Permission issues in open-source android apps: An exploratory study

Gian Luca Scoccia; Anthony Peruma; Virginia Pujols; Ivano Malavolta; Daniel E. Krutz

doi:10.1109/SCAM.2019.00034

Permission issues in open-source android apps: An exploratory study

Gian Luca Scoccia, Anthony Peruma, Virginia Pujols, Ivano Malavolta, Daniel E. Krutz

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

103 Downloads (Pure)

Abstract

Permissions are one of the most fundamental components for protecting an Android user's privacy and security. Unfortunately, developers frequently misuse permissions by requiring too many or too few permissions, or by not adhering to permission best practices. These permission-related issues can negatively impact users in a variety of ways, ranging from creating a poor user experience to severe privacy and security implications. To advance the understanding permission-related issues during the app's development process, we conducted an empirical study of 574 GitHub repositories of open-source Android apps. We analyzed the occurrences of four types of permission-related issues across the lifetime of the apps. Our findings reveal that (i) permission-related issues are a frequent phenomenon in Android apps, (ii) the majority of issues are fixed within a few days after their introduction, (iii) permission-related issues can frequently linger inside an app for an extended period of time, which can be as high as several years, before being fixed, and (iv) both project newcomers and regular contributors exhibit the same behaviour in terms of number of introduced and fixed permission-related issues per commit.

Original language	English
Title of host publication	2019 19th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM)
Subtitle of host publication	[Proceedings]
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	238-249
Number of pages	12
ISBN (Electronic)	9781728149370
ISBN (Print)	9781728149387
DOIs	https://doi.org/10.1109/SCAM.2019.00034
Publication status	Published - 2019
Event	19th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2019 - Cleveland, United States Duration: 30 Sept 2019 → 1 Oct 2019

Conference

Conference	19th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2019
Country/Territory	United States
City	Cleveland
Period	30/09/19 → 1/10/19

Keywords

Android
Mobile permissions
Mobile software engineering
Software repository mining

Access to Document

10.1109/SCAM.2019.00034

Permission issues in open-source android appsFinal published version, 382 KBLicence: Article 25fa Dutch Copyright Act

Persistent URL (handle)

Persistent link

Cite this

Scoccia, G. L., Peruma, A., Pujols, V., Malavolta, I., & Krutz, D. E. (2019). Permission issues in open-source android apps: An exploratory study. In 2019 19th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM): [Proceedings] (pp. 238-249). Article 8930838 Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SCAM.2019.00034

@inproceedings{3abb4ccc658c435bb8afcb99a34f7016,

title = "Permission issues in open-source android apps: An exploratory study",

abstract = "Permissions are one of the most fundamental components for protecting an Android user's privacy and security. Unfortunately, developers frequently misuse permissions by requiring too many or too few permissions, or by not adhering to permission best practices. These permission-related issues can negatively impact users in a variety of ways, ranging from creating a poor user experience to severe privacy and security implications. To advance the understanding permission-related issues during the app's development process, we conducted an empirical study of 574 GitHub repositories of open-source Android apps. We analyzed the occurrences of four types of permission-related issues across the lifetime of the apps. Our findings reveal that (i) permission-related issues are a frequent phenomenon in Android apps, (ii) the majority of issues are fixed within a few days after their introduction, (iii) permission-related issues can frequently linger inside an app for an extended period of time, which can be as high as several years, before being fixed, and (iv) both project newcomers and regular contributors exhibit the same behaviour in terms of number of introduced and fixed permission-related issues per commit.",

keywords = "Android, Mobile permissions, Mobile software engineering, Software repository mining",

author = "Scoccia, {Gian Luca} and Anthony Peruma and Virginia Pujols and Ivano Malavolta and Krutz, {Daniel E.}",

year = "2019",

doi = "10.1109/SCAM.2019.00034",

language = "English",

isbn = "9781728149387",

pages = "238--249",

booktitle = "2019 19th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM)",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

address = "United States",

note = "19th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2019 ; Conference date: 30-09-2019 Through 01-10-2019",

}

Scoccia, GL, Peruma, A, Pujols, V, Malavolta, I & Krutz, DE 2019, Permission issues in open-source android apps: An exploratory study. in 2019 19th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM): [Proceedings]., 8930838, Institute of Electrical and Electronics Engineers Inc., pp. 238-249, 19th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2019, Cleveland, United States, 30/09/19. https://doi.org/10.1109/SCAM.2019.00034

Permission issues in open-source android apps: An exploratory study. / Scoccia, Gian Luca; Peruma, Anthony; Pujols, Virginia et al.
2019 19th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM): [Proceedings]. Institute of Electrical and Electronics Engineers Inc., 2019. p. 238-249 8930838.

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Permission issues in open-source android apps: An exploratory study

AU - Scoccia, Gian Luca

AU - Peruma, Anthony

AU - Pujols, Virginia

AU - Malavolta, Ivano

AU - Krutz, Daniel E.

PY - 2019

Y1 - 2019

N2 - Permissions are one of the most fundamental components for protecting an Android user's privacy and security. Unfortunately, developers frequently misuse permissions by requiring too many or too few permissions, or by not adhering to permission best practices. These permission-related issues can negatively impact users in a variety of ways, ranging from creating a poor user experience to severe privacy and security implications. To advance the understanding permission-related issues during the app's development process, we conducted an empirical study of 574 GitHub repositories of open-source Android apps. We analyzed the occurrences of four types of permission-related issues across the lifetime of the apps. Our findings reveal that (i) permission-related issues are a frequent phenomenon in Android apps, (ii) the majority of issues are fixed within a few days after their introduction, (iii) permission-related issues can frequently linger inside an app for an extended period of time, which can be as high as several years, before being fixed, and (iv) both project newcomers and regular contributors exhibit the same behaviour in terms of number of introduced and fixed permission-related issues per commit.

AB - Permissions are one of the most fundamental components for protecting an Android user's privacy and security. Unfortunately, developers frequently misuse permissions by requiring too many or too few permissions, or by not adhering to permission best practices. These permission-related issues can negatively impact users in a variety of ways, ranging from creating a poor user experience to severe privacy and security implications. To advance the understanding permission-related issues during the app's development process, we conducted an empirical study of 574 GitHub repositories of open-source Android apps. We analyzed the occurrences of four types of permission-related issues across the lifetime of the apps. Our findings reveal that (i) permission-related issues are a frequent phenomenon in Android apps, (ii) the majority of issues are fixed within a few days after their introduction, (iii) permission-related issues can frequently linger inside an app for an extended period of time, which can be as high as several years, before being fixed, and (iv) both project newcomers and regular contributors exhibit the same behaviour in terms of number of introduced and fixed permission-related issues per commit.

KW - Android

KW - Mobile permissions

KW - Mobile software engineering

KW - Software repository mining

UR - http://www.scopus.com/inward/record.url?scp=85077818622&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85077818622&partnerID=8YFLogxK

U2 - 10.1109/SCAM.2019.00034

DO - 10.1109/SCAM.2019.00034

M3 - Conference contribution

SN - 9781728149387

SP - 238

EP - 249

BT - 2019 19th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM)

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 19th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2019

Y2 - 30 September 2019 through 1 October 2019

ER -

Permission issues in open-source android apps: An exploratory study

Abstract

Conference

Keywords

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this