Permission issues in open-source android apps: An exploratory study

Gian Luca Scoccia; Anthony Peruma; Virginia Pujols; Ivano Malavolta; Daniel E. Krutz

doi:10.1109/SCAM.2019.00034

Permission issues in open-source android apps: An exploratory study

Gian Luca Scoccia, Anthony Peruma, Virginia Pujols, Ivano Malavolta, Daniel E. Krutz

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

Abstract

Permissions are one of the most fundamental components for protecting an Android user's privacy and security. Unfortunately, developers frequently misuse permissions by requiring too many or too few permissions, or by not adhering to permission best practices. These permission-related issues can negatively impact users in a variety of ways, ranging from creating a poor user experience to severe privacy and security implications. To advance the understanding permission-related issues during the app's development process, we conducted an empirical study of 574 GitHub repositories of open-source Android apps. We analyzed the occurrences of four types of permission-related issues across the lifetime of the apps. Our findings reveal that (i) permission-related issues are a frequent phenomenon in Android apps, (ii) the majority of issues are fixed within a few days after their introduction, (iii) permission-related issues can frequently linger inside an app for an extended period of time, which can be as high as several years, before being fixed, and (iv) both project newcomers and regular contributors exhibit the same behaviour in terms of number of introduced and fixed permission-related issues per commit.

Original language	English
Title of host publication	2019 19th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM)
Subtitle of host publication	Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	238-249
Number of pages	12
ISBN (Electronic)	9781728149370
DOIs	https://doi.org/10.1109/SCAM.2019.00034
Publication status	Published - 12 Dec 2019
Event	19th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2019 - Cleveland, United States Duration: 30 Sep 2019 → 1 Oct 2019

Conference

Conference	19th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2019
Country	United States
City	Cleveland
Period	30/09/19 → 1/10/19

Fingerprint

Keywords

Android
Mobile permissions
Mobile software engineering
Software repository mining

Cite this

Scoccia, G. L., Peruma, A., Pujols, V., Malavolta, I., & Krutz, D. E. (2019). Permission issues in open-source android apps: An exploratory study. In 2019 19th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM): Proceedings (pp. 238-249). [8930838] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SCAM.2019.00034

@inproceedings{3abb4ccc658c435bb8afcb99a34f7016,

title = "Permission issues in open-source android apps: An exploratory study",

abstract = "Permissions are one of the most fundamental components for protecting an Android user's privacy and security. Unfortunately, developers frequently misuse permissions by requiring too many or too few permissions, or by not adhering to permission best practices. These permission-related issues can negatively impact users in a variety of ways, ranging from creating a poor user experience to severe privacy and security implications. To advance the understanding permission-related issues during the app's development process, we conducted an empirical study of 574 GitHub repositories of open-source Android apps. We analyzed the occurrences of four types of permission-related issues across the lifetime of the apps. Our findings reveal that (i) permission-related issues are a frequent phenomenon in Android apps, (ii) the majority of issues are fixed within a few days after their introduction, (iii) permission-related issues can frequently linger inside an app for an extended period of time, which can be as high as several years, before being fixed, and (iv) both project newcomers and regular contributors exhibit the same behaviour in terms of number of introduced and fixed permission-related issues per commit.",

keywords = "Android, Mobile permissions, Mobile software engineering, Software repository mining",

author = "Scoccia, {Gian Luca} and Anthony Peruma and Virginia Pujols and Ivano Malavolta and Krutz, {Daniel E.}",

year = "2019",

month = "12",

day = "12",

doi = "10.1109/SCAM.2019.00034",

language = "English",

pages = "238--249",

booktitle = "2019 19th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM)",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

address = "United States",

}

Scoccia, GL, Peruma, A, Pujols, V, Malavolta, I & Krutz, DE 2019, Permission issues in open-source android apps: An exploratory study. in 2019 19th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM): Proceedings., 8930838, Institute of Electrical and Electronics Engineers Inc., pp. 238-249, 19th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2019, Cleveland, United States, 30/09/19. https://doi.org/10.1109/SCAM.2019.00034

Permission issues in open-source android apps : An exploratory study. / Scoccia, Gian Luca; Peruma, Anthony; Pujols, Virginia; Malavolta, Ivano; Krutz, Daniel E.

2019 19th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM): Proceedings. Institute of Electrical and Electronics Engineers Inc., 2019. p. 238-249 8930838.

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Permission issues in open-source android apps

T2 - An exploratory study

AU - Scoccia, Gian Luca

AU - Peruma, Anthony

AU - Pujols, Virginia

AU - Malavolta, Ivano

AU - Krutz, Daniel E.

PY - 2019/12/12

Y1 - 2019/12/12

N2 - Permissions are one of the most fundamental components for protecting an Android user's privacy and security. Unfortunately, developers frequently misuse permissions by requiring too many or too few permissions, or by not adhering to permission best practices. These permission-related issues can negatively impact users in a variety of ways, ranging from creating a poor user experience to severe privacy and security implications. To advance the understanding permission-related issues during the app's development process, we conducted an empirical study of 574 GitHub repositories of open-source Android apps. We analyzed the occurrences of four types of permission-related issues across the lifetime of the apps. Our findings reveal that (i) permission-related issues are a frequent phenomenon in Android apps, (ii) the majority of issues are fixed within a few days after their introduction, (iii) permission-related issues can frequently linger inside an app for an extended period of time, which can be as high as several years, before being fixed, and (iv) both project newcomers and regular contributors exhibit the same behaviour in terms of number of introduced and fixed permission-related issues per commit.

AB - Permissions are one of the most fundamental components for protecting an Android user's privacy and security. Unfortunately, developers frequently misuse permissions by requiring too many or too few permissions, or by not adhering to permission best practices. These permission-related issues can negatively impact users in a variety of ways, ranging from creating a poor user experience to severe privacy and security implications. To advance the understanding permission-related issues during the app's development process, we conducted an empirical study of 574 GitHub repositories of open-source Android apps. We analyzed the occurrences of four types of permission-related issues across the lifetime of the apps. Our findings reveal that (i) permission-related issues are a frequent phenomenon in Android apps, (ii) the majority of issues are fixed within a few days after their introduction, (iii) permission-related issues can frequently linger inside an app for an extended period of time, which can be as high as several years, before being fixed, and (iv) both project newcomers and regular contributors exhibit the same behaviour in terms of number of introduced and fixed permission-related issues per commit.

KW - Android

KW - Mobile permissions

KW - Mobile software engineering

KW - Software repository mining

UR - http://www.scopus.com/inward/record.url?scp=85077818622&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85077818622&partnerID=8YFLogxK

U2 - 10.1109/SCAM.2019.00034

DO - 10.1109/SCAM.2019.00034

M3 - Conference contribution

SP - 238

EP - 249

BT - 2019 19th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM)

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Access to Document

10.1109/SCAM.2019.00034