ESEC/FSE Workshops 2017
2017 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2017)
Powered by
Conference Publishing Consulting

2nd ACM SIGSOFT International Workshop on App Market Analytics (WAMA 2017), September 5, 2017, Paderborn, Germany

WAMA 2017 – Proceedings

Contents - Abstracts - Authors

2nd ACM SIGSOFT International Workshop on App Market Analytics (WAMA 2017)

Title Page

Message from the Chairs
Welcome to the 2nd International Workshop on App Market Analytics (WAMA 2017) in Paderborn, Germany, taking place on September 05, 2017, co-located with ESEC/FSE 2017. All information on WAMA can be found online at

Mining Mobile App Markets for Prioritization of Security Assessment Effort
Alireza Sadeghi, Naeem Esfahani, and Sam MalekORCID logo
(University of California at Irvine, USA; Google, USA)
Like any other software engineering activity, assessing the security of a software system entails prioritizing the resources and minimizing the risks. Techniques ranging from the manual inspection to automated static and dynamic analyses are commonly employed to identify security vulnerabilities prior to the release of the software. However, none of these techniques is perfect, as static analysis is prone to producing lots of false positives and negatives, while dynamic analysis and manual inspection are unwieldy, both in terms of required time and cost. This research aims to improve these techniques by mining relevant information from vulnerabilities found in the app markets. The approach relies on the fact that many modern software systems, in particular mobile software, are developed using rich application development frameworks (ADF), allowing us to raise the level of abstraction for detecting vulnerabilities and thereby making it possible to classify the types of vulnerabilities that are encountered in a given category of application. By coupling this type of information with severity of the vulnerabilities, we are able to improve the efficiency of static and dynamic analyses, and target the manual effort on the riskiest vulnerabilities.

Android Apps and User Feedback: A Dataset for Software Evolution and Quality Improvement
Giovanni GranoORCID logo, Andrea Di Sorbo, Francesco Mercaldo, Corrado A. Visaggio, Gerardo Canfora, and Sebastiano Panichella
(University of Zurich, Switzerland; University of Sannio, Italy; IIT-CNR, Italy)
Nowadays, Android represents the most popular mobile platform with a market share of around 80%. Previous research showed that data contained in user reviews and code change history of mobile apps represent a rich source of information for reducing software maintenance and development effort, increasing customers' satisfaction. Stemming from this observation, we present in this paper a large dataset of Android applications belonging to 23 different apps categories, which provides an overview of the types of feedback users report on the apps and documents the evolution of the related code metrics. The dataset contains about 395 applications of the F-Droid repository, including around 600 versions, 280,000 user reviews and more than 450,000 user feedback (extracted with specific text mining approaches). Furthermore, for each app version in our dataset, we employed the Paprika tool and developed several Python scripts to detect 8 different code smells and compute 22 code quality indicators. The paper discusses the potential usefulness of the dataset for future research in the field.

Understanding the Security Management of Global Third-Party Android Marketplaces
Yuta Ishii, Takuya Watanabe, Fumihiro Kanei, Yuta Takata, Eitaro Shioji, Mitsuaki Akiyama, Takeshi Yagi, Bo Sun, and Tatsuya Mori
(Waseda University, Japan; NTT, Japan)
As an open platform, Android enables the introduction of a variety of third-party marketplaces in which developers can provide mo- bile apps that are not provided in the official marketplace. Since the initial release of Android OS in 2008, many third-party app marketplaces have been launched all over the world. e diversity of which leads us to the following research question: are these third- party marketplaces securely managed? is work aims to answer this question through a large-scale empirical study. We collected more than 4.7 million Android apps from 27 third-party market- places, including ones that had not previously been studied in the research community, and analyzed them to study their security measures. Based on the results, we also a empt to quantify the security index of these marketplaces.

Studying Software Descriptions in SourceForge and App Stores for a Better Understanding of Real-Life Requirements
Frederik Simon Bäumer, Markus Dollmann, and Michaela Geierhos
(University of Paderborn, Germany)
Users prefer natural language software requirements because of their usability and accessibility. Many approaches exist to elaborate these requirements and to support the users during the elicitation process. But there is a lack of adequate resources, which are needed to train and evaluate approaches for requirement refinement. We are trying to close this gap by using online available software descriptions from SourceForge and app stores. Thus, we present two real-life requirements collections based on online-available software descriptions. Our goal is to show the domain-specific characteristics of content words describing functional requirements. On the one hand, we created a semantic role-labeled requirements set, which we use for requirements classification. On the other hand, we enriched software descriptions with linguistic features and dependencies to provide evidence for the context-awareness of software functionalities.

proc time: 1.49