Analyzing and automatically labelling the types of user issues that are raised in mobile app reviews

Mobile app reviews by users contain a wealth of information on the issues that users are experiencing. For example, a review might contain a feature request, a bug report, and/or a privacy complaint. Developers, users and app store owners (e.g. Apple, Blackberry, Google, Microsoft) can benefit from a better understanding of these issues – developers can better understand users’ concerns, app store owners can spot anomalous apps, and users can compare similar apps to decide which ones to download or purchase. However, user reviews are not labelled, e.g. we do not know which types of issues are raised in a review. Hence, one must sift through potentially thousands of reviews with slang and abbreviations to understand the various types of issues. Moreover, the unstructured and informal nature of reviews complicates the automated labelling of such reviews. In this paper, we study the multi-labelled nature of reviews from 20 mobile apps in the Google Play Store and Apple App Store. We find that up to 30 % of the reviews raise various types of issues in a single review (e.g. a review might contain a feature request and a bug report). We then propose an approach that can automatically assign multiple labels to reviews based on the raised issues with a precision of 66 % and recall of 65 %. Finally, we apply our approach to address three proof-of-concept analytics use case scenarios: (i) we compare competing apps to assist developers and users, (ii) we provide an overview of 601,221 reviews from 12,000 apps in the Google Play Store to assist app store owners and developers and (iii) we detect anomalous apps in the Google Play Store to assist app store owners and users.     

An empirical study of emergency updates for top android mobile apps

The mobile app market continues to grow at a tremendous rate. The market provides a convenient and efficient distribution mechanism for updating apps. App developers continuously leverage such mechanism to update their apps at a rapid pace. The mechanism is ideal for publishing emergency updates (i.e., updates that are published soon after the previous update). In this paper, we study such emergency updates in the Google Play Store. Examining more than 44,000 updates of over 10,000 mobile apps in the Google Play Store, we identify 1,000 emergency updates. By studying the characteristics of such emergency updates, we find that the emergency updates often have a long lifetime (i.e., they are rarely followed by another emergency update). Updates preceding emergency updates often receive a higher ratio of negative reviews than the emergency updates. However, the release notes of emergency updates rarely indicate the rationale for such updates. Hence, we manually investigate the binary changes of several of these emergency updates. We find eight patterns of emergency updates. We categorize these eight patterns along two categories “Updates due to deployment issues” and “Updates due to source code changes”. We find that these identified patterns of emergency updates are often associated with simple mistakes, such as using a wrong resource folder (e.g., images or sounds) for an app. We manually examine each pattern and document its causes and impact on the user experience. App developers should carefully avoid these patterns in order to improve the user experience.     

Effects of the aesthetic design of icons on app downloads: evidence from an android market

With the rapid development of the mobile app market, understanding the determinants of mobile app success has become vital to researchers and mobile app developers. Extant research on mobile applications primarily focused on the numerical and textual attributes of apps. Minimal attention has been provided to how the visual attributes of apps affect the download behavior of users. Among the features of app “appearance”, this study focuses on the effects of app icon on demand. With aesthetic product and interface design theories, we analyze icons from three aspects, namely, color, complexity, and symmetry, through image processing. Using a dataset collected from one of the largest Chinese Android websites, we find that icon appearance influences the download behavior of users. Particularly, apps with icons featuring higher colorfulness, proper complexity, and slight asymmetry lead to more downloads. These findings can help developers design their apps.     

