English

Security Smells in Android

Cryptography and Security 2020-06-03 v1 Software Engineering
Authors: Mohammad Ghafari , Pascal Gadient , Oscar Nierstrasz
View on arXiv PDF DOI

Abstract

The ubiquity of smartphones, and their very broad capabilities and usage, make the security of these devices tremendously important. Unfortunately, despite all progress in security and privacy mechanisms, vulnerabilities continue to proliferate. Research has shown that many vulnerabilities are due to insecure programming practices. However, each study has often dealt with a specific issue, making the results less actionable for practitioners. To promote secure programming practices, we have reviewed related research, and identified avoidable vulnerabilities in Android-run devices and the "security code smells" that indicate their presence. In particular, we explain the vulnerabilities, their corresponding smells, and we discuss how they could be eliminated or mitigated during development. Moreover, we develop a lightweight static analysis tool and discuss the extent to which it successfully detects several vulnerabilities in about 46,000 apps hosted by the official Android market.

Keywords

android security code smell detection computer security

Cite

@article{arxiv.2006.01181,
  title  = {Security Smells in Android},
  author = {Mohammad Ghafari and Pascal Gadient and Oscar Nierstrasz},
  journal= {arXiv preprint arXiv:2006.01181},
  year   = {2020}
}

Comments

2017 IEEE 17th International Working Conference on Source Code Analysis and Manipulation (SCAM)

Related papers

View all related →
Cryptography and Security · Computer Science
Security Code Smells in Android ICC
Pascal Gadient, Mohammad Ghafari, Patrick Frischknecht, Oscar Nierstrasz
2018-12-11
Cryptography and Security · Computer Science
Security Smells Pervade Mobile App Servers
Pascal Gadient, Marc-Andrea Tarnutzer, Oscar Nierstrasz, Mohammad Ghafari
2021-08-17
Software Engineering · Computer Science
Android Code Smells: From Introduction to Refactoring
Sarra Habchi, Naouel Moha, Romain Rouvoy
2020-10-15
Cryptography and Security · Computer Science
Are Free Android App Security Analysis Tools Effective in Detecting Known Vulnerabilities?
Venkatesh-Prasad Ranganath, Joydeep Mitra
2019-08-06
Cryptography and Security · Computer Science
Assessing the Effectiveness of LLMs in Android Application Vulnerability Analysis
Vasileios Kouliaridis, Georgios Karopoulos, Georgios Kambourakis
2025-03-18
Software Engineering · Computer Science
Examining the Relationship of Code and Architectural Smells with Software Vulnerabilities
Kazi Zakia Sultana, Zadia Codabux, Byron Williams
2020-11-02
Cryptography and Security · Computer Science
Security Apps under the Looking Glass: An Empirical Analysis of Android Security Apps
Weixian Yao, Yexuan Li, Weiye Lin, Tianhui Hu +3
2020-07-09
Cryptography and Security · Computer Science
Demystifying security and compatibility issues in Android Apps
Xiaoyu Sun
2023-02-16
Software Engineering · Computer Science
An Empirical Study on Android-related Vulnerabilities
Mario Linares-Vasquez, Gabriele Bavota, Camilo Escobar-Velasquez
2017-04-13
Cryptography and Security · Computer Science
Evaluation of Security Solutions for Android Systems
Asaf Shabtai, Dudu Mimran, Yuval Elovici
2015-02-18
Cryptography and Security · Computer Science
Characterizing JavaScript Security Code Smells
Vikas Kambhampati, Nehaz Hussain Mohammed, Amin Milani Fard
2024-12-02
Cryptography and Security · Computer Science
Open Source Android Vulnerability Detection Tools: A Survey
Keyur Kulkarni, Ahmad Y Javaid
2018-08-01
Cryptography and Security · Computer Science
How Do Mobile Applications Enhance Security? An Exploratory Analysis of Use Cases and Provided Information
Irdin Pekaric, Clemens Sauerwein, Simon Laichner, Ruth Breu
2025-04-22
Cryptography and Security · Computer Science
Security Evaluation of Android apps in budget African Mobile Devices
Alioune Diallo, Anta Diop, Abdoul Kader Kabore, Jordan Samhi +3
2025-09-24
Cryptography and Security · Computer Science
An Application Package Configuration Approach to Mitigating Android SSL Vulnerabilities
Vasant Tendulkar, William Enck
2014-10-29
Cryptography and Security · Computer Science
How Far are App Secrets from Being Stolen? A Case Study on Android
Lili Wei, Heqing Huang, Shing-Chi Cheung, Kevin Li
2025-01-15
Cryptography and Security · Computer Science
Vulnerability, Where Art Thou? An Investigation of Vulnerability Management in Android Smartphone Chipsets
Daniel Klischies, Philipp Mackensen, Veelasha Moonsamy
2024-12-10
Cryptography and Security · Computer Science
Brief View and Analysis to Latest Android Security Issues and Approaches
Ruicong Huang
2021-09-03
Cryptography and Security · Computer Science
Characterizing Sensor Leaks in Android Apps
Xiaoyu Sun, Xiao Chen, Kui Liu, Sheng Wen +2
2022-01-19
Cryptography and Security · Computer Science
Automatically Detecting Checked-In Secrets in Android Apps: How Far Are We?
Kevin Li, Lin Ling, Jinqiu Yang, Lili Wei
2025-11-11
Cryptography and Security · Computer Science
A Survey on the Detection of Android Malicious Apps
Sanjay K. Sahay, Ashu Sharma
2019-06-03
Cryptography and Security · Computer Science
Ghera: A Repository of Android App Vulnerability Benchmarks
Joydeep Mitra, Venkatesh-Prasad Ranganath
2017-11-09
Cryptography and Security · Computer Science
A Risk Estimation Study of Native Code Vulnerabilities in Android Applications
Silvia Lucia Sanna, Diego Soi, Davide Maiorca, Giorgio Fumera +1
2024-12-03
Cryptography and Security · Computer Science
Enter Sandbox: Android Sandbox Comparison
Sebastian Neuner, Victor van der Veen, Martina Lindorfer, Markus Huber +3
2014-10-29
Cryptography and Security · Computer Science
Signature Generation for Sensitive Information Leakage in Android Applications
Hiroki Kuzuno, Satoshi Tonami
2013-05-20