Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Developer-Centric Study Exploring Mobile Application Security Practices and Challenges

Anthony Peruma, Timothy Huo, Ana Catarina Araújo, Jake Imanaka, Rick Kazman

TL;DR

This study delivers a developer-centric view of mobile app security by surveying 137 experienced developers across 22 countries to identify common security practices, challenges, and trusted resources. It finds that features like authentication, permissions, and secure storage are frequently implemented, while non-technical constraints (e.g., limited resources) and technical issues (e.g., third-party library vulnerabilities) hinder secure development. The work also reveals a reliance on Stack Overflow and a broad mix of resources, yet it shows that current learning materials often fail to adequately prepare developers for real-world security tasks, prompting recommendations for proactive security integration, vulnerability scanning, and improved education. The authors propose organizational mechanisms like a Security Resource Center and future case studies to better understand training effectiveness and organizational policies, aiming to elevate practical security outcomes in mobile app development.

Abstract

Mobile applications (apps) have become an essential part of everyday life, offering convenient access to services such as banking, healthcare, and shopping. With these apps handling sensitive personal and financial data, ensuring their security is paramount. While previous research has explored mobile app developer practices, there is limited knowledge about the common practices and challenges that developers face in securing their apps. Our study addresses this need through a global survey of 137 experienced mobile app developers, providing a developer-centric view of mobile app security. Our findings show that developers place high importance on security, frequently implementing features such as authentication and secure storage. They face challenges with managing vulnerabilities, permissions, and privacy concerns, and often rely on resources like Stack Overflow for help. Many developers find that existing learning materials do not adequately prepare them to build secure apps and provide recommendations, such as following best practices and integrating security at the beginning of the development process. We envision our findings leading to improved security practices, better-designed tools and resources, and more effective training programs.

A Developer-Centric Study Exploring Mobile Application Security Practices and Challenges

TL;DR

This study delivers a developer-centric view of mobile app security by surveying 137 experienced developers across 22 countries to identify common security practices, challenges, and trusted resources. It finds that features like authentication, permissions, and secure storage are frequently implemented, while non-technical constraints (e.g., limited resources) and technical issues (e.g., third-party library vulnerabilities) hinder secure development. The work also reveals a reliance on Stack Overflow and a broad mix of resources, yet it shows that current learning materials often fail to adequately prepare developers for real-world security tasks, prompting recommendations for proactive security integration, vulnerability scanning, and improved education. The authors propose organizational mechanisms like a Security Resource Center and future case studies to better understand training effectiveness and organizational policies, aiming to elevate practical security outcomes in mobile app development.

Abstract

Mobile applications (apps) have become an essential part of everyday life, offering convenient access to services such as banking, healthcare, and shopping. With these apps handling sensitive personal and financial data, ensuring their security is paramount. While previous research has explored mobile app developer practices, there is limited knowledge about the common practices and challenges that developers face in securing their apps. Our study addresses this need through a global survey of 137 experienced mobile app developers, providing a developer-centric view of mobile app security. Our findings show that developers place high importance on security, frequently implementing features such as authentication and secure storage. They face challenges with managing vulnerabilities, permissions, and privacy concerns, and often rely on resources like Stack Overflow for help. Many developers find that existing learning materials do not adequately prepare them to build secure apps and provide recommendations, such as following best practices and integrating security at the beginning of the development process. We envision our findings leading to improved security practices, better-designed tools and resources, and more effective training programs.
Paper Structure (14 sections, 6 figures, 5 tables)

This paper contains 14 sections, 6 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Surveys/Interviews on Mobile App Security
  4. Stack Overflow Discussions on Mobile App Development
  5. Summary
  6. Method
  7. Survey Design
  8. Survey Participants
  9. Pilot Study
  10. Data Analysis
  11. Results
  12. Discussion
  13. Threats To Validity
  14. Conclusion & Future Work

Figures (6)

  • Figure 1: Extent of involvement in mobile app development.
  • Figure 2: Importance of security during app development.
  • Figure 3: Stack Overflow usage for app security help.
  • Figure 4: Finding helpful security information on Stack Overflow.
  • Figure 5: Frequency of asking questions on Stack Overflow.
  • ...and 1 more figures