Security Smells Pervade Mobile App Servers

Gadient, Pascal; Tarnutzer, Marc-Andrea; Nierstrasz, Oscar; Ghafari, Mohammad (October 2021). Security Smells Pervade Mobile App Servers. In: ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM). Bari, Italy (Virtual event). October 11-15, 2021. 10.1145/3475716.3475780

Text Gadi21a.pdf - Published Version Restricted to registered users only Available under License Publisher holds Copyright. Download (642kB)

Background Web communication is universal in cyberspace, and security risks in this domain are devastating. Aims We analyzed the prevalence of six security smells in mobile app servers, and we investigated the consequence of these smells from a security perspective. Method We used an existing dataset that includes 9,714 distinct URLs used in 3,376 Android mobile apps. We exercised these URLs twice within 14 months and investigated the HTTP headers and bodies. Results We found that more than 69% of tested apps suffer from three kinds of security smells, and that unprotected communication and misconfigurations are very common in servers. Moreover, source-code and version leaks, or the lack of update policies expose app servers to security risks. Conclusions Poor app server maintenance greatly hampers security.

Interest & Impact

Downloads

1 since deposited on 24 Feb 2022
0 in the past 12 months

Citations

5 Citations in Web of Science ®
6 Citations in Scopus

Search

in Google Scholar™

Services

Actions (login required)

Edit item

Actions (login required)

Edit item