On the Evolution of Security Issues in Android App Versions

Abstract

Since its launch in 2008, the Android platform has seen a lot of development and improvements to this day. Android developer studios had to refine their understanding and available codebases considerably in the past decade since Android’s conception. For example, they had to handle monumental changes in the OS, like the introduction of ART or the continually evolving permission system. With this study, we look into the code-base of 1,250 apps from 57 different development studios and analyze the evolution of security-related issues in past versions of an app. To analyze a total of 11,002 APKs, we build on popular vulnerability assessment tools like QARK and drozer and extend them with our own security checks. We discover that the attack surface of an app usually grows over time, including issues that are open for a long time or remain unclosed. Considering the false positive rate of automated vulnerability scanners like QARK or drozer, the total number of vulnerabilities in an app must be taken with care, but nevertheless our study substantiates that the number of security issues typically grows with code complexity and size, rather than shrinking over time.

Mehr zum Titel

Titel	On the Evolution of Security Issues in Android App Versions
Medien	ACNS 2020: Applied Cryptography and Network Security Workshops in Lecture Notes in Computer Science
Verlag	Springer Cham
Band	12418
ISBN	978-3-030-61637-3
Verfasser	Anatoli Kalysch, Joschua Schilling, Prof. Dr. Tilo Müller
Seiten	S. 523-541
Veröffentlichungsdatum	14.10.2020
Zitation	Kalysch, Anatoli; Schilling, Joschua; Müller, Tilo (2020): On the Evolution of Security Issues in Android App Versions. ACNS 2020: Applied Cryptography and Network Security Workshops in Lecture Notes in Computer Science 12418, S. 523-541.