Identifying security issues for mobile applications based on user review summarization

Abstract

Abstract Context With the development of mobile apps, public concerns about security issues are continually rising. From the user’s perspective, it is crucial to be aware of the security issues of apps. Reviews serve as an important channel for users to discover the diverse issues of apps. However, previous works rarely rely on existing reviews to provide a detailed summarization of the app’s security issues. Objective To provide a detailed overview of apps’ security issues for users, this paper introduces SRR-Miner, a novel review summarization approach that automatically summarizes security issues and users’ sentiments. Method SRR-Miner follows a keyword-based approach to extracting security-related review sentences. It summarizes security issues and users’ sentiments with triples, which makes full use of the deep analysis of sentence structures. SRR-Miner also provides visualized review summarization through a radar chart. Results The evaluation on 17 mobile apps shows that SRR-Miner achieves higher F1-score and MCC than Machine Learning-based classification approaches in extracting security-related review sentences. It also accurately identifies misbehaviors, aspects and opinions from review sentences. A qualitative study shows that SRR-Miner outperforms two state-of-the-art approaches (AR-Miner and SUR-Miner) in terms of summarizing security issues and users’ sentiments. A further user survey indicates the usefulness of the summarization of SRR-Miner. Conclusion SRR-Miner is capable of automatically extracting security-related review sentences based on keywords, and summarizing misbehaviors, aspects and opinions of review sentences with a deep analysis of the sentence structures.