Penetration Frameworks and Development Issues in Secure Mobile Application Development: A Systematic Literature Review

Ikram Ul Haq; Tamim Ahmed Khan

doi:10.1109/ACCESS.2021.3088229

IEEE Access (Jan 2021)

Penetration Frameworks and Development Issues in Secure Mobile Application Development: A Systematic Literature Review

Ikram Ul Haq,
Tamim Ahmed Khan

Affiliations

Ikram Ul Haq: Department of Software Engineering, Bahria University, Islamabad, Pakistan
Tamim Ahmed Khan: ORCiD; Department of Software Engineering, Bahria University, Islamabad, Pakistan

DOI: https://doi.org/10.1109/ACCESS.2021.3088229
Journal volume & issue: Vol. 9
pp. 87806 – 87825

Abstract

Read online

The invention of smartphones has opened a new market for mobile application development. Amateur android app developers often do not possess knowledge of the latest android vulnerabilities and thus create applications with attack surface that hackers exploit. In this literature review, many available frameworks and techniques have been analyzed using ISO/IEC 25010 software quality model and identified challenges that android developers face in designing a secure application for android. This paper also presents a comprehensive survey of different penetration tools, evaluated by using criteria such as code analysis, code review, vulnerability analysis, vulnerability exploit, payload and whether these can be used in vulnerability modeling during the design phase. Our study effectively identifies the issues and gaps which can further help develop a framework/tool for designing a penetration secure mobile application by embedding all the vulnerabilities during the design phase using an android vulnerability repository.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords