Beyond the Horizon: Exploring Cross-Market Security Discrepancies in Parallel Android Apps
File version
Author(s)
Bai, G
Lin, R
Guo, J
Diao, W
Griffith University Author(s)
Primary Supervisor
Other Supervisors
Editor(s)
Date
Size
File type(s)
Location
Tsukuba, Japan
License
Abstract
Multi-channel distribution of Android apps offers convenience to users, yet simultaneously introduces security concerns. Although apps published on Google Play and third-party markets share the same version code, differences in app content may still arise. Notably, a recent incident involving the third-party market version of Pinduoduo app containing malicious code highlights the intentionally-differentiated implementations of app functionalities by developers between Google Play and third-party markets. The case of Pinduoduo may be just the tip of the iceberg, underscoring the need for a comprehensive investigation of the disparities between Google Play and third-party market versions of apps.In this work, we systematically analyze the differences in security and privacy of cross-market apps that claim to share the same version code. Specifically, we propose three research questions that cover differences in app protection, security threats, and permission usage. To answer these questions, we constructed a dataset containing 17,218 app pairs (filtered from 236,731 apps) and permission mappings (27,046 SDK mappings, 1,656 ContentProvider mappings, and 309 Intent mappings) for API levels 16 - 33. This dataset enables us to perform a comprehensive differential analysis. Consequently, our investigation unveiled a series of captivating and insightful findings. Approximately 29.02% of apps show differences in one or all three aspects. For example, the third-party market versions of apps often request more permissions compared to their Google Play counterparts, particularly among apps in the game category. Our work can help developers and app store operators improve cross-market app consistency, enhancing the quality of the Android app ecosystem and user experience.
Journal Title
Conference Title
2024 IEEE 35th International Symposium on Software Reliability Engineering (ISSRE)
Book Title
Edition
Volume
Issue
Thesis Type
Degree Program
School
Publisher link
Patent number
Funder(s)
Grant identifier(s)
Rights Statement
Rights Statement
Item Access Status
Note
Access the data
Related item(s)
Subject
Persistent link to this record
Citation
Yang, S; Bai, G; Lin, R; Guo, J; Diao, W, Beyond the Horizon: Exploring Cross-Market Security Discrepancies in Parallel Android Apps, 2024 IEEE 35th International Symposium on Software Reliability Engineering (ISSRE), 2024, pp. 558-569