KotlinDetector: Towards Understanding the Implications of Using Kotlin in Android Applications

Autor: Fadi Mohsen, Fatih Turkmen, Loran Oosterhaven
Přispěvatelé: Information Systems
Rok vydání: 2021
Předmět:
Zdroj: MOBILESoft@ICSE
2021 IEEE/ACM 8th International Conference on Mobile Software Engineering and Systems (MobileSoft): Proceedings, 8th IEEE/ACM International Conference on Mobile Software Engineering and Systems, 84-93
DOI: 10.48550/arxiv.2105.09591
Popis: Java programming language has been long used to develop native Android mobile applications. In the last few years many companies and freelancers have switched into using Kotlin partially or entirely. As such, many projects are released as binaries and employ a mix of Java and Kotlin language constructs. Yet, the true security and privacy implications of this shift have not been thoroughly studied. In this work, a state-of-the-art tool, KotlinDetector, is developed to directly extract any Kotlin presence, percentages, and numerous language features from Android Application Packages (APKs) by performing heuristic pattern scanning and invocation tracing. Our evaluation study shows that the tool is considerably efficient and accurate. We further provide a use case in which the output of the KotlinDetector is combined with the output of an existing vulnerability scanner tool called AndroBugs to infer any security and/or privacy implications.
Databáze: OpenAIRE