Android source code vulnerability detection: a systematic literature review
Article
Senanayake, J., Kalutarage, H., Al-Kadri, M.O., Petrovski, A. and Piras, L. 2023. Android source code vulnerability detection: a systematic literature review. ACM Computing Surveys. 55 (9). https://doi.org/10.1145/3556974
Type | Article |
---|---|
Title | Android source code vulnerability detection: a systematic literature review |
Authors | Senanayake, J., Kalutarage, H., Al-Kadri, M.O., Petrovski, A. and Piras, L. |
Abstract | The use of mobile devices is rising daily in this technological era. A continuous and increasing number of mobile applications are constantly offered on mobile marketplaces to fulfil the needs of smartphone users. Many Android applications do not address the security aspects appropriately. This is often due to a lack of automated mechanisms to identify, test, and fix source code vulnerabilities at the early stages of design and development. Therefore, the need to fix such issues at the initial stages rather than providing updates and patches to the published applications is widely recognized. Researchers have proposed several methods to improve the security of applications by detecting source code vulnerabilities and malicious codes. This Systematic Literature Review (SLR) focuses on Android application analysis and source code vulnerability detection methods and tools by critically evaluating 118 carefully selected technical studies published between 2016 and 2022. It highlights the advantages, disadvantages, applicability of the proposed techniques and potential improvements of those studies. Both Machine Learning (ML) based methods and conventional methods related to vulnerability detection are discussed while focusing more on ML-based methods since many recent studies conducted experiments with ML. Therefore, this paper aims to enable researchers to acquire in-depth knowledge in secure mobile application development while minimizing the vulnerabilities by applying ML methods. Furthermore, researchers can use the discussions and findings of this SLR to identify potential future research and development directions. |
Keywords | Source code vulnerability; vulnerability detection; software security; Android security; machine learning |
Sustainable Development Goals | 9 Industry, innovation and infrastructure |
Middlesex University Theme | Creativity, Culture & Enterprise |
Publisher | Association for Computing Machinery (ACM) |
Journal | ACM Computing Surveys |
ISSN | 0360-0300 |
Electronic | 1557-7341 |
Publication dates | |
Online | 16 Jan 2023 |
30 Sep 2023 | |
Publication process dates | |
Deposited | 13 Oct 2022 |
Submitted | 04 Dec 2021 |
Accepted | 08 Aug 2022 |
Output status | Published |
Accepted author manuscript | File Access Level Open |
Copyright Statement | © 2022 Association for Computing Machinery. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in ACM Computing Surveys, http://dx.doi.org/10.1145/10.1145/3556974 |
Digital Object Identifier (DOI) | https://doi.org/10.1145/3556974 |
Web of Science identifier | WOS:000924882300013 |
Language | English |
https://repository.mdx.ac.uk/item/89zv0
Download files
109
total views243
total downloads5
views this month7
downloads this month