Security requirements validation for mobile apps: A systematic literature review

Abstract

Security requirements are important to increase the confidence of mobile users to perform many online transactions, such as banking, booking and payment via mobile devices. Objective: This study aims to identify the attributes of security requirements for mobile applications (mobile apps) and the existing tools, techniques and approaches used in security requirements. The gaps and limitations for each approach are also discussed. Method: We conducted a systematic literature review to identify and analyse related literatures on validation of security requirements for mobile apps. We identified 68 studies that provide relevant information on security requirements for mobile apps. Result: There were two main findings: (1) the attributes of security requirements that are relevant for mobile apps are authentication, confidentiality, authorization, access control and integrity; (2) Mobile security testing methods for validating security requirements of mobile apps were also identified. Finally, the gaps and limitation of each approach requirements in relation to mobile apps were also discussed. Conclusions: The main challenge of security requirements is to identify the most appropriate security attributes and security testing technique to validate security requirements for mobile apps. As such, requirements engineers should consider the challenges posed by security requirements such as testing when validating and developing security requirements for mobile apps testing technique. Further, correct security requirements for security attributes of security requirements need to be considered at the early stage of development of the mobile apps development.