Eliciting Security Requirments for Mobile Apps: a Replication Study

Mobile applications (mobile apps) are becoming a common medium for conducting transaction, saving data and exchanging information online. However, an important issue that has been overlooked is the emphasis on security issues at the early stage of mobile apps development. It has become a common practice among requirements engineers to deal with security issues after the mobile apps have been developed. This scenario has led to the failure of developing secure and safe mobile application based on the needs of the users. Motivated by this problem, we propose an automated support tool to assist requirements engineers to elicit security related requirements at the early stage of mobile apps development. This paper reported a replication of a study from our previous work that describes our user study and tool support, called MobiMEReq. This tool uses SecEUCs and SecEUIs prototype model to automatically elicit the security attributes requirements of mobile apps. In this paper, we reported the results drawn from an experiment of a user study to compare the capability of the MobiMEReq in relation to the manual approach. The results of the user study show that the tool support has higher accuracy rate in comparison to the manual approach to extract security attributes elicited from functional requirements. This implies that our tool is able to help requirements engineers to easily elicit security attribute requirements of mobile apps.