KotlinDetector: Towards Understanding the Implications of Using Kotlin in Android Applications
Autor: | Fadi Mohsen, Fatih Turkmen, Loran Oosterhaven |
---|---|
Přispěvatelé: | Information Systems |
Rok vydání: | 2021 |
Předmět: |
FOS: Computer and information sciences
Computer Science - Cryptography and Security Java Computer science business.industry Heuristic Feature extraction Tracing Software quality Software Engineering (cs.SE) Computer Science - Software Engineering cs.SE cs.CR Android (operating system) Software engineering business computer Cryptography and Security (cs.CR) Kotlin Language construct computer.programming_language |
Zdroj: | MOBILESoft@ICSE 2021 IEEE/ACM 8th International Conference on Mobile Software Engineering and Systems (MobileSoft): Proceedings, 8th IEEE/ACM International Conference on Mobile Software Engineering and Systems, 84-93 |
DOI: | 10.48550/arxiv.2105.09591 |
Popis: | Java programming language has been long used to develop native Android mobile applications. In the last few years many companies and freelancers have switched into using Kotlin partially or entirely. As such, many projects are released as binaries and employ a mix of Java and Kotlin language constructs. Yet, the true security and privacy implications of this shift have not been thoroughly studied. In this work, a state-of-the-art tool, KotlinDetector, is developed to directly extract any Kotlin presence, percentages, and numerous language features from Android Application Packages (APKs) by performing heuristic pattern scanning and invocation tracing. Our evaluation study shows that the tool is considerably efficient and accurate. We further provide a use case in which the output of the KotlinDetector is combined with the output of an existing vulnerability scanner tool called AndroBugs to infer any security and/or privacy implications. |
Databáze: | OpenAIRE |
Externí odkaz: |