Data and Documentation
Open Data Policy
FAQ
EN
DE
FR
Suchbegriff
Advanced search
Publication
Back to overview
Security Code Smells in Android ICC
Type of publication
Peer-reviewed
Publikationsform
Original article (peer-reviewed)
Author
Gadient Pascal, Ghafari Mohammad, Frischknecht Patrick, Nierstrasz Oscar,
Project
Agile Software Assistance
Show all
Original article (peer-reviewed)
Journal
Empirical Software Engineering
Editor
, Lo David; , Zhao Jianjun; , De Roover Coen
Publisher
Springer US
Volume (Issue)
24
Page(s)
3046 - 3076
Title of proceedings
Empirical Software Engineering
DOI
10.1007/s10664-018-9673-y
Open Access
URL
https://link.springer.com/article/10.1007/s10664-018-9673-y
Type of Open Access
Publisher (Gold Open Access)
Abstract
Android Inter-Component Communication (ICC) is complex, largely unconstrained, and hard for developers to understand. As a consequence, ICC is a common source of security vulnerability in Android apps. To promote secure programming practices, we have reviewed related research, and identified avoidable ICC vulnerabilities in Android-run devices and the security code smells that indicate their presence. We explain the vulnerabilities and their corresponding smells, and we discuss how they can be eliminated or mitigated during development. We present a lightweight static analysis tool on top of Android Lint that analyzes the code under development and provides just-in-time feedback within the IDE about the presence of such smells in the code. Moreover, with the help of this tool we study the prevalence of security code smells in more than 700 open-source apps, and manually inspect around 15% of the apps to assess the extent to which identifying such smells uncovers ICC security vulnerabilities.
-