Negative results on mining crypto-API usage rules in Android apps

Jun Gao, Pingfan Kong, Li Li, Tegawende F. Bissyande, Jacques Klein

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

4 Citations (Scopus)

Abstract

Android app developers recurrently use crypto-APIs to provide data security to app users. Unfortunately, misuse of APIs only creates an illusion of security and even exposes apps to systematic attacks. It is thus necessary to provide developers with a statically-enforceable list of specifications of crypto-API usage rules. On the one hand, such rules cannot be manually written as the process does not scale to all available APIs. On the other hand, a classical mining approach based on common usage patterns is not relevant in Android, given that a large share of usages include mistakes. In this work, building on the assumption that 'developers update API usage instances to fix misuses', we propose to mine a large dataset of updates within about 40 000 real-world app lineages to infer API usage rules. Eventually, our investigations yield negative results on our assumption that API usage updates tend to correct misuses. Actually, it appears that updates that fix misuses may be unintentional: the same misuses patterns are quickly re-introduced by subsequent updates.

Original languageEnglish
Title of host publicationProceedings - 2019 IEEE/ACM 16th International Conference on Mining Software Repositories, MSR 2019
EditorsBram Adams, Sonia Haiduc
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages388-398
Number of pages11
ISBN (Electronic)9781728134123
ISBN (Print)9781728133706
DOIs
Publication statusPublished - 2019
EventIEEE International Working Conference on Mining Software Repositories 2019 - Montreal, Canada
Duration: 26 May 201927 May 2019
Conference number: 16th
https://conf.researchr.org/home/msr-2019
https://ieeexplore.ieee.org/xpl/conhome/8804710/proceeding (Proceedings)

Conference

ConferenceIEEE International Working Conference on Mining Software Repositories 2019
Abbreviated titleMSR 2019
CountryCanada
CityMontreal
Period26/05/1927/05/19
Internet address

Keywords

  • Android
  • Cryptography
  • Rule mining

Cite this