面向海量软件的未知恶意代码检测方法

软件应用市场级别的安全审查需要同时具备准确性和可扩展性。然而,当前的审查机制效率通常较低,难以应对新的威胁。我们通过研究发现,恶意软件作者通过对几个合法应用重打包,将同一段恶意代码放在不同的应用中进行传播。这样,恶意代码通常出现在几个同源应用中多出的代码部分和非同源应用中相同的代码部分。基于上述发现,我们开发出一套大规模的软件应用检测系统——MassVet。它无需知道恶意代码的代码特征或行为特征就可以快速的检测恶意代码。现有的检测机制通常会利用一些复杂的程序分析,而本文方法仅需要通过对比上传的软件应用与市场上存在的应用,尤其关注具有相同视图结构的应用中不同的代码,以及互不相关的应用中相同的部分。当移除公共库和一些合法的重用代码片段后,这些相同或不同的代码部分就变得高度可疑。我们把应用的视图结构或函数的控制流图映射为一个值,并基于此进行DiffCom分析。我们设计了基于流水线的分析引擎,并对来自33个应用市场共计120万个软件应用进行了大规模分析。实验证明我们的方法可以在10秒内检测一个应用,并且误报率很低。另外,在检测覆盖率上,MassVet超过了VirusTotal中的54个扫描器（包括NOD32、Symantec和McAfee等）,扫描出近10万个恶意软件,其中超过20个为零日（zero-day）恶意软件,下载次数超过百万。另外,这些应用也揭示了很多有趣的现象,例如谷歌的审查策略和恶意软件作者躲避检测策略之间的不断对抗,导致Google Play中一些被下架的应用会重新出现等。     

Mobile app portfolio management and developers’ performance: An empirical study of the apple app store

We examine the impacts of mobile app category assortment of developers’ app portfolios on app performance in terms of quality and popularity. First, using data from the Apple App Store, we find a negative effect of portfolio diversity on developers’ app quality, which is negatively moderated by portfolio size. Second, we uncover spillover effects on app popularity, where existing (new) apps of a developer can influence the popularity of new (existing) apps both within and across app categories (only within the same app category). Importantly, our empirical analyses account for potential endogeneity biases using matching, selection, and simultaneous equations models.     

VAnDroid: A framework for vulnerability analysis of Android applications using a model-driven reverse engineering technique

Android is extensively used worldwide by mobile application developers. Android provides applications with a message passing system to communicate within and between them. Due to the risks associated with this system, it is vital to detect its unsafe operations and potential vulnerabilities. To achieve this goal, a new framework, called VAnDroid, based on Model Driven Reverse Engineering (MDRE), is presented that identifies security risks and vulnerabilities related to the Android application communication model. In the proposed framework, some security-related information included in an Android app is automatically extracted and represented as a domain-specific model. Then, it is used for analyzing security configurations and identifying vulnerabilities in the corresponding application. The proposed framework is implemented as an Eclipse-based tool, which automatically identifies the Intent Spoofing and Unauthorized Intent Receipt as two attacks related to the Android application communication model. To evaluate the tool, it has been applied to several real-world Android applications, including 20 apps from Google Play and 110 apps from the F-Droid repository. VAnDroid is also compared with several existing analysis tools, and it is shown that it has a number of key advantages over those tools specifically regarding its high correctness, scalability, and usability in discovering vulnerabilities. The results well indicate the effectiveness and capacity of the VAnDroid as a promising approach in the field of Android security.     

Network-based detection of Android malicious apps

Users leverage mobile devices for their daily Internet needs by running various mobile applications (apps) such as social networking, e-mailing, news-reading, and video/audio streaming. Mobile device have become major targets for malicious apps due to their heavy network activity and is a research challenge in the current era. The majority of the research reported in the literature is focused on host-based systems rather than the network-based; unable to detect malicious activities occurring on mobile device through the Internet. This paper presents a detection app model for classification of apps. We investigate the accuracy of various machine learning models, in the context of known and unknown apps, benign and normal apps, with or without encrypted message-based app, and operating system version independence of classification. The best resulted machine learning(ML)-based model is embedded into the detection app for efficient and effective detection. We collect a dataset of network activities of 18 different malware families-based apps and 14 genuine apps and use it to develop ML-based detectors. We show that, it is possible to detect malicious app using network traces with the traditional ML techniques, and results revealed the accuracy (95–99.9 %) in detection of apps in different scenarios. The model proposed is proved efficient and suitable for mobile devices. Due to the widespread penetration of Android OS into the market, it has become the main target for the attackers. Hence, the proposed system is deployed on Android environment.     

