Understanding the Responsiveness of Mobile App Developers to Software Library Updates

Yasumatsu, Tatsuhiko; Watanabe, Takahiro; Kanei, Fumihiro; Shioji, Eitaro; Akiyama, Mitoshi; Mori, Tatsuya

doi:10.1145/3292006.3300020

Cited by 11 publications

(16 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Disadvantages of m-library applications are that they require periodic preservation, including updates, fixing bugs and errors, and improving security and privacy (Aisyiyah, 2019;Mishra et al, 2017;H. Wang et al, 2019;Yasumatsu et al, 2019). Furthermore, sometimes users experience technical issues with any application that can disrupt their ease of use, such as an unstable internet connection.…”

Section: Discussionmentioning

confidence: 99%

Mobile Library Application in Indonesia’s Digital Libraries

Dinazzah

Rahmi

2022

J. Educ. Technol.

View full text Add to dashboard Cite

Increasing mobile device usage in the 21st century, coupled with the COVID-19 pandemic, continue to change various sectors, including libraries. A library is a place to find information, both in-person and online. Ideally, a library should develop and improve each year to ensure optimal service provision to its users. The development of mobile phone applications is a trend that has revolutionized how consumers access information in a variety of sectors, including libraries. This study aims to analyse the development of mobile library applications (m-library apps) in digital libraries in Indonesia, using a descriptive and qualitative methodology. Each m-library application’s existence was verified using the attached link or the search feature on the Google Play Store. The results are described descriptively with a focus on the analysis of applications used by m-libraries. The results indicate that Indonesia’s digital libraries are currently showing progress, marked by libraries in Indonesia that have started using m-library applications in their digital libraries. The most widely used applications by digital libraries in Indonesia typically used third party vendors to develop their applications, such as Kubuku Resources, PT, Enam Kubuku Indonesia, Gramedia Asri Media and Bina Pustaka. Our results also highlight a need for continuous improvement in m-library applications, in terms of adding both internal (e.g., preservation and security) and external (e.g., user training and promotional factors) features.

show abstract

Section: Discussionmentioning

confidence: 99%

Mobile Library Application in Indonesia’s Digital Libraries

Dinazzah

Rahmi

2022

J. Educ. Technol.

View full text Add to dashboard Cite

show abstract

“…As far as we know, only Google provides a service named App Security Improvement (ASI) program that provides tips to help app developers of Google Play to improve the security of their apps. Previous research [6] reported that vulnerabilities fisted on ASI program could draw more attention from developers. However, the vulnerabilities reported by ASI program are limited due to the lack of a comprehensive vulnerability database and such a vulnerable TPL detection tool, like ATVHunter.…”

Section: Rq3: Obfuscation-resilient Capabilitymentioning

confidence: 99%

“…Vulnerable TPL/App Identification. Yasumatsu et al[6] and Java libraries. It extracts the fuzzy method signature as the library feature and function centroid[33] as the version feature to identify TPL-Vs.…”

mentioning

confidence: 99%

ATVHunter: Reliable Version Detection of Third-Party Libraries for Vulnerability Identification in Android Applications

Zhan

Fan

Chen

et al. 2021

2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE)

View full text Add to dashboard Cite

Third-party libraries (TPLs) as essential parts in the mobile ecosystem have become one of the most significant contributors to the huge success of Android, which facilitate the fast development of Android applications. Detecting TPLs in Android apps is also important for downstream tasks, such as malware and repackaged apps identification. To identify inapp TPLs, we need to solve several challenges, such as TPL dependency, code obfuscation, precise version representation. Unfortunately, existing TPL detection tools have been proved that they have not solved these challenges very well, let alone specify die exact TPL versions.To this end, we propose a system, named ATVHunter, which can pinpoint the precise vulnerable in-app TPL versions and provide detailed information about the vulnerabilities and TPLs. We propose a two-phase detection approach to identify specific TPL versions. Specifically, we extract the Control Flow Graphs as the coarse-grained feature to match potential TPLs in the predefined TPL database, and then extract opcode in each basic block of CFG as the fine-grained feature to identify the exact TPL versions. We build a comprehensive TPL database (189,545 unique TPLs with 3,006,676 versions) as the reference database. Meanwhile, to identify the vulnerable in-app TPL versions, we also construct a comprehensive and known vulnerable TPL database containing 1,180 CVEs and 224 security bugs. Experimental results show ATVHunter outperforms state-of-the-art TPL detection tools, achieving 90.55% precision and 88.79% recall with high efficiency, and is also resilient to widely-used obfuscation techniques and scalable for large-scale TPL detection. Furthermore, to investigate the ecosystem of the vulnerable TPLs used by apps, we exploit ATVHunter to conduct a largescale analysis on 104,446 apps and find that 9,050 apps include vulnerable TPL versions with 53,337 vulnerabilities and 7,480 security bugs, most of which are with high risks and are not recognized by app developers. I. I n t r o d u c t io n Nowadays, over 3 million Android applications (apps) are available in the official Google Play Store [1]. One reason contributing to the huge success of Android could be the massive presence of third-party libraries (TPLs) that provide reusable functionalities that can be leveraged by developers to facilitate the development of Android apps (to avoid reinventing the wheels). However, extensive TPL usage attracts attackers to exploit the vulnerabilities or inject backdoors in the popular TPLs, which poses severe security threats to app users [2-4]. Previous research [5, 6] pointed out that many apps contain vulnerable TPLs, and some of them have been reported with severe vulnerabilities (e.g., Facebook SDK) that can be exploited by adversaries [7, 8]. Attackers can exploit the vulnerabilities in some Ad libraries (e.g., Airpush [9], MoPub [10]) to get privacy-sensitive information from the infected devices [11]. Even worse, various TPLs are scattered in different apps but the information of TPL components in a...

show abstract

“…Next, we generate features and create a family tree with multiple versions of the benign application B, and we examine what information is reflected in the family tree. The benign applications used in this evaluation were obtained from the Google Play Store retroactively from the latest version, referring to the method proposed by Yasumatsu et al [22].…”

Section: Benign Appsmentioning

confidence: 99%

Auto-creation of Robust Android Malware Family Trees

Nomura

Chiba²,

Akiyama³

et al. 2021

Journal of Information Processing

Self Cite

View full text Add to dashboard Cite

Malware targeting Android OS has been increasing for years and Android malware cyberattacks in particular are growing in number. To provide effective countermeasures against Android malware, we need to not only detect the malware at a certain point in time but also analyze the time-series changes in the malware, given that the family of Android malware will increase in number over time. In this paper, we propose a new method for automatically creating a "family tree" of Android malware that can represent how the newly detected Android malware relates to existing Android malware and its families and how they have changed over time. Our evaluation based on two actual Android malware datasets shows that our proposed family tree can accurately represent time-series changes between malware families.

show abstract

Understanding the Responsiveness of Mobile App Developers to Software Library Updates

Cited by 11 publications

References 20 publications

Mobile Library Application in Indonesia’s Digital Libraries

Mobile Library Application in Indonesia’s Digital Libraries

ATVHunter: Reliable Version Detection of Third-Party Libraries for Vulnerability Identification in Android Applications

Auto-creation of Robust Android Malware Family Trees

Contact Info

Product

Resources

About