Mobile App Security Trends and Topics: An Examination of Questions From Stack Overflow

TL;DR

This paper analyzes Stack Overflow questions to identify key mobile app security concerns, revealing prevalent topics and highlighting the need for targeted developer support and resources.

Contribution

It provides a novel analysis of real-world developer questions on mobile security, categorizing common issues and informing future tool and resource development.

Findings

Stack Overflow is a major resource for mobile security questions

Seven main categories of security questions identified

Most questions focus on Android app security

Abstract

The widespread use of smartphones and tablets has made society heavily reliant on mobile applications (apps) for accessing various resources and services. These apps often handle sensitive personal, financial, and health data, making app security a critical concern for developers. While there is extensive research on software security topics like malware and vulnerabilities, less is known about the practical security challenges mobile app developers face and the guidance they seek. In this study, we mine Stack Overflow for questions on mobile app security, which we analyze using quantitative and qualitative techniques. The findings reveal that Stack Overflow is a major resource for developers seeking help with mobile app security, especially for Android apps, and identifies seven main categories of security questions: Secured Communications, Database, App Distribution Service, Encryption, Permissions, File-Specific, and General Security. Insights from this research can inform the development of tools, techniques, and resources by the research and vendor community to better support developers in securing their mobile apps.