Studying the consistency of star ratings and the complaints in 1 & 2-star user reviews for top free cross-platform Android and iOS apps

How users rate a mobile app via star ratings and user reviews is of utmost importance for the success of an app. Recent studies and surveys show that users rely heavily on star ratings and user reviews that are provided by other users, for deciding which app to download. However, understanding star ratings and user reviews is a complicated matter, since they are influenced by many factors such as the actual quality of the app and how the user perceives such quality relative to their expectations, which are in turn influenced by their prior experiences and expectations relative to other apps on the platform (e.g., iOS versus Android). Nevertheless, star ratings and user reviews provide developers with valuable information for improving the overall impression of their app. In an effort to expand their revenue and reach more users, app developers commonly build cross-platform apps, i.e., apps that are available on multiple platforms. As star ratings and user reviews are of such importance in the mobile app industry, it is essential for developers of cross-platform apps to maintain a consistent level of star ratings and user reviews for their apps across the various platforms on which they are available. In this paper, we investigate whether cross-platform apps achieve a consistent level of star ratings and user reviews. We manually identify 19 cross-platform apps and conduct an empirical study on their star ratings and user reviews. By manually tagging 9,902 1 & 2-star reviews of the studied cross-platform apps, we discover that the distribution of the frequency of complaint types varies across platforms. Finally, we study the negative impact ratio of complaint types and find that for some apps, users have higher expectations on one platform. All our proposed techniques and our methodologies are generic and can be used for any app. Our findings show that at least 79% of the studied cross-platform apps do not have consistent star ratings, which suggests that different quality assurance efforts need to be considered by developers for the different platforms that they wish to support.     

Cybersecurity for Android Applications: Permissions in Android 5 and 6

Android 5 informs users of all permissions requested when downloading an app and gives users an all-or-nothing acceptance decision to make for the permissions. In contrast, Android 6 informs users of each permission upon first use of the downloaded app. We conducted an online study with participants recruited through Amazon Mechanical Turk to compare the relative usability of the two permissions interfaces. Each interface condition contained a simulation of the Google Play Store and instructed participants to role-play the task of downloading an app. Afterward, each participant was questioned about which permissions were seen and the functions of those permissions. The Android 5 interface showed better performance with informing users as to which permissions access their device, whereas the Android 6 interface fared better with presenting the functions of the permissions. Also, the Android 6 interface was found to be more intuitive to use than that of Android 5. Although a pilot study showed that users favored the Android 6 permissions interface over Android 5’s, the present study found no clear evidence that it was more effective than Android 5.     

Status and trends of mobile-health applications for iOS devices: A developer's perspective

Modern smart mobile devices offer media-rich and context-aware features that are highly useful for electronic-health (e-health) applications. It is therefore not surprising that these devices have gained acceptance as target devices for e-health applications, turning them into m-health (mobile-health) apps. In particular, many e-health application developers have chosen Apple's iOS mobile devices such as iPad, iPhone, or iPod Touch as the target device to provide more convenient and richer user experience, as evidenced by the rapidly increasing number of m-health apps in Apple's App Store. In this paper, the top two hundred of such apps from the App Store were examined from a developer's perspective to provide a focused overview of the status and trends of iOS m-health apps and an analysis of related technology, architecture, and user interface design issues. The top 200 apps were classified into different groups according to their purposes, functions, and user satisfaction. It was shown that although the biggest group of apps was medical information reference apps that were delivered from or related to medical articles, websites, or journals, mobile users disproportionally favored tracking tools. It was clear that m-health apps still had plenty of room to grow to take full advantage of unique mobile platform features and truly fulfill their potential. In particular, introduction of two- or three-dimensional visualization and context-awareness could further enhance m-health app's usability and utility. This paper aims to serve as a reference point and guide for developers and practitioners interested in using iOS as a platform for m-health applications, particular from the technical point of view.     

