1. CSN
  2. All Volumes and Issues
  3. Volume 7, Number 1, 2025
  4. Analysis of Security Risks in Mobile Applications Developed With Cross- Platform Frameworks

Analysis of Security Risks in Mobile Applications Developed With Cross- Platform Frameworks

CSN.
2025;
Volume 7, Number 1
: pp. 284 - 294
https://doi.org/10.23939/csn2025.01.284
Authors:
  1. T. O. Fedynyshyn
  2. O. O. Partyka
1
Lviv Polytechnic National University, Information Protection Department
2
Lviv Polytechnic National University, Department of Information Protection

The article focuses on the investigation of security risks in mobile applications developed using various frameworks, including Xamarin, Cordova, React Native, Flutter, and Android Native. The purpose of the study is to identify key vulnerabilities in the code, configurations, and permissions of mobile applications and to assess their criticality depending on the chosen development technology. As part of the research, static analysis of 6,165 mobile applications was conducted using the MobSF tool, covering aspects such as binary analysis, certificates, network security, Firebase configuration, permissions, and Android Manifest settings. The results indicate significant differences in the prevalence and criticality of vulnerabilities depending on the framework. Applications developed with Xamarin demonstrate higher risk levels in categories such as dangerous permissions and binary files, while Cordova shows the lowest incidence of critical issues related to certificates and exported components. Flutter reveals vulnerabilities in Android Manifest configurations and permissions, whereas Android Native exhibits a moderate security level with some network configuration issues. The analysis confirms the importance of static testing of mobile applications during their development to minimize risks. The results of the study can be utilized to develop practical recommendations aimed at improving the security of mobile applications and contribute to the creation of solutions that are more resilient to cyber threats.

android security
mobile security
mobile privacy
static analysis
android static analysis
mobile static analysis
mobile application security
mobile application data protection
react native security
flutter security
  1. You Dongliang, Hu Minjie. A Comparative Study of Cross-platform Mobile Application Development. 2021. Doi: https://doi.org/10.1145/3373376.3378534.
  2. Ortiz-Rodriguez F. et al. An Android App Permission Analysis for User Privacy and Security. Futuristic Trends   for   Sustainable   Development   and   Sustainable   Ecosystems.   IGI   Global,   2022.   Pp.   89-103.   Doi:    https://doi.org/10.4018/978-1-6684-4225-8.ch006.
  3. Aurelius M. Mobile Application Development : Framework with key criteria for choosing native or cross-platform application development, Dissertation, 2020.
  4. Juho Vepsäläinen, ECMAScript - The journey of a programming language from an idea to a standard, 2023. Doi: https://doi.org/10.48550/arXiv.2305.01373.
  5. Shevtsiv N., Shvets D., Karabut N. Prospects for Using React Native for Developing Cross-platform Mobile Applications. Central Ukrainian Scientific Bulletin. Technical Sciences. 2019. Col.2(33). Doi: https://doi.org/10.32515/2664-262X.2019.2(33).208-213.
  6. Xamarin (.NET MAUI), 2024. URL: https://dotnet.microsoft.com/en-us/apps/xamarin.
  7. Apache Cordova, 2024. URL: https://cordova.apache.org/.
  8. Singh Prachi. Future of Flutter - An Emerging Technology. Journal of Computer Science and System Software. 2024. 1. 25-29. Doi: https://doi.org/10.48001/jocsss.2024.1225-29.
  9. Fedorchenko V., Poliakov A. Analyzing the efficiency of technologies for developing mobile applications for Android OS. Bulletin of Kharkov National Automobile and Highway University, 2022. 81. Doi: https:// doi.org/10.30977/BUL.2219-5548.2022.96.0.81.
  10. Mohsen F., Abdelhaq H., Bisgin H. Security-centric ranking algorithm and two privacy scores to mitigate intrusive apps. Concurrency Computat Pract Exper. 2022. 34(14):e6571. Doi: https://doi.org/10.1002/cpe.6571.
  11. Similarweb Digital Intelligence: Unlock Your Digital Growth, 2024. URL: https://www.similarweb.com/.
  12. APKCombo - #1 APK Downloader, 2024. URL: https://apkcombo.com/.
  13. Archibong Esther, Stephen Bliss, Asuquo Philip. Analysis of Cybersecurity Vulnerabilities in Mobile Payment  Applications.  Archives  of  Advanced  Engineering  Science.  2024.  1-12.  Doi:  https://doi.org/10.47852/    bonviewAAES42022595.
  14. Firebase. 2024. URL: https://firebase.google.com/.
  15. Blancaflor E., Pastrana R.LP.J., Sheng M.J.C., Tamayo J.R.D., Umali J.A.M. A Security and Vulnerability Assessment on Android Gambling Applications. Computer and Communication Engineering. CCCE 2023. Communications in Computer and Information Science. 2023. Vol. 1823. Springer, Cham. Doi: https://doi.org/10.1007/978-3-031-35299-7_9.
  16. Hrushik Raj S., Thejaswini P., Nandi S. Reverse Engineering techniques for Android systems: A Systematic approach, 2023 IEEE Guwahati Subsection Conference, GCON 2023. Doi: https://doi.org/10.1109/GCON58516.2023.10183629.
  17. Li Y., Liang G., Tang K., Teng Y., Ruan H., Mo Z. (2024). Design and Implementation of an Automated APK Analysis System for Practical Forensics. Proceedings of the 13th International Conference on Computer Engineering and Networks. CENet 2023. Lecture Notes in Electrical Engineering. Vol 1125. Springer, Singapore. Doi:    https://doi.org/10.1007/978-981-99-9239-3_36.
  18. Willocx M., Vossaert J., Naessens V. Security Analysis of Cordova Applications in Google Play. In Proceedings of the 12th International Conference on Availability, Reliability and Security (ARES '17). Association for Computing Machinery, New York, NY, USA, 2017. Article 46, 1–7. Doi: https://doi.org/10.1145/3098954.3103162.
  19. Rambhia Palash, Shinde Parth, Bamane Kalyan. Securing Flutter Applications: A Comprehensive Study. 2023. 1-5. Doi: https://doi.org/10.1109/ICCUBEA58933.2023.10392001.