An official website of the European Union How do you know?      
European Commission logo
JRC Publications Repository Menu

Assessing the Effectiveness of LLMs in Android Application Vulnerability Analysis

cover
The increasing frequency of attacks on Android applications necessitates a comprehensive understanding of the capabilities of large language models (LLMs) in identifying potential vulnerabilities, which is key to mitigate the overall risk. To this end, the work at hand compares the ability of nine state-of-the-art LLMs to detect Android code vulnerabilities listed in the latest OWASP Mobile Top 10. Each LLM was evaluated against an open dataset of over 100 vulnerable code samples, including obfuscated ones, assessing each model’s ability to identify key vulnerabilities. Our analysis reveals the strengths and weaknesses of each LLM, identifying important factors that contribute to their performance. Additionally, we offer insights into context augmentation with retrievalaugmented generation (RAG) for detecting Android code vulnerabilities, which in turn may propel secure application development. Finally, while the reported findings regarding code vulnerability analysis show promise, they also reveal significant discrepancies among the different LLMs.
2025-07-11
SPRINGER VERLAG
JRC137829
1611-3349 (online),   
https://publications.jrc.ec.europa.eu/repository/handle/JRC137829,   
10.1007/978-3-031-85593-1_9 (online),   
NameCountryCityType
Datasets
IDTitlePublic URL
Dataset collections
IDAcronymTitlePublic URL
Scripts / source codes
DescriptionPublic URL
Additional supporting files
File nameDescriptionFile type 
Show metadata record  Copy citation url to clipboard  Download BibTeX
Items published in the JRC Publications Repository are protected by copyright, with all rights reserved, unless otherwise indicated. Additional information: https://ec.europa.eu/info/legal-notice_en#copyright-notice