Henry Narits

Doctoral defence: Kristiina Rahkema “Quality Analysis of iOS Applications with Focus on Maintainability and Security Aspects“

On 23. October at 10.15 am Kristiina Rahkema will defend her doctoral thesis "Quality Analysis of iOS Applications with Focus on Maintainability and Security Aspects" for obtaining the degree of Doctor of Philosophy (Computer Science).

Prof. Dietmar Pfahl, University of Tartu

Prof Tom Mens, University of Mons (Belgium);
Assoc. Prof. Luis Miranda da Cruz, Technische Universiteit Delft (Netherlands).

Smartphones have become an inseparable component in our lives. There is an app for everything: messaging, online banking, unlocking the car. Unfortunately, many of these apps are insecure. Vulnerabilities have been discovered in apps such as Facebook, TikTok, and WhatsApp. The severity of such vulnerabilities can range from information disclosure to remote code execution jeopardising our most private data. Many studies have been conducted on Android apps analysing different aspects of code quality such as maintainability and security. Very little tooling support and almost no research exists on iOS apps. Due to its popularity, it is important to support developers in building quality apps both in regards to security and maintainability for iOS.

The goal of this thesis is to improve tool support for both developers and researchers and to fill some of the research gaps related to maintainability and security of iOS apps. We first developed GraphifySwift, a tool that detects code smells in projects written in Swift. Then, we applied GraphifySwift to open source iOS apps and analysed the distribution and frequency of code smells. Additionally, we compared code smells in iOS and Android apps. Based on these additional analyses we developed GraphfiyEvolution, an extendable tool that can analyse both snapshots and the evolution of projects. We used GraphifyEvolution for a preliminary code smell evolution analysis.

We implemented SwiftDependencyChekcer, a tool that extracts information on third-party library dependencies from iOS apps and detects vulnerable dependencies. We used GraphifyEvolution and SwiftDependencyChecker to build a library dependency network (LDN) dataset for third-party libraries in the Swift ecosystem. We used this dataset to study different aspects of the Swift LDN. We analysed the overall evolution of the Swift LDN, the use of package managers, technical lag in library dependencies and the spread of vulnerabilities.