A Systematic Literature Review on Vulnerability Detection Approaches for IoT Mobile Applications. Zongo Meyo, undefined, Morales, R., Pete, I., & Gu�h�neuc, Y. Internet of Things Journal (IoTJ), 13(3):3965–3987, IEEE CS Press, February, 2026. 23 pages.![A Systematic Literature Review on Vulnerability Detection Approaches for IoT Mobile Applications [pdf]](https://bibbase.org/img/filetypes/pdf.svg "pdf")
Paper abstract bibtex Internet of Things (IoT) systems are pervasive and increasingly managed through mobile applications. However, poorly designed mobile applications can expose sensitive information to external adversaries. Mitigating such vulnerabilities requires both developers and researchers to apply well-established practices and design secure systems based on clearly defined approaches for vulnerability detection. Although databases such as Open Worldwide Application Security Project (OWASP) and Common Vulnerabilities and Exposures (CVE) catalog known IoT vulnerabilities, no standardized methodology exists for detecting security weaknesses in IoT mobile applications (IoTMAs) during IoTMA development. Building on prior research, our research objectives are to: 1) identify, classify, and prioritize critical security vulnerabilities in IoTMAs; 2) survey existing vulnerability detection approaches (VDAs) for IoTMAs; 3) critically evaluate the effectiveness of existing VDAs by analyzing their evaluation methodologies and dataset validation; and 4) formulate evidence-based recommendations based on the limitations of existing methods for detecting security vulnerabilities in IoTMAs. We performed a systematic literature review (SLR) from selected primary studies (PSs). From 856 papers retrieved from six academic databases—Scopus, Springer, and Engineering Village (EV), which hosts Compendex (covering IEEE Xplore and the ACM Digital Library), and Inspec (IET)—we reviewed 39 research papers. Our findings include: 1) identification of 52 security vulnerabilities, eight critical (i.e., reported in at least four studies); 2) discovery of seven distinct VDAs; 3) comprehensive VDAs effectiveness evaluation using empirical metrics, accuracy assessments, reproducibility analysis, comparative studies, and validation across diverse IoTMAs marketplaces; and 4) recommendations to guide developers and practitioners in selecting appropriate VDAs, thereby supporting the development of secure IoTMAs and enhanced penetration testing. Our study raises awareness of state-of-the-art VDAs, identifies research gaps in existing approaches, and provides recommendations to enhance existing techniques and guide new development, supporting software engineers in making informed technique selection decisions.
@ARTICLE{ZongoMeyo26-IoTJ-VulnerabilityIoTApps,
AUTHOR = {Zongo Meyo, and Rodrigo Morales and Ildiko Pete and
Yann-Ga�l Gu�h�neuc},
JOURNAL = {Internet of Things Journal (IoTJ)},
TITLE = {A Systematic Literature Review on Vulnerability
Detection Approaches for IoT Mobile Applications},
YEAR = {2026},
MONTH = {February},
NOTE = {23 pages.},
NUMBER = {3},
PAGES = {3965–3987},
VOLUME = {13},
EDITOR = {Nei Kato},
KEYWORDS = {Topic: <b>ESE for the IoT</b>,
Rubrique : <b>GL empirique pour l'IdO</b>, Journal: <b>IoTJ</b>},
PUBLISHER = {IEEE CS Press},
URL = {http://www.ptidej.net/publications/documents/IoTJ26b.doc.pdf},
ABSTRACT = {Internet of Things (IoT) systems are pervasive and
increasingly managed through mobile applications. However, poorly
designed mobile applications can expose sensitive information to
external adversaries. Mitigating such vulnerabilities requires both
developers and researchers to apply well-established practices and
design secure systems based on clearly defined approaches for
vulnerability detection. Although databases such as Open Worldwide
Application Security Project (OWASP) and Common Vulnerabilities and
Exposures (CVE) catalog known IoT vulnerabilities, no standardized
methodology exists for detecting security weaknesses in IoT mobile
