Security code smells in Android ICC

Acar Y, Fahl S, Mazurek M (2016) You are not your developer, either: a research agenda for usable security and privacy research beyond end users. In: IEEE SecDev 2016 Ahmad W, Kästner C, Sunshine J, Aldrich J (2016) Inter-app communication in Android developer challenges. In: 2016 IEEE/ACM 13th working conference on mining software repositories (MSR). IEEE, pp 177–188 Balebako R, Cranor L (2014) Improving app privacy: nudging app developers to protect user privacy. IEEE Secur Priv 12(4):55–58 Bosu A, Liu F, Yao DD, Wang G (2017) Collusive data leak and more: large-scale threat analysis of inter-app communications. In: Proceedings of the 2017 ACM on Asia conference on computer and communications security. ACM, pp 71–85 Chin E, Felt AP, Greenwood K, Wagner D (2011) Analyzing inter-application communication in Android. In: Proceedings of the 9th international conference on mobile systems, applications, and services, MobiSys ’11. ACM, New York, pp 239–252 Felt AP, Wang HJ, Moshchuk A, Hanna S, Chin E (2011) Permission re-delegation: attacks and defenses. In: USENIX security symposium, vol 30, p 88 Garcia J, Hammad M, Ghorbani N, Malek S (2017) Automatic generation of inter-component communication exploits for Android applications. In: Proceedings of the 2017 11th joint meeting on foundations of software engineering. ACM, pp 661–671 Ghafari M, Gadient P, Nierstrasz O (2017) Security smells in Android. In: 2017 IEEE 17Th international working conference on source code analysis and manipulation (SCAM), pp 121–130 Jones BH, Chin AG (2015) On the efficacy of smartphone security: a critical analysis of modifications in business students’ practices over time. Int J Inf Manag 35 (5):561–571 Khadiranaikar B, Zavarsky P, Malik Y (2017) Improving Android application security for intent based attacks. In: 2017 8th IEEE annual information technology, electronics and mobile communication conference (IEMCON). IEEE, pp 62–67 Li L, Bartel A, Bissyandé TF, Klein J, Traon YL, Arzt S, Rasthofer S, Bodden E, Octeau D, McDaniel PM (2015) Iccta: Detecting inter-component privacy leaks in Android apps. In: Proceedings of the 37th international conference on software engineering - volume 1, ICSE ’15. IEEE Press, Piscataway, pp 280–291 Li L, Bissyandé TF, Papadakis M, Rasthofer S, Bartel A, Octeau D, Klein J, Traon Le (2017) Static analysis of Android apps: a systematic literature review. Inf Softw Technol 88:67–95 Linares-Vásquez M, Bavota G, Escobar-Velásquez C (2017) An empirical study on Android-related vulnerabilities. In: Proceedings of the 14th international conference on mining software repositories, MSR ’17. IEEE Press, Piscataway, pp 2–13 Mitra J, Ranganath V-P (2017) Ghera: a repository of Android app vulnerability benchmarks. In: Proceedings of the 13th international conference on predictive models and data analytics in software engineering. ACM, pp 43–52 Octeau D, McDaniel P, Jha S, Bartel A, Bodden E, Klein J, Traon YL (2013) Effective inter-component communication mapping in Android with Epicc: an essential step towards holistic security analysis. In: Presented as part of the 22nd USENIX security symposium (USENIX security 13). USENIX, pp 543–558 Reaves B, Bowers J, Gorski III SA, Anise O, Bobhate R, Cho R, Das H, Hussain S, Karachiwala H, Scaife N, Wright B, Butler K, Enck W, Patrick T (2016) *Droid: assessment and evaluation of Android application analysis tools. ACM Comput Surv 49(55):1–55, 30 Ren C, Zhang Y, Xue H, Wei T, Liu P (2015) Towards discovering and understanding task hijacking in Android. In: USENIX security symposium, pp 945–959 Sadeghi A, Bagheri H, Garcia J, Malek S (2016) A taxonomy and qualitative comparison of program analysis techniques for security assessment of Android software. IEEE Trans Softw Eng PP(99):1–1 Shekhar S, Dietz M, Wallach DS (2012) Adsplit: Separating smartphone advertising from applications. In: USENIX security symposium Tymchuk Y, Ghafari M, Nierstrasz O (2018) JIT Feedback — what experienced developers like about static analysis. In: Proceedings of the 26th IEEE international conference on program comprehension (ICPC’18) Wang R, Xing L, Wang X, Chen S (2013) Unauthorized origin crossing on mobile platforms threats and mitigation. In: ACM conference on computer and communications security Weir C, Rashid A, Noble J (2016) Reaching the masses: a new subdiscipline of app programmer education. In: Proceedings of the 2016 24th ACM SIGSOFT international symposium on foundations of software engineering, FSE 2016. ACM, pp 936–939 Witschey J, Zielinska O, Welk A, Murphy-Hill E, Mayhorn C, Zimmermann T (2015) Quantifying developers’ adoption of security tools. In: Proceedings of the 2015 10th joint meeting on foundations of software engineering, ESEC/FSE 2015. ACM, pp 260–271 Lei W, Grace M, Zhou Y, Chiachih W, Jiang X (2013) The impact of vendor customizations on Android security. In: Proceedings of the 2013 ACM SIGSAC conference on computer & communications security, CCS ’13. ACM, New York, pp 623–634 Xie J, Lipford HR, Chu B (2011) Why do programmers make security errors?. In: 2011 IEEE symposium on visual languages and human-centric computing (VL/HCC), pp 161–164 Xie J, Xiao F, Xiaojiang D, Luo B, Guizani M (2017) Autopatchdroid: a framework for patching inter-app vulnerabilities in Android application. In: 2017 IEEE international conference on communications (ICC). IEEE, pp 1–6 Meng X, Song C, Ji Y, Shih M-W, Lu K, Zheng C, Duan R, Jang Y, Lee B, Qian C, et al (2016) Toward engineering a secure Android ecosystem: a survey of existing techniques. ACM Comput Surv (CSUR) 49(2):38