Do App Developers Follow the Android Official Data Security Guidelines? An Empirical Measurement on App Data Security.

Asia-Pacific Software Engineering Conference(2023)

引用 0|浏览0
The popularity of Android OS is largely credited to massive apps, and many app developers are involved in this ecosystem. On the other hand, various vulnerabilities are introduced into apps by developers carelessly, bringing security issues to users. To facilitate secure development and avoid common API misuses, Google provides a series of security guidelines and development practices for developers on the official developer community websites. However, the deployments of these guidelines in the wild have not been systematically evaluated. In this work, through large-scale app measurement (251,749 apps from 10 markets) and analysis, we investigated whether app developers follow the official Android security guidelines and the possible reasons behind it. In practice, we selected five guidelines related to app data security as representatives, covering: (1) secure file creation modes; (2) sensitive data storage; (3) validation check for file paths; (4) hardware ID usage; (5) custom permission protection. We also designed the corresponding detection strategies to check violations of the guidelines. The results show that most developers (> 90 %) can comply with Guidelines 1 and 2. However, some guidelines have not been followed properly. For Guidelines 3, 4, and 5, less than 60 % of developers followed the Google security suggestions.
Data Security,App Developers,Security Guidelines,Data Storage,Sensitive Data,Large-scale Measurements,File Path,Data Protection,Data Privacy,Tracking System,Level Of Protection,Serial Number,Access Control,Concrete Examples,Information Leakage,Static Analysis,Read Files,File Type,Official Documentation,External Storage,Database File,Stack Overflow,Android Apps,Third-party Libraries,Security Awareness,Detection Rules,Google Play
AI 理解论文
Chat Paper