Mobile App Security Trends and Topics: An Examination of Questions From Stack Overflow

TL;DR

This study investigates security concerns in mobile apps by mining Stack Overflow for security-related questions about Android and iOS. Using a dataset from the Stack Exchange Data Explorer (2008-2022), the authors apply quantitative analyses and Latent Dirichlet Allocation to identify growth patterns and seven topic clusters. They find that Android dominates and that seven security-topic categories recur across questions, with notable spikes around platform policy changes. The results offer actionable insights to researchers, educators, and tool vendors to better support developers in securing mobile apps, and they discuss future directions including the impact of Generative AI on developers' information-seeking behavior.

Abstract

The widespread use of smartphones and tablets has made society heavily reliant on mobile applications (apps) for accessing various resources and services. These apps often handle sensitive personal, financial, and health data, making app security a critical concern for developers. While there is extensive research on software security topics like malware and vulnerabilities, less is known about the practical security challenges mobile app developers face and the guidance they seek. In this study, we mine Stack Overflow for questions on mobile app security, which we analyze using quantitative and qualitative techniques. The findings reveal that Stack Overflow is a major resource for developers seeking help with mobile app security, especially for Android apps, and identifies seven main categories of security questions: Secured Communications, Database, App Distribution Service, Encryption, Permissions, File-Specific, and General Security. Insights from this research can inform the development of tools, techniques, and resources by the research and vendor community to better support developers in securing their mobile apps.