An automatically vetting mechanism for SSL error-handling vulnerability in android hybrid Web apps

A large set of diverse hybrid mobile apps, which use both native Android app UIs and Web UIs, are widely available in today’s smartphones. These hybrid apps usually use SSL or TLS to secure HTTP based communication. However, researchers show that incorrect implementation of SSL or TLS may lead to serious security problems, such as Man-In-The-Middle (MITM) attacks and phishing attacks. This paper investigates a particular SSL vulnerability that results from error-handling code in the hybrid mobile Web apps. Usually such error-handling code is used to terminate an ongoing communication, but the vulnerability of interest is able to make the communication proceed regardless of SSL certificate verification failures, eventually lead to MITM attacks. To identify those vulnerable apps, we develop a hybrid approach, which combines both static analysis and dynamic analysis to (1) automatically distinguish the native Android UIs and Web UIs, and execute the Web UIs to trigger the error-handling code; (2) accurately select the correct paths from the app entry-point to the targeted code, meanwhile avoiding the crash of apps, and populate messaging objects for the communication between components. Specifically, we construct inter-component call graphs to model the connections, and design algorithms to select the paths from the established graph and determine the parameters by backtracing. To evaluate our approach, we have implemented and tested it with 13,820 real world mobile Web apps from Google Play. The experimental results demonstrate that 1,360 apps are detected as potentially vulnerable ones solely using the static analysis. The dynamic analysis process further confirms that 711 apps are truly vulnerable among the potentially vulnerable set.     

Fresh apps: an empirical study of frequently-updated mobile apps in the Google play store

Mobile app stores provide a unique platform for developers to rapidly deploy new updates of their apps. We studied the frequency of updates of 10,713 mobile apps (the top free 400 apps at the start of 2014 in each of the 30 categories in the Google Play store). We find that a small subset of these apps (98 apps representing ?1 % of the studied apps) are updated at a very frequent rate — more than one update per week and 14 % of the studied apps are updated on a bi-weekly basis (or more frequently). We observed that 45 % of the frequently-updated apps do not provide the users with any information about the rationale for the new updates and updates exhibit a median growth in size of 6 %. This paper provides information regarding the update strategies employed by the top mobile apps. The results of our study show that 1) developers should not shy away from updating their apps very frequently, however the frequency varies across store categories. 2) Developers do not need to be too concerned about detailing the content of new updates. It appears that users are not too concerned about such information. 3) Users highly rank frequently-updated apps instead of being annoyed about the high update frequency.     

面向安卓应用建模的IFML扩展

随着智能机以及平板电脑的普及,安卓应用逐渐成为日常生活中不可或缺的重要元素之一,其复杂度也呈几何倍数增长.安卓平台存在的多设备类型、多操作系统版本问题,使得应用的设计和开发更为复杂.在这一现状下,提倡在安卓应用开发中使用模型来描述其开发需求与设计,以帮助开发人员更好地将注意力集中于应用,加深对开发意图的理解,更好地进行后续的开发工作.然而,当前对安卓应用的建模都采用了传统模型,无法满足安卓应用事件驱动和注重图形用户界面的特点.为此,将注重前端展示以及事件交互的交互流建模语言（IFML）应用于安卓应用的建模,描述应用中的GUI结构以及其中工作流的传递,从而指导应用的开发工作.考虑到安卓平台的特点,对IFML进行了相应的面向安卓的扩展,提高了其可用性与对安卓应用的适用性,并对IFML模型进行了形式化定义,使得IFML模型能以丰富而又精确的语义来刻画开发者对于安卓应用的设计,并在应用的实现和演化中不断发挥指导作用.另外,进一步探索了IFML模型在应用测试这一场景中的作用.基于模型的测试方法能够检验设计和实现的一致性,还能在应用的演化过程中避免测试用例的重复编写.在案例研究中,针对5个安卓应用进行了IFML建模与测试.实验结果表明,扩展后的IFML在安卓应用的建模上可行、有效,所建立的IFML模型可直接用于测试工作,用于检测应用实现与设计是否保持一致,从而保证应用的开发质量.     

