Understanding the Relationship between Quality and Security: A Large-Scale Analysis of Android Applications

Abstract

Android applications (apps) are not immune to the problems which also plague conventional software including security vulnerabilities, quality defects, permission misuse, and numerous other issues. Many developers even intentionally create vulnerable or malicious apps (malware) for often highly lucrative purposes. We need to better understand current trends in app quality and security to create higher quality software, and more effectively battle malware. To gather this critical information, we collected and reverse engineered 70,785 Android apps from the Google Play store, along with 1,420 malicious apps from other sources. Each app was analyzed using several static analysis tools to record a variety of information about each of them including requested permissions, size (LOC), possible defects and permission misuse. Our findings conclude that: 1) app categories substantially differ in terms of permissions misuse; 2) at an aggregate level, there is no significant correlation between an app’s quality and security; 3) that malware typically requests more permissions and suffers from several quality-related metrics in comparison to benign apps; 4) that malware and benign apps are growing annually both in terms of LOC and requested permissions. We also present an easy to use, robust dataset for the community to replicate or extend this study.

Publication
Proceedings of the 1st International Workshop on Security Awareness from Design to Deployment
Anthony S. Peruma
Anthony S. Peruma
Assistant Professor

My research interests include program comprehension and software refactoring.