Security Smells in Android

Ghafari, Mohammad; Gadient, Pascal Josef; Nierstrasz, Oscar Marius (September 2017). Security Smells in Android. In: 17th International Working Conference on Source Code Analysis and Manipulation (SCAM) (pp. 121-130). IEEE 10.1109/SCAM.2017.24

[img] Text
08090145.pdf - Published Version
Restricted to registered users only
Available under License Publisher holds Copyright.

Download (1MB) | Request a copy

The ubiquity of smartphones, and their very broad capabilities and usage, make the security of these devices tremendously important. Unfortunately, despite all progress in security and privacy mechanisms, vulnerabilities continue to proliferate.Research has shown that many vulnerabilities are due to insecure programming practices. However, each study has often dealt with a specific issue, making the results less actionable for practitioners.To promote secure programming practices, we have reviewed related research, and identified avoidable vulnerabilities in Android-run devices and the security code smells that indicate their presence. In particular, we explain the vulnerabilities, their corresponding smells, and we discuss how they could be eliminated or mitigated during development. Moreover, we develop a lightweight static analysis tool and discuss the extent to which it successfully detects several vulnerabilities in about 46000 apps hosted by the official Android market.

Item Type:

Conference or Workshop Item (Paper)


08 Faculty of Science > Institute of Computer Science (INF)
08 Faculty of Science > Institute of Computer Science (INF) > Software Composition Group (SCG) [discontinued]

UniBE Contributor:

Ghafari, Mohammad, Gadient, Pascal Josef, Nierstrasz, Oscar


000 Computer science, knowledge & systems
500 Science > 510 Mathematics






Oscar Nierstrasz

Date Deposited:

11 Apr 2018 11:00

Last Modified:

02 Mar 2023 23:30

Publisher DOI:


Uncontrolled Keywords:

scg-pub snf-asa2 scg17 jb18




Actions (login required)

Edit item Edit item
Provide Feedback