| Title | Security Analysis of Cordova Applications in Google Play |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Willocx, Michiel, Vossaert, Jan, Naessens, Vincent |
| Conference Name | Proceedings of the 12th International Conference on Availability, Reliability and Security |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5257-4 |
| Keywords | compositionality, Cordova, Google play, human factors, iOS Security, Metrics, Mobile application development, pubcrawl, Resiliency, security |
| Abstract | Mobile Cross-Platform Tools (CPTs) provide an alternative to native application development that allows mobile app developers to drastically reduce the development time and cost when targeting multiple platforms. They allow sharing a significant part of the application codebase between the implementations for the targeted platforms (e.g. Android, iOS, Windows Phone). Although CPTs provide significant benefits for developers, there can introduce several disadvantages. The CPT software layers and translation steps can impact the security of the produced applications. One of the most well-known and often-used CPTs is Cordova, formerly known as PhoneGap. Cordova has, over the years, taken several steps to reduce the attack surface and introduced several mechanisms that allow developers to increase the security of Cordova applications. This paper gives a statistical overview of the adoption of Cordova security best practices and mechanisms in Cordova applications downloaded from the Google Play Store. For the analysis, over a thousand Cordova application were downloaded. The research shows that the poor adoption of these mechanisms leads to a significant number of insecure Cordova applications. |
| URL | http://doi.acm.org/10.1145/3098954.3103162 |
| DOI | 10.1145/3098954.3103162 |
| Citation Key | willocx_security_2017 |
Security Analysis of Cordova Applications in Google Play