A First Look at Android Applications in Google Play related to Covid-19

Due to the convenience of access-on-demand to information and business solutions, mobile apps have become an important asset in the digital world. In the context of the Covid-19 pandemic, app developers have joined the response effort in various ways by releasing apps that target different user bases (e.g., all citizens or journalists), offer different services (e.g., location tracking or diagnostic-aid), provide generic or specialized information, etc. While many apps have raised some concerns by spreading misinformation or even malware, the literature does not yet provide a clear landscape of the different apps that were developed. In this study, we focus on the Android ecosystem and investigate Covid-related Android apps. In a best-effort scenario, we attempt to systematically identify all relevant apps and study their characteristics with the objective to provide a first taxonomy of Covid-related apps, broadening the relevance beyond the implementation of contact tracing. Overall, our study yields a number of empirical insights that contribute to enlarge the knowledge on Covid-related apps: (1) Developer communities contributed rapidly to the Covid-19, with apps released as early as February 2020; (2) Covid-related apps deliver digital tools to users (e.g., health diaries), serve to broadcast information to users (e.g., spread statistics), and collect data from users (e.g., for tracing); (3) Covid-related apps are less complex than standard apps; (4) they generally do not seem to leak sensitive data; (5) in the majority of cases, Covid-related apps are released by entities with past experience on the market, mostly official government entities or public health organizations.

[1]  Jacques Klein,et al.  Negative Results on Mining Crypto-API Usage Rules in Android Apps , 2019, 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR).

[2]  Elisabeth Mahase,et al.  Coronavirus: covid-19 has killed more people than SARS and MERS combined, despite lower case fatality rate , 2020, BMJ.

[3]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[4]  Jacques Klein,et al.  AndroZoo: Collecting Millions of Android Apps for the Research Community , 2016, 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR).

[5]  Jason Nieh,et al.  A measurement study of google play , 2014, SIGMETRICS '14.

[6]  Chris F. Kemerer,et al.  A Metrics Suite for Object Oriented Design , 2015, IEEE Trans. Software Eng..

[7]  Bogdan Carbunar,et al.  A longitudinal study of the Google app market , 2015, 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM).

[8]  Bernd Freisleben,et al.  Mind the GAP: Security & Privacy Risks of Contact Tracing Apps , 2020, 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom).

[9]  Jacques Klein,et al.  An Investigation into the Use of Common Libraries in Android Apps , 2015, 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER).

[10]  F. Wilcoxon Individual Comparisons by Ranking Methods , 1945 .

[11]  Jacques Klein,et al.  Revisiting the impact of common libraries for android-related investigations , 2019, J. Syst. Softw..

[12]  G. Remuzzi,et al.  COVID-19 and Italy: what next? , 2020, The Lancet.

[13]  Jacques Klein,et al.  IccTA: Detecting Inter-Component Privacy Leaks in Android Apps , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[14]  Allan Schwartz,et al.  COVID-19 and Cardiovascular Disease , 2020, Circulation.

[15]  Alessandra Gorla,et al.  Checking app behavior against app descriptions , 2014, ICSE.

[16]  Mariano Ceccato,et al.  Experimental Comparison of Features and Classifiers for Android Malware Detection , 2020, 2020 IEEE/ACM 7th International Conference on Mobile Software Engineering and Systems (MOBILESoft).

[17]  Ivan Martinovic,et al.  Short Paper: A Longitudinal Study of Financial Apps in the Google Play Store , 2017, Financial Cryptography.

[18]  David Lo,et al.  What are the characteristics of high-rated apps? A case study on free Android Applications , 2015, 2015 IEEE International Conference on Software Maintenance and Evolution (ICSME).

[19]  Xiaochen Li,et al.  What makes a good app description? , 2014, Internetware.

[20]  Jacques Klein,et al.  MoonlightBox: Mining Android API Histories for Uncovering Release-Time Inconsistencies , 2018, 2018 IEEE 29th International Symposium on Software Reliability Engineering (ISSRE).

[21]  Claudia Eckert,et al.  MANIS: evading malware detection system on graph structure , 2020, SAC.

[22]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[23]  Zhong Chen,et al.  AutoCog: Measuring the Description-to-permission Fidelity in Android Applications , 2014, CCS.

[24]  Joydeep Mitra,et al.  Are free Android app security analysis tools effective in detecting known vulnerabilities? , 2018, Empirical Software Engineering.

[25]  H. B. Mann,et al.  On a Test of Whether one of Two Random Variables is Stochastically Larger than the Other , 1947 .

[26]  Marjan Hericko,et al.  Using Object Oriented Software Metrics for Mobile Application Development , 2013, SQAMIA.

[27]  Mira Mezini,et al.  CogniCrypt: Supporting developers in using cryptography , 2017, 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[28]  Yajin Zhou,et al.  Beyond the Virus: A First Look at Coronavirus-themed Mobile Malware , 2020, ArXiv.

[29]  A. Spinelli,et al.  COVID-19 pandemic: perspectives on an unfolding crisis , 2020, The British journal of surgery.

[30]  Yun Yang,et al.  Diversified Third-Party Library Prediction for Mobile App Development , 2022, IEEE Transactions on Software Engineering.

[31]  Jacques Klein,et al.  On the Evolution of Mobile App Complexity , 2019, 2019 24th International Conference on Engineering of Complex Computer Systems (ICECCS).

[32]  Tim Riffe,et al.  Monitoring trends and differences in COVID-19 case fatality rates using decomposition methods: Contributions of age structure and age-specific fatality , 2020, medRxiv.