applications (IoTMAs) during IoTMA development. Building on prior
research, our research objectives are to: 1) identify, classify, and
prioritize critical security vulnerabilities in IoTMAs; 2) survey
existing vulnerability detection approaches (VDAs) for IoTMAs; 3)
critically evaluate the effectiveness of existing VDAs by analyzing
their evaluation methodologies and dataset validation; and 4)
formulate evidence-based recommendations based on the limitations of
existing methods for detecting security vulnerabilities in IoTMAs. We
performed a systematic literature review (SLR) from selected primary
studies (PSs). From 856 papers retrieved from six academic
databases—Scopus, Springer, and Engineering Village (EV), which
hosts Compendex (covering IEEE Xplore and the ACM Digital Library),
and Inspec (IET)—we reviewed 39 research papers. Our findings
include: 1) identification of 52 security vulnerabilities, eight
critical (i.e., reported in at least four studies); 2) discovery of
seven distinct VDAs; 3) comprehensive VDAs effectiveness evaluation
using empirical metrics, accuracy assessments, reproducibility
analysis, comparative studies, and validation across diverse IoTMAs
marketplaces; and 4) recommendations to guide developers and
practitioners in selecting appropriate VDAs, thereby supporting the
development of secure IoTMAs and enhanced penetration testing. Our
study raises awareness of state-of-the-art VDAs, identifies research
gaps in existing approaches, and provides recommendations to enhance
existing techniques and guide new development, supporting software
engineers in making informed technique selection decisions.}
}
Downloads: 0
{"_id":"NBBLvWjhcCs87kQHF","bibbaseid":"zongomeyo-morales-pete-guhneuc-asystematicliteraturereviewonvulnerabilitydetectionapproachesforiotmobileapplications-2026","author_short":["Zongo Meyo, undefined","Morales, R.","Pete, I.","Gu�h�neuc, Y."],"bibdata":{"bibtype":"article","type":"article","author":[{"propositions":[],"lastnames":["Zongo","Meyo"],"firstnames":[""],"suffixes":[]},{"firstnames":["Rodrigo"],"propositions":[],"lastnames":["Morales"],"suffixes":[]},{"firstnames":["Ildiko"],"propositions":[],"lastnames":["Pete"],"suffixes":[]},{"firstnames":["Yann-Ga�l"],"propositions":[],"lastnames":["Gu�h�neuc"],"suffixes":[]}],"journal":"Internet of Things Journal (IoTJ)","title":"A Systematic Literature Review on Vulnerability Detection Approaches for IoT Mobile Applications","year":"2026","month":"February","note":"23 pages.","number":"3","pages":"3965–3987","volume":"13","editor":[{"firstnames":["Nei"],"propositions":[],"lastnames":["Kato"],"suffixes":[]}],"keywords":"Topic: <b>ESE for the IoT</b>, Rubrique : <b>GL empirique pour l'IdO</b>, Journal: <b>IoTJ</b>","publisher":"IEEE CS Press","url":"http://www.ptidej.net/publications/documents/IoTJ26b.doc.pdf","abstract":"Internet of Things (IoT) systems are pervasive and increasingly managed through mobile applications. However, poorly designed mobile applications can expose sensitive information to external adversaries. Mitigating such vulnerabilities requires both developers and researchers to apply well-established practices and design secure systems based on clearly defined approaches for vulnerability detection. Although databases such as Open Worldwide Application Security Project (OWASP) and Common Vulnerabilities and Exposures (CVE) catalog known IoT vulnerabilities, no standardized methodology exists for detecting security weaknesses in IoT mobile applications (IoTMAs) during IoTMA development. Building on prior research, our research objectives are to: 1) identify, classify, and prioritize critical security vulnerabilities in IoTMAs; 2) survey existing vulnerability detection approaches (VDAs) for IoTMAs; 3) critically evaluate the effectiveness of existing VDAs by analyzing their evaluation methodologies and dataset validation; and 4) formulate evidence-based recommendations based on the limitations of existing methods for detecting security vulnerabilities in IoTMAs. We performed a systematic