To update or not to update: Insights From a two-year study of Android app evolutionReport as inadecuate




To update or not to update: Insights From a two-year study of Android app evolution - Download this document for free, or read online. Document in PDF available to download.

Reference: Taylor, VF and Martinovic, I, (2017). To update or not to update: Insights From a two-year study of Android app evolution. 2017 ACM on Asia Conference on Computer and Communications Security.Citable link to this page:

 

To update or not to update: Insights From a two-year study of Android app evolution

Abstract: Although there are over 1,900,000 third-party Android apps in the Google Play Store, little is understood about how their security and privacy characteristics, such as dangerous permission usage and the vulnerabilities they contain, have evolved over time. Our research is two-fold: we take quarterly snapshots of the Google Play Store over a two-year period to understand how permission usage by apps has changed; and we analyse 30,000 apps to understand how their security and privacy characteristics have changed over the same two-year period. Extrapolating our findings, we estimate that over 35,000 apps in the Google Play Store ask for additional dangerous permissions every three months. Our statistically significant observations suggest that free apps and popular apps are more likely to ask for additional dangerous permissions when they are updated. Worryingly, we discover that Android apps are not getting safer as they are updated. In many cases, app updates serve to increase the number of distinct vulnerabilities contained within apps, especially for popular apps. We conclude with recommendations to stakeholders for improving the security of the Android ecosystem.

Publication status:PublishedPeer Review status:Peer reviewedVersion:Accepted manuscriptDate of acceptance:2017-01-25Notes:© 2017 Copyright held by the owner/author(s). Publication rights licensed to ACM.

Bibliographic Details

Publisher: Association for Computing Machinery

Publisher Website: http://www.acm.org/

Host: 2017 ACM on Asia Conference on Computer and Communications Securitysee more from them

Publication Website: http://asiaccs2017.com/

Issue Date: 2017-04Identifiers

Doi: https://doi.org/10.1145/3052973.3052990

Uuid: uuid:07a33980-017d-4f5b-b246-95bf16a80b07

Urn: uri:07a33980-017d-4f5b-b246-95bf16a80b07

Pubs-id: pubs:697656 Item Description

Type: conference-proceeding;

Version: Accepted manuscript

Relationships





Author: Taylor, VF - Oxford, MPLS, Computer Science fundingUniversity of Oxford grantNumberRhodes Scholarship fundingEngineering and Phys

Source: https://ora.ox.ac.uk/objects/uuid:07a33980-017d-4f5b-b246-95bf16a80b07



DOWNLOAD PDF




Related documents