIONS on Information},
title={Study on the Vulnerabilities of Free and Paid Mobile Apps Associated with Software Library},
year={2020},
volume={E103-D},
number={2},
pages={276-291},
abstract={This paper reports a large-scale study that aims to understand how mobile application (app) vulnerabilities are associated with software libraries. We analyze both free and paid apps. Studying paid apps was quite meaningful because it helped us understand how differences in app development/maintenance affect the vulnerabilities associated with libraries. We analyzed 30k free and paid apps collected from the official Android marketplace. Our extensive analyses revealed that approximately 70%/50% of vulnerabilities of free/paid apps stem from software libraries, particularly from third-party libraries. Somewhat paradoxically, we found that more expensive/popular paid apps tend to have more vulnerabilities. This comes from the fact that more expensive/popular paid apps tend to have more functionality, i.e., more code and libraries, which increases the probability of vulnerabilities. Based on our findings, we provide suggestions to stakeholders of mobile app distribution ecosystems.},
keywords={},
doi={10.1587/transinf.2019INP0011},
ISSN={1745-1361},
month={February},}
Copier
TY - JOUR
TI - Study on the Vulnerabilities of Free and Paid Mobile Apps Associated with Software Library
T2 - IEICE TRANSACTIONS on Information
SP - 276
EP - 291
AU - Takuya WATANABE
AU - Mitsuaki AKIYAMA
AU - Fumihiro KANEI
AU - Eitaro SHIOJI
AU - Yuta TAKATA
AU - Bo SUN
AU - Yuta ISHII
AU - Toshiki SHIBAHARA
AU - Takeshi YAGI
AU - Tatsuya MORI
PY - 2020
DO - 10.1587/transinf.2019INP0011
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E103-D
IS - 2
JA - IEICE TRANSACTIONS on Information
Y1 - February 2020
AB - This paper reports a large-scale study that aims to understand how mobile application (app) vulnerabilities are associated with software libraries. We analyze both free and paid apps. Studying paid apps was quite meaningful because it helped us understand how differences in app development/maintenance affect the vulnerabilities associated with libraries. We analyzed 30k free and paid apps collected from the official Android marketplace. Our extensive analyses revealed that approximately 70%/50% of vulnerabilities of free/paid apps stem from software libraries, particularly from third-party libraries. Somewhat paradoxically, we found that more expensive/popular paid apps tend to have more vulnerabilities. This comes from the fact that more expensive/popular paid apps tend to have more functionality, i.e., more code and libraries, which increases the probability of vulnerabilities. Based on our findings, we provide suggestions to stakeholders of mobile app distribution ecosystems.
ER -