Time Series Analysis of Copy-and-Paste Impact on Android Application Security.

Application developers consider open discussion forum on software development such as question and answer (Qu0026A) forums to be very important. There are cases where snippets which is partial source code on such forum contains vulnerabilities, and application developers divert snippets without knowing it. Previous works were focused on security-related codes such as TLS connection, and not on actual vulnerable codes that are used widely. Thus, a time series investigation on the spread of such codes has not been conducted. In this paper, a method that enables the time series analysis of copyu0026paste is proposed. By determining the copyu0026paste of snippets and applications, we can investigate the context in time series using time information such as the respective publication dates and time, and clarify how many cases are not copyu0026paste. Evaluation of the proposed method is achieved using large-scale data which includes 527,249 snippets and 249,987 applications. The result shows that the appearance rate of applications having the same code as the snippet has increased after the release of the snippet. Furthermore, experiments on extracting vulnerable snippets from all snippets show that vulnerable snippets often have a greater impact than the overall snippet trend.