Android source code vulnerability detection: a systematic literature review

Senanayake, Janaka, Kalutarage, Harsha, Al-Kadri, Mhd Omar, Petrovski, Andrei and Piras, Luca ORCID: https://orcid.org/0000-0002-7530-4119 (2022) Android source code vulnerability detection: a systematic literature review. ACM Computing Surveys . ISSN 0360-0300 [Article] (Published online first) (doi:10.1145/3556974)

Preview

PDF - Final accepted version (with author's formatting)
Download (1MB) | Preview

Official URL: https://doi.org/10.1145/3556974

Abstract

The use of mobile devices is rising daily in this technological era. A continuous and increasing number of mobile applications are constantly offered on mobile marketplaces to fulfil the needs of smartphone users. Many Android applications do not address the security aspects appropriately. This is often due to a lack of automated mechanisms to identify, test, and fix source code vulnerabilities at the early stages of design and development. Therefore, the need to fix such issues at the initial stages rather than providing updates and patches to the published applications is widely recognized. Researchers have proposed several methods to improve the security of applications by detecting source code vulnerabilities and malicious codes. This Systematic Literature Review (SLR) focuses on Android application analysis and source code vulnerability detection methods and tools by critically evaluating 118 carefully selected technical studies published between 2016 and 2022. It highlights the advantages, disadvantages, applicability of the proposed techniques and potential improvements of those studies. Both Machine Learning (ML) based methods and conventional methods related to vulnerability detection are discussed while focusing more on ML-based methods since many recent studies conducted experiments with ML. Therefore, this paper aims to enable researchers to acquire in-depth knowledge in secure mobile application development while minimizing the vulnerabilities by applying ML methods. Furthermore, researchers can use the discussions and findings of this SLR to identify potential future research and development directions.

Item Type:	Article
Sustainable Development Goals:	Goal 9: Industry, Innovation, and Infrastructure
Theme:	Creativity, Culture & Enterprise
Keywords (uncontrolled):	Machine Learning, Android Security, Software Security, Vulnerability Detection, Source Code Vulnerability
Research Areas:	A. > School of Science and Technology > Computer Science
Item ID:	35929
Notes on copyright:	© 2022 Association for Computing Machinery. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in ACM Computing Surveys, http://dx.doi.org/10.1145/10.1145/3556974
Useful Links:	Middlesex University Expert Profile
Depositing User:	Luca Piras
Date Deposited:	13 Oct 2022 08:40
Last Modified:	17 Feb 2023 15:02
URI:	https://eprints.mdx.ac.uk/id/eprint/35929

Actions (login required)

View Item

Statistics

DownloadsShow export options

Activity Overview

6 month trend

182Downloads

6 month trend

48Hits

Additional statistics are available via IRStats2.

CORE (COnnecting REpositories)