A Developer-Centric Study Exploring Mobile Application Security Practices and Challenges

• URL: http://arxiv.org/abs/2408.09032v1
• Date: Fri, 16 Aug 2024 22:03:06 GMT
• Title: A Developer-Centric Study Exploring Mobile Application Security Practices and Challenges
• Authors: Anthony Peruma, Timothy Huo, Ana Catarina Araújo, Jake Imanaka, Rick Kazman,
• Abstract summary: This study explores the common practices and challenges that developers face in securing their apps. Our findings show that developers place high importance on security, frequently implementing features such as authentication and secure storage. We envision our findings leading to improved security practices, better-designed tools and resources, and more effective training programs.
• Score: 10.342268145364242
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Mobile applications (apps) have become an essential part of everyday life, offering convenient access to services such as banking, healthcare, and shopping. With these apps handling sensitive personal and financial data, ensuring their security is paramount. While previous research has explored mobile app developer practices, there is limited knowledge about the common practices and challenges that developers face in securing their apps. Our study addresses this need through a global survey of 137 experienced mobile app developers, providing a developer-centric view of mobile app security. Our findings show that developers place high importance on security, frequently implementing features such as authentication and secure storage. They face challenges with managing vulnerabilities, permissions, and privacy concerns, and often rely on resources like Stack Overflow for help. Many developers find that existing learning materials do not adequately prepare them to build secure apps and provide recommendations, such as following best practices and integrating security at the beginning of the development process. We envision our findings leading to improved security practices, better-designed tools and resources, and more effective training programs.

Related papers

• Foundations and Recent Trends in Multimodal Mobile Agents: A Survey [57.677161006710065]
  Mobile agents are essential for automating tasks in complex and dynamic mobile environments. Recent advancements enhance real-time adaptability and multimodal interaction. We categorize these advancements into two main approaches: prompt-based methods and training-based methods.
  arXiv  Detail & Related papers  (2024-11-04T11:50:58Z)
• MobileSafetyBench: Evaluating Safety of Autonomous Agents in Mobile Device Control [20.796190000442053]
  We introduce MobileSafetyBench, a benchmark designed to evaluate the safety of device-control agents. We develop a diverse set of tasks involving interactions with various mobile applications, including messaging and banking applications. Our experiments demonstrate that while baseline agents, based on state-of-the-art LLMs, perform well in executing helpful tasks, they show poor performance in safety tasks.
  arXiv  Detail & Related papers  (2024-10-23T02:51:43Z)
• Mobile App Security Trends and Topics: An Examination of Questions From Stack Overflow [10.342268145364242]
  We mine Stack Overflow for questions on mobile app security, which we analyze using quantitative and qualitative techniques. The findings reveal that Stack Overflow is a major resource for developers seeking help with mobile app security, especially for Android apps. Insights from this research can inform the development of tools, techniques, and resources by the research and vendor community.
  arXiv  Detail & Related papers  (2024-09-12T10:45:45Z)
• Safety through Permissibility: Shield Construction for Fast and Safe Reinforcement Learning [57.84059344739159]
  "Shielding" is a popular technique to enforce safety inReinforcement Learning (RL) We propose a new permissibility-based framework to deal with safety and shield construction.
  arXiv  Detail & Related papers  (2024-05-29T18:00:21Z)
• A Survey of Third-Party Library Security Research in Application Software [3.280510821619164]
  With the widespread use of third-party libraries, associated security risks and potential vulnerabilities are increasingly apparent. Malicious attackers can exploit these vulnerabilities to infiltrate systems, execute unauthorized operations, or steal sensitive information. Research on third-party libraries in software becomes paramount to address this growing security challenge.
  arXiv  Detail & Related papers  (2024-04-27T16:35:02Z)
• SAFER: Data-Efficient and Safe Reinforcement Learning via Skill Acquisition [59.94644674087599]
  We propose SAFEty skill pRiors (SAFER), an algorithm that accelerates policy learning on complex control tasks under safety constraints. Through principled training on an offline dataset, SAFER learns to extract safe primitive skills. In the inference stage, policies trained with SAFER learn to compose safe skills into successful policies.
  arXiv  Detail & Related papers  (2022-02-10T05:43:41Z)
• Learning Barrier Certificates: Towards Safe Reinforcement Learning with Zero Training-time Violations [64.39401322671803]
  This paper explores the possibility of safe RL algorithms with zero training-time safety violations. We propose an algorithm, Co-trained Barrier Certificate for Safe RL (CRABS), which iteratively learns barrier certificates, dynamics models, and policies.
  arXiv  Detail & Related papers  (2021-08-04T04:59:05Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)
• An Empirical Study on Developing Secure Mobile Health Apps: The Developers Perspective [0.0]
  MHealth apps (mHealth apps for short) are becoming integral part of mobile and pervasive computing to improve the availability and quality of healthcare services. Despite the offered benefits, mHealth apps face a critical challenge, i.e., security of health critical data that is produced and consumed by the app. Several studies have revealed that security specific issues of mHealth apps have not been adequately addressed.
  arXiv  Detail & Related papers  (2020-08-07T08:23:21Z)
• Safe Reinforcement Learning via Curriculum Induction [94.67835258431202]
  In safety-critical applications, autonomous agents may need to learn in an environment where mistakes can be very costly. Existing safe reinforcement learning methods make an agent rely on priors that let it avoid dangerous situations. This paper presents an alternative approach inspired by human teaching, where an agent learns under the supervision of an automatic instructor.
  arXiv  Detail & Related papers  (2020-06-22T10:48:17Z)
• SeMA: Extending and Analyzing Storyboards to Develop Secure Android Apps [0.0]
  SeMA is a mobile app development methodology that builds on existing mobile app design artifacts such as storyboards. An evaluation of the effectiveness of SeMA shows the methodology can detect and help prevent 49 vulnerabilities known to occur in Android apps.
  arXiv  Detail & Related papers  (2020-01-27T20:10:52Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.