Forensic taxonomy of android productivity apps

Android productivity apps have provided the facility of having a constantly accessible and productive workforce to the information and work capabilities needed by the users. With hundreds of productivity apps available in the Android app market, it is necessary to develop a taxonomy for the forensic investigators and the end users to allow them to know what personal data remnants are available from the productivity apps. In this paper, 30 popular Android productivity apps were examined. A logical extraction of the Android phone was collected by using a well-known mobile forensic tool- XRY to extract various information of forensic interest such as user email ID and list of tasks. Based on the findings, a two-dimensional taxonomy of the forensic artefacts of the productivity apps is proposed with the app categories in one dimension and the classes of artefacts in the other dimension. The artefacts identified in the study of the apps are summarised using the taxonomy. In addition, a comparison with the existing forensic taxonomies of different categories of Android apps is provided to facilitate timely collection and analysis of evidentiary materials from mobile devices.     

EPE‐Mobile—A framework for early performance estimation of mobile applications

Considering the constrained resources of mobile devices, a thorough performance evaluation of a mobile application is crucial. However, performance evaluation in the mobile domain is still a manual and time‐consuming task. The diversity of mobile devices only increases the complexity of this task. We propose EPE‐Mobile, a framework to automate early performance estimation in mobile applications. It is composed of a configurable library of basic operations and an engine that automatically creates a synthetic program based on the specification of a new app. The synthetic program that EPE‐Mobile generates provides feedback for mobile developers at the first design stages and before the actual implementation of a new application. The fast evaluation can also guide developers in optimizing their applications or in choosing devices with the best trade‐off between cost and performance to run a given application. Finally, developers can reuse the data collection infrastructure of the framework to collect performance data during all development stages. We validate the proposed framework using 4 applications from the Android Play Store. Based on their specifications, 4 synthetic programs were generated and executed on different devices. We compared the results to those obtained from the execution of the actual applications in the same devices. Experimental results show that it is possible to create synthetic applications with similar behavior to that of real applications and, thus, classify devices based on the actual application needs. The framework uses aspect‐oriented programming to collect the metrics of interest. This approach provides increased modularity and separation of concerns, thus facilitating the improvement of the framework itself, by adding other metrics or basic operations.     

Interactive topology optimization on hand-held devices

This paper presents an interactive topology optimization application designed for hand-held devices running iOS or Android. The TopOpt app solves the 2D minimum compliance problem with interactive control of load and support positions as well as volume fraction. Thus, it is possible to change the problem settings on the fly and watch the design evolve to a new optimum in real time. The use of an interactive app makes it extremely simple to learn and understand the influence of load-directions, support conditions and volume fraction. The topology optimization kernel is written in C# and the graphical user interface is developed using the game engine Unity3D. The underlying code is inspired by the publicly available 88 and 99 line Matlab codes for topology optimization but does not utilize any low-level linear algebra routines such as BLAS or LAPACK. The TopOpt App can be downloaded on iOS devices from the Apple App Store, at Google Play for the Android platform, and a web-version can be run from www.topopt.dtu.dk.     

Studying users’ perception of IoT mobile companion apps

Internet of Things (IoT) products provide over-the-net capabilities such as remote activation, monitoring, and notifications. An associated mobile app is often provided for more convenient usage of these capabilities. The perceived quality of these companion apps can impact the success of the IoT product. We investigate the perceived quality and prominent issues of smart-home IoT mobile companion apps with the aim of deriving insights to: (i) provide guidance to end users interested in adopting IoT products; (ii) inform companion app developers and IoT producers about characteristics frequently criticized by users; (iii) highlight open research directions. We employ a mixed-methods approach, analyzing both quantitative and qualitative data. We assess the perceived quality of companion apps by quantitatively analyzing the star rating and the sentiment of 1,347,799 Android and 48,498 iOS user reviews. We identify the prominent issues that afflict companion apps by performing a qualitative manual analysis of 1,000 sampled reviews. Our analysis shows that users’ judgment has not improved over the years. A variety of functional and non-functional issues persist, such as difficulties in pairing with the device, software flakiness, poor user interfaces, and presence of issues of a socio-technical impact. Our study highlights several aspects of companion apps that require improvement in order to meet user expectations and identifies future directions.     

