@inproceedings{3ed7edcdb3c8416c854a9e2e7e3ad113,
title = "Understanding the origins of mobile app vulnerabilities: A large-scale measurement study of free and paid apps",
abstract = "This paper reports a large-scale study that aims to understand how mobile application (app) vulnerabilities are associated with software libraries. We analyze both free and paid apps. Studying paid apps was quite meaningful because it helped us understand how differences in app development/maintenance affect the vulnerabilities associated with libraries. We analyzed 30k free and paid apps collected from the official Android marketplace. Our extensive analyses revealed that approximately 70%/50% of vulnerabilities of free/paid apps stem from software libraries, particularly from third-party libraries. Somewhat paradoxically, we found that more expensive/popular paid apps tend to have more vulnerabilities. This comes from the fact that more expensive/popular paid apps tend to have more functionality, i.e., more code and libraries, which increases the probability of vulnerabilities. Based on our findings, we provide suggestions to stakeholders of mobile app distribution ecosystems.",
keywords = "Mobile App, Software Library, Vulnerability",
author = "Takuya Watanabe and Mitsuaki Akiyama and Fumihiro Kanei and Eitaro Shioji and Yuta Takata and Bo Sun and Yuta Ishi and Toshiki Shibahara and Takeshi Yagi and Tatsuya Mori",
note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 14th IEEE/ACM International Conference on Mining Software Repositories, MSR 2017 ; Conference date: 20-05-2017 Through 21-05-2017",
year = "2017",
month = jun,
day = "29",
doi = "10.1109/MSR.2017.23",
language = "English",
series = "IEEE International Working Conference on Mining Software Repositories",
publisher = "IEEE Computer Society",
pages = "14--24",
booktitle = "Proceedings - 2017 IEEE/ACM 14th International Conference on Mining Software Repositories, MSR 2017",
}