Security code smells in Android ICC

被引:0
|
作者
Pascal Gadient
Mohammad Ghafari
Patrick Frischknecht
Oscar Nierstrasz
机构
[1] University of Bern,Software Composition Group
来源
Empirical Software Engineering | 2019年 / 24卷
关键词
Security code smells; Vulnerability; Static analysis; Android;
D O I
暂无
中图分类号
学科分类号
摘要
Android Inter-Component Communication (ICC) is complex, largely unconstrained, and hard for developers to understand. As a consequence, ICC is a common source of security vulnerabilities in Android apps. To promote secure programming practices, we have reviewed related research, and identified avoidable ICC vulnerabilities in Android-run devices and the security code smells that indicate their presence. We explain the vulnerabilities and their corresponding smells, and we discuss how they can be eliminated or mitigated during development. We present a lightweight static analysis tool on top of Android Lint that analyzes the code under development and provides just-in-time feedback within the IDE about the presence of such smells in the code. Moreover, with the help of this tool we study the prevalence of security code smells in more than 700 open-source apps, and manually inspect around 15% of the apps to assess the extent to which identifying such smells uncovers ICC security vulnerabilities.
引用
收藏
页码:3046 / 3076
页数:30
相关论文
共 50 条
  • [11] An empirical study of Android behavioural code smells detection
    Dimitri Prestat
    Naouel Moha
    Roger Villemaire
    [J]. Empirical Software Engineering, 2022, 27
  • [12] Detectors for Intent ICC Security Vulnerability with Android IDE
    Meng, Xianyong
    Qian, Kai
    Lo, Dan
    Bhattachrya, Prabir
    [J]. 2018 TENTH INTERNATIONAL CONFERENCE ON UBIQUITOUS AND FUTURE NETWORKS (ICUFN 2018), 2018, : 355 - 357
  • [13] Exploiting the Progress of OO Refactoring Tools with Android Code Smells
    Gattal, Abderraouf
    Hammache, Abir
    Bousbia, Nabila
    Henniche, Adel Nassim
    [J]. 36TH ANNUAL ACM SYMPOSIUM ON APPLIED COMPUTING, SAC 2021, 2021, : 1580 - 1583
  • [14] An empirical catalog of code smells for the presentation layer of Android apps
    Suelen Goularte Carvalho
    Maurício Aniche
    Júlio Veríssimo
    Rafael S. Durelli
    Marco Aurélio Gerosa
    [J]. Empirical Software Engineering, 2019, 24 : 3546 - 3586
  • [15] An empirical catalog of code smells for the presentation layer of Android apps
    Carvalho, Suelen Goularte
    Aniche, Mauricio
    Verissimo, Julio
    Durelli, Rafael S.
    Gerosa, Marco Aurelio
    [J]. EMPIRICAL SOFTWARE ENGINEERING, 2019, 24 (06) : 3546 - 3586
  • [16] The Seven Sins: Security Smells in Infrastructure as Code Scripts
    Rahman, Akond
    Parnin, Chris
    Williams, Laurie
    [J]. 2019 IEEE/ACM 41ST INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2019), 2019, : 164 - 175
  • [17] Security Code Smells in Apps: Are We Getting Better?
    Arzt, Steven
    [J]. PROCEEDINGS OF THE 30TH ACM JOINT MEETING EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, ESEC/FSE 2022, 2022, : 245 - 255
  • [18] Lightweight Detection of Android-Specific Code Smells: The aDoctor Project
    Palomba, Fabio
    Di Nucci, Dario
    Panichella, Annibale
    Zaidman, Andy
    De Lucia, Andrea
    [J]. 2017 IEEE 24TH INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION, AND REENGINEERING (SANER), 2017, : 487 - 491
  • [19] Code smells analysis for android applications and a solution for less battery consumption
    Gupta, Aakanshi
    Suri, Bharti
    Sharma, Deepanshu
    Misra, Sanjay
    Fernandez-Sanz, Luis
    [J]. SCIENTIFIC REPORTS, 2024, 14 (01):
  • [20] An Empirical Study on Code Smells Co-occurrences in Android Applications
    Hamdi, Oumayma
    Ouni, Ali
    AlOmar, Eman Abdullah
    Mkaouer, Mohamed Wiem
    [J]. 2021 36TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING WORKSHOPS (ASEW 2021), 2021, : 26 - 33
12345