Mobile App Security Trends and Topics: An Examination of Questions From Stack Overflow

Timothy Huo, Ana Catarina Araújo, Jake Imanaka, Anthony Peruma, Rick Kazman
{"title":"Mobile App Security Trends and Topics: An Examination of Questions From Stack Overflow","authors":"Timothy Huo, Ana Catarina Araújo, Jake Imanaka, Anthony Peruma, Rick Kazman","doi":"arxiv-2409.07926","DOIUrl":null,"url":null,"abstract":"The widespread use of smartphones and tablets has made society heavily\nreliant on mobile applications (apps) for accessing various resources and\nservices. These apps often handle sensitive personal, financial, and health\ndata, making app security a critical concern for developers. While there is\nextensive research on software security topics like malware and\nvulnerabilities, less is known about the practical security challenges mobile\napp developers face and the guidance they seek. \\rev{In this study, we mine\nStack Overflow for questions on mobile app security, which we analyze using\nquantitative and qualitative techniques.} The findings reveal that Stack\nOverflow is a major resource for developers seeking help with mobile app\nsecurity, especially for Android apps, and identifies seven main categories of\nsecurity questions: Secured Communications, Database, App Distribution Service,\nEncryption, Permissions, File-Specific, and General Security. Insights from\nthis research can inform the development of tools, techniques, and resources by\nthe research and vendor community to better support developers in securing\ntheir mobile apps.","PeriodicalId":501278,"journal":{"name":"arXiv - CS - Software Engineering","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.07926","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

The widespread use of smartphones and tablets has made society heavily reliant on mobile applications (apps) for accessing various resources and services. These apps often handle sensitive personal, financial, and health data, making app security a critical concern for developers. While there is extensive research on software security topics like malware and vulnerabilities, less is known about the practical security challenges mobile app developers face and the guidance they seek. \rev{In this study, we mine Stack Overflow for questions on mobile app security, which we analyze using quantitative and qualitative techniques.} The findings reveal that Stack Overflow is a major resource for developers seeking help with mobile app security, especially for Android apps, and identifies seven main categories of security questions: Secured Communications, Database, App Distribution Service, Encryption, Permissions, File-Specific, and General Security. Insights from this research can inform the development of tools, techniques, and resources by the research and vendor community to better support developers in securing their mobile apps.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
移动应用程序安全趋势和主题:对 Stack Overflow 问题的研究
智能手机和平板电脑的广泛使用使社会高度依赖移动应用程序(App)来访问各种资源和服务。这些应用程序通常会处理敏感的个人、财务和健康数据,因此应用程序的安全性成为开发人员关注的焦点。虽然对恶意软件和漏洞等软件安全主题有广泛的研究,但对移动应用开发者面临的实际安全挑战和他们寻求的指导却知之甚少。\rev{在这项研究中,我们挖掘了Stack Overflow中有关移动应用安全的问题,并使用定量和定性技术对其进行了分析。}研究结果表明,StackOverflow 是开发人员寻求移动应用程序安全帮助的主要资源,尤其是针对安卓应用程序,并确定了七大类安全问题:安全通信、数据库、应用程序分发服务、加密、权限、特定文件和一般安全。这项研究的启示可以为研究人员和供应商开发工具、技术和资源提供参考,从而更好地支持开发人员保护其移动应用程序的安全。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Promise and Peril of Collaborative Code Generation Models: Balancing Effectiveness and Memorization Shannon Entropy is better Feature than Category and Sentiment in User Feedback Processing Motivations, Challenges, Best Practices, and Benefits for Bots and Conversational Agents in Software Engineering: A Multivocal Literature Review A Taxonomy of Self-Admitted Technical Debt in Deep Learning Systems Investigating team maturity in an agile automotive reorganization
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1