Refine research questions about Android project

andymeneely / attack-surface-metrics

Scripts for collecting metrics of the attack surface

MIT License

14 stars 4 forks source link

Refine research questions about Android project #36

Open megakevin opened 9 years ago

megakevin commented 9 years ago

Currently, we have some open-ended questions. Let's refine them to include things like:

Multiple APK releases
Download and user ratings counts
Security measurements like AndroRisk and over/under permissions

Post the research questions here. Let's have 3-5 research questions by Feb 24.

megakevin commented 9 years ago

Is the attack surface in Android applications related to their popularity? Measures of popularity could be number of downloads, number of user ratings or the rating level.
Is the attack surface in Android applications related to their perceived quality? Maybe user comments and ratings can be used as indicators of perceived quality.
Is the attack surface in Android applications related to their permission gap? Permission gap is a known security issue in Android apps so we could compare the attack surface to that.

megakevin commented 9 years ago

Let's refine the metaphor of attack surface. Ultimately, this should be a paper about mobile, not a paper about attack surface with mobile apps as case studies. Reimagine the RQs around that notion.

megakevin commented 9 years ago

How different packages of the android application development framework contribute to the attack surface?

Maybe there are some packages that contain more input/output methods than others. Or maybe those input/output methods are riskier (easier to attack or have higher damage potential).