Abstract
Permissions are one of the most fundamental components for protecting an Android user's privacy and security. Unfortunately, developers frequently misuse permissions by requiring too many or too few permissions, or by not adhering to permission best practices. These permission-related issues can negatively impact users in a variety of ways, ranging from creating a poor user experience to severe privacy and security implications. To advance the understanding permission-related issues during the app's development process, we conducted an empirical study of 574 GitHub repositories of open-source Android apps. We analyzed the occurrences of four types of permission-related issues across the lifetime of the apps. Our findings reveal that (i) permission-related issues are a frequent phenomenon in Android apps, (ii) the majority of issues are fixed within a few days after their introduction, (iii) permission-related issues can frequently linger inside an app for an extended period of time, which can be as high as several years, before being fixed, and (iv) both project newcomers and regular contributors exhibit the same behaviour in terms of number of introduced and fixed permission-related issues per commit.
Original language | English |
---|---|
Title of host publication | 2019 19th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM) |
Subtitle of host publication | Proceedings |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 238-249 |
Number of pages | 12 |
ISBN (Electronic) | 9781728149370 |
DOIs | |
Publication status | Published - 12 Dec 2019 |
Event | 19th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2019 - Cleveland, United States Duration: 30 Sep 2019 → 1 Oct 2019 |
Conference
Conference | 19th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2019 |
---|---|
Country/Territory | United States |
City | Cleveland |
Period | 30/09/19 → 1/10/19 |
Keywords
- Android
- Mobile permissions
- Mobile software engineering
- Software repository mining