Security Smells Pervade Mobile App Servers

Gadient, Pascal; Tarnutzer, Marc-Andrea; Nierstrasz, Oscar; Ghafari, Mohammad (October 2021). Security Smells Pervade Mobile App Servers. In: ACM / IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM). Bari, Italy (Virtual event). October 11-15, 2021. 10.1145/3475716.3475780

[img] Text
Gadi21a.pdf - Published Version
Restricted to registered users only
Available under License Publisher holds Copyright.

Download (642kB)

Background Web communication is universal in cyberspace, and security risks in this domain are devastating. Aims We analyzed the prevalence of six security smells in mobile app servers, and we investigated the consequence of these smells from a security perspective. Method We used an existing dataset that includes 9,714 distinct URLs used in 3,376 Android mobile apps. We exercised these URLs twice within 14 months and investigated the HTTP headers and bodies. Results We found that more than 69% of tested apps suffer from three kinds of security smells, and that unprotected communication and misconfigurations are very common in servers. Moreover, source-code and version leaks, or the lack of update policies expose app servers to security risks. Conclusions Poor app server maintenance greatly hampers security.

Item Type:

Conference or Workshop Item (Paper)

Division/Institute:

08 Faculty of Science > Institute of Computer Science (INF)
08 Faculty of Science > Institute of Computer Science (INF) > Software Composition Group (SCG) [discontinued]

UniBE Contributor:

Gadient, Pascal Josef, Nierstrasz, Oscar, Ghafari, Mohammad

Subjects:

000 Computer science, knowledge & systems

Language:

English

Submitter:

Oscar Nierstrasz

Date Deposited:

24 Feb 2022 11:52

Last Modified:

05 Dec 2022 16:07

Publisher DOI:

10.1145/3475716.3475780

Uncontrolled Keywords:

scg-pub security snf-asa3 scg21 jb22

BORIS DOI:

10.48350/165141

URI:

https://boris.unibe.ch/id/eprint/165141

Actions (login required)

Edit item Edit item
Provide Feedback