Mobile applications (apps) have become an essential part of everyday life, offering convenient access to services such as banking, healthcare, and shopping. With these apps handling sensitive personal and financial data, ensuring their security is paramount. While previous research has explored mobile app developer practices, there is limited knowledge about the common practices and challenges that developers face in securing their apps. Our study addresses this need through a global survey of 137 experienced mobile app developers, providing a developer-centric view of mobile app security. Our findings show that developers place high importance on security, frequently implementing features such as authentication and secure storage. They face challenges with managing vulnerabilities, permissions, and privacy concerns, and often rely on resources like Stack Overflow for help. Many developers find that existing learning materials do not adequately prepare them to build secure apps and provide recommendations, such as following best practices and integrating security at the beginning of the development process. We envision our findings leading to improved security practices, better-designed tools and resources, and more effective training programs.
@article{arxiv.2408.09032,
title = {A Developer-Centric Study Exploring Mobile Application Security Practices and Challenges},
author = {Anthony Peruma and Timothy Huo and Ana Catarina Araújo and Jake Imanaka and Rick Kazman},
journal= {arXiv preprint arXiv:2408.09032},
year = {2024}
}
Comments
Accepted: International Conference on Software Maintenance and Evolution (ICSME 2024); Industry Track