
A Study on the Vulnerabilities of Mobiles Apps Associated with Software Modules - r721
https://arxiv.org/abs/1702.03112
======
r721
Abstract for the lazy:

"This paper reports a large-scale study that aims to understand how mobile
application (app) vulnerabilities are associated with software libraries. We
analyze both free and paid apps. Studying paid apps was quite meaningful
because it helped us understand how differences in app development/maintenance
affect the vulnerabilities associated with libraries. We analyzed 30k free and
paid apps collected from the official Android marketplace. Our extensive
analyses revealed that approximately 70%/50% of vulnerabilities of free/paid
apps stem from software libraries, particularly from third-party libraries.
Somewhat paradoxically, we found that more expensive/popular paid apps tend to
have more vulnerabilities. This comes from the fact that more
expensive/popular paid apps tend to have more functionality, i.e., more code
and libraries, which increases the probability of vulnerabilities. Based on
our findings, we provide suggestions to stakeholders of mobile app
distribution ecosystems."