数据驱动的移动应用用户接受度建模与预测

应用市场（app market）已经成为互联网环境下软件应用开发和交付的一种主流模式.相对于传统模式,应用市场模式下,软件的交付周期更短,用户的反馈更快,最终用户和开发者之间的联系更加紧密和直接.为应对激烈的竞争和动态演变的用户需求,移动应用开发者必须以快速迭代的方式不断更新应用,修复错误缺陷,完善应用质量,提升用户体验.因此,如何正确和综合理解用户对软件的接受程度（简称用户接受度）,是应用市场模式下软件开发需考量的重要因素.近年来兴起的软件解析学（software analytics）关注大数据分析技术在软件行业中的具体应用,对软件生命周期中大规模、多种类的相关数据进行挖掘和分析,被认为是帮助开发者提取有效信息、作出正确决策的有效途径.从软件解析学的角度,首先论证了为移动应用构建综合的用户接受度指标模型的必要性和可行性,并从用户评价数据、操作数据、交互行为数据这3个维度给出基本的用户接受度指标.在此基础上,使用大规模真实数据集,在目标用户群体预测、用户规模预测和更新效果预测等典型的用户接受度指标预测问题中,结合具体指标,提取移动应用生命周期不同阶段的重要特征,以协同过滤、回归融合、概率模型等方法验证用户接受度的可预测性,并讨论了预测结果与特征在移动应用开发过程中可能提供的指导.     

A static technique for detecting input validation vulnerabilities in Android apps

Input validation vulnerabilities are common in Android apps, especially in inter-component communications. Malicious attacks can exploit this kind of vulnerability to bypass Android security mechanism and compromise the integrity, confidentiality and availability of Android devices. However, so far there is not a sound approach at the source code level for app developers aiming to detect input validation vulnerabilities in Android apps. In this paper, we propose a novel approach for detecting input validation flaws in Android apps and we implement a prototype named EasyIVD, which provides practical static analysis of Java source code. EasyIVD leverages backward program slicing to extract transaction and constraint slices from Java source code. Then EasyIVD validates these slices with predefined security rules to detect vulnerabilities in a known pattern. To detect vulnerabilities in an unknown pattern, EasyIVD extracts implicit security specifications as frequent patterns from the duplicated slices and verifies them. Then EasyIVD semi-automatically confirms the suspicious rule violations and reports the confirmed ones as vulnerabilities. We evaluate EasyIVD on four versions of original Android apps spanning from version 2.2 to 5.0. It detects 58 vulnerabilities including confused deputy attacks and denial of service attacks. Our results prove that EasyIVD can provide a practical defensive solution for app developers.     

Digital narrative conventions in heritage trail mobile apps

ABSTRACT

Galleries, libraries, archives and museums (GLAMs) are increasingly using digital technologies for storytelling and creating mobile applications (apps) for cultural heritage content, but how apps are used in practice to communicate information to users has not been widely studied. A team of people from a heritage organisation, a university, and mobile app development group plan to create a bespoke heritage trail app for Ireland, but to date design conventions/recommendations for this genre are lacking. This article applies a systematic approach to digital narrative content analysis to better understand how apps are being used specifically for heritage trails with the aim of identifying what the common features are, which modalities and narrative techniques are used. The selected corpus included 55 apps downloaded from the Google Play Store. The results of this content analysis—based on the App Walkthrough Method (Light, B., Burgess, J., & Duguay, S. (2018). The walkthrough method: An approach to the study of apps. New Media & Society, 20(3), 881–900)—show that there is a gap between academic research themes/trends and how digital narrative is actually being communicated in the current market, and it aims to inform the future development of heritage trail apps by including a list of design and content features common to this genre.