English

Security Smells Pervade Mobile App Servers

Cryptography and Security 2021-08-17 v1

Abstract

[Background] Web communication is universal in cyberspace, and security risks in this domain are devastating. [Aims] We analyzed the prevalence of six security smells in mobile app servers, and we investigated the consequence of these smells from a security perspective. [Method] We used an existing dataset that includes 9714 distinct URLs used in 3376 Android mobile apps. We exercised these URLs twice within 14 months and investigated the HTTP headers and bodies. [Results] We found that more than 69% of tested apps suffer from three kinds of security smells, and that unprotected communication and misconfigurations are very common in servers. Moreover, source-code and version leaks, or the lack of update policies expose app servers to security risks. [Conclusions] Poor app server maintenance greatly hampers security.

Keywords

Cite

@article{arxiv.2108.07188,
  title  = {Security Smells Pervade Mobile App Servers},
  author = {Pascal Gadient and Marc-Andrea Tarnutzer and Oscar Nierstrasz and Mohammad Ghafari},
  journal= {arXiv preprint arXiv:2108.07188},
  year   = {2021}
}

Comments

ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM 2021)

R2 v1 2026-06-24T05:09:29.806Z