Permission issues in open-source android apps: An exploratory study

Gian Luca Scoccia, Anthony Peruma, Virginia Pujols, Ivano Malavolta, Daniel E. Krutz

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Permissions are one of the most fundamental components for protecting an Android user's privacy and security. Unfortunately, developers frequently misuse permissions by requiring too many or too few permissions, or by not adhering to permission best practices. These permission-related issues can negatively impact users in a variety of ways, ranging from creating a poor user experience to severe privacy and security implications. To advance the understanding permission-related issues during the app's development process, we conducted an empirical study of 574 GitHub repositories of open-source Android apps. We analyzed the occurrences of four types of permission-related issues across the lifetime of the apps. Our findings reveal that (i) permission-related issues are a frequent phenomenon in Android apps, (ii) the majority of issues are fixed within a few days after their introduction, (iii) permission-related issues can frequently linger inside an app for an extended period of time, which can be as high as several years, before being fixed, and (iv) both project newcomers and regular contributors exhibit the same behaviour in terms of number of introduced and fixed permission-related issues per commit.

Original languageEnglish
Title of host publication2019 19th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM)
Subtitle of host publicationProceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages238-249
Number of pages12
ISBN (Electronic)9781728149370
DOIs
Publication statusPublished - 12 Dec 2019
Event19th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2019 - Cleveland, United States
Duration: 30 Sep 20191 Oct 2019

Conference

Conference19th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2019
CountryUnited States
CityCleveland
Period30/09/191/10/19

    Fingerprint

Keywords

  • Android
  • Mobile permissions
  • Mobile software engineering
  • Software repository mining

Cite this

Scoccia, G. L., Peruma, A., Pujols, V., Malavolta, I., & Krutz, D. E. (2019). Permission issues in open-source android apps: An exploratory study. In 2019 19th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM): Proceedings (pp. 238-249). [8930838] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SCAM.2019.00034