Quality analysis of iOS applications with focus on maintainability and security aspects
Kuupäev
2023-10-09
Autorid
Ajakirja pealkiri
Ajakirja ISSN
Köite pealkiri
Kirjastaja
Abstrakt
Nutitelefonidest on saanud meie elu lahutamatu osa. Iga asja jaoks on olemas äpp: sõnumite saatmiseks, internetipanga külastuseks, auto lukust avamiseks. Kahjuks on paljud neist rakendustest ebaturvalised. Turvavigu on avastatud sellistes rakendustes nagu Facebook, TikTok ja WhatsApp. Nende turvavigade raskusaste võib ulatuda andmelekkest kuni pahaloomulise koodi käivitamiseni, mis ohustavad meie kõige privaatsemaid andmeid. Androidi rakenduste kohta on läbi viidud palju uurin-guid, mis analüüsivad koodi kvaliteedi erinevaid aspekte, nagu hooldatavus ja turvalisus. On vähe toetavaid tööriistu ja iOS-i rakenduste kohta on teostatud väga vähe uurimistöid. iOS-i populaarsuse tõttu on oluline toetada arendajaid kvaliteetsete rakenduste loomisel nii turvalisuse kui ka hooldata-vuse osas.
Selle lõputöö eesmärk on täiustada nii arendajate kui ka teadlaste tööriistade tuge ning täita mõned iOS-i rakenduste hooldatavuse ja turvalisusega seotud uurimislüngad. Esmalt arendasime välja Graphi-fySwifti – tööriista, mis tuvastab Swiftis kirjutatud projektides kasinaid koodimustreid. Seejärel rakendasime GraphifySwifti avatud lähtekoodiga iOS-i rakendustele ning analüüsisime kasinate koodimustrite levikut ja sagedust. Lisaks võrdlesime kasinaid koodimustreid iOS-i ja Androidi rakendustes. Nende täiendavate analüüside põhjal töötasime välja GraphfiyEvolutioni, laiendatava tööriista, mis suudab analüüsida nii hetkeseisu kui ka projektide arengut. Kasutasime GraphifyEvolutionit esialgseks kasinate koodimustrid evolutsiooni analüüsiks.
Arendasime SwiftDependencyCheckeri – tööriista, mis leiab iOS-i rakendustest teavet kolmandate osapoolte teekide sõltuvuste kohta ja tuvastab ebaturvalised sõltuvused. Kasutasime GraphifyEvolutionit ja SwiftDependencyCheckerit, et luua Swifti ökosüsteemi kolmandate osapoolte raamistike jaoks raamistike sõltuvusvõrgu andmekogu. Kasutasime seda andmekogumit Swifti ökosüsteemi erinevate aspektide uurimiseks. Analüüsisime Swifti ökosüsteemi üldist arengut, paketihaldurite kasutamist, tehnilist välga raamistike sõltuvustes ja turvavigade levikut.
Smartphones have become an inseparable component in our lives. There is an app for everything: messaging, online banking, unlocking the car. Unfortunately, many of these apps are insecure. Vul-nerabilities have been discovered in apps such as Facebook, TikTok, and WhatsApp. The severity of such vulnerabilities can range from information disclosure to remote code execution jeopardising our most private data. Many studies have been conducted on Android apps analysing different aspects of code quality such as maintainability and security. Very little tooling support and almost no research exists on iOS apps. Due to its popularity, it is important to support developers in building quality apps both in regards to security and maintainability for iOS. The goal of this thesis is to improve tool support for both developers and researchers and to fill some of the research gaps related to maintainability and security of iOS apps. We first developed Graphi-fySwift, a tool that detects code smells in projects written in Swift. Then, we applied GraphifySwift to open source iOS apps and analysed the distribution and frequency of code smells. Additionally, we compared code smells in iOS and Android apps. Based on these additional analyses we developed GraphfiyEvolution, an extendable tool that can analyse both snapshots and the evolution of projects. We used GraphifyEvolution for a preliminary code smell evolution analysis. We implemented SwiftDependencyChekcer, a tool that extracts information on third-party library de-pendencies from iOS apps and detects vulnerable dependencies. We used GraphifyEvolution and SwiftDependencyChecker to build a library dependency network (LDN) dataset for third-party librar-ies in the Swift ecosystem. We used this dataset to study different aspects of the Swift LDN. We ana-lysed the overall evolution of the Swift LDN, the use of package managers, technical lag in library dependencies and the spread of vulnerabilities.
Smartphones have become an inseparable component in our lives. There is an app for everything: messaging, online banking, unlocking the car. Unfortunately, many of these apps are insecure. Vul-nerabilities have been discovered in apps such as Facebook, TikTok, and WhatsApp. The severity of such vulnerabilities can range from information disclosure to remote code execution jeopardising our most private data. Many studies have been conducted on Android apps analysing different aspects of code quality such as maintainability and security. Very little tooling support and almost no research exists on iOS apps. Due to its popularity, it is important to support developers in building quality apps both in regards to security and maintainability for iOS. The goal of this thesis is to improve tool support for both developers and researchers and to fill some of the research gaps related to maintainability and security of iOS apps. We first developed Graphi-fySwift, a tool that detects code smells in projects written in Swift. Then, we applied GraphifySwift to open source iOS apps and analysed the distribution and frequency of code smells. Additionally, we compared code smells in iOS and Android apps. Based on these additional analyses we developed GraphfiyEvolution, an extendable tool that can analyse both snapshots and the evolution of projects. We used GraphifyEvolution for a preliminary code smell evolution analysis. We implemented SwiftDependencyChekcer, a tool that extracts information on third-party library de-pendencies from iOS apps and detects vulnerable dependencies. We used GraphifyEvolution and SwiftDependencyChecker to build a library dependency network (LDN) dataset for third-party librar-ies in the Swift ecosystem. We used this dataset to study different aspects of the Swift LDN. We ana-lysed the overall evolution of the Swift LDN, the use of package managers, technical lag in library dependencies and the spread of vulnerabilities.
Kirjeldus
Väitekirja elektrooniline versioon ei sisalda publikatsioone
Märksõnad
smartphones, mobile applications, iPhone OS, information security, sowtware maintenance