literature review (SLR) from selected primary studies (PSs). From 856 papers retrieved from six academic databases—Scopus, Springer, and Engineering Village (EV), which hosts Compendex (covering IEEE Xplore and the ACM Digital Library), and Inspec (IET)—we reviewed 39 research papers. Our findings include: 1) identification of 52 security vulnerabilities, eight critical (i.e., reported in at least four studies); 2) discovery of seven distinct VDAs; 3) comprehensive VDAs effectiveness evaluation using empirical metrics, accuracy assessments, reproducibility analysis, comparative studies, and validation across diverse IoTMAs marketplaces; and 4) recommendations to guide developers and practitioners in selecting appropriate VDAs, thereby supporting the development of secure IoTMAs and enhanced penetration testing. Our study raises awareness of state-of-the-art VDAs, identifies research gaps in existing approaches, and provides recommendations to enhance existing techniques and guide new development, supporting software engineers in making informed technique selection decisions.","bibtex":"@ARTICLE{ZongoMeyo26-IoTJ-VulnerabilityIoTApps,\r\n AUTHOR = {Zongo Meyo, and Rodrigo Morales and Ildiko Pete and \r\n Yann-Ga�l Gu�h�neuc},\r\n JOURNAL = {Internet of Things Journal (IoTJ)},\r\n TITLE = {A Systematic Literature Review on Vulnerability \r\n Detection Approaches for IoT Mobile Applications},\r\n YEAR = {2026},\r\n MONTH = {February},\r\n NOTE = {23 pages.},\r\n NUMBER = {3},\r\n PAGES = {3965–3987},\r\n VOLUME = {13},\r\n EDITOR = {Nei Kato},\r\n KEYWORDS = {Topic: <b>ESE for the IoT</b>, \r\n Rubrique : <b>GL empirique pour l'IdO</b>, Journal: <b>IoTJ</b>},\r\n PUBLISHER = {IEEE CS Press},\r\n URL = {http://www.ptidej.net/publications/documents/IoTJ26b.doc.pdf},\r\n ABSTRACT = {Internet of Things (IoT) systems are pervasive and \r\n increasingly managed through mobile applications. However, poorly \r\n designed mobile applications can expose sensitive information to \r\n external adversaries. Mitigating such vulnerabilities requires both \r\n developers and researchers to apply well-established practices and \r\n design secure systems based on clearly defined approaches for \r\n vulnerability detection. Although databases such as Open Worldwide \r\n Application Security Project (OWASP) and Common Vulnerabilities and \r\n Exposures (CVE) catalog known IoT vulnerabilities, no standardized \r\n methodology exists for detecting security weaknesses in IoT mobile \r\n applications (IoTMAs) during IoTMA development. Building on prior \r\n research, our research objectives are to: 1) identify, classify, and \r\n prioritize critical security vulnerabilities in IoTMAs; 2) survey \r\n existing vulnerability detection approaches (VDAs) for IoTMAs; 3) \r\n critically evaluate the effectiveness of existing VDAs by analyzing \r\n their evaluation methodologies and dataset validation; and 4) \r\n formulate evidence-based recommendations based on the limitations of \r\n existing methods for detecting security vulnerabilities in IoTMAs. We \r\n performed a systematic literature review (SLR) from selected primary \r\n studies (PSs). From 856 papers retrieved from six academic \r\n databases—Scopus, Springer, and Engineering Village (EV), which \r\n hosts Compendex (covering IEEE Xplore and the ACM Digital Library), \r\n and Inspec (IET)—we reviewed 39 research papers. Our findings \r\n include: 1) identification of 52 security vulnerabilities, eight \r\n critical (i.e., reported in at least four studies); 2) discovery of \r\n seven distinct VDAs; 3) comprehensive VDAs effectiveness evaluation \r\n using empirical metrics, accuracy assessments, reproducibility \r\n analysis, comparative studies, and validation across diverse IoTMAs \r\n marketplaces; and 4) recommendations to guide developers and \r\n practitioners in selecting appropriate VDAs, thereby supporting the \r\n development of secure IoTMAs and enhanced penetration testing. Our \r\n study raises awareness of state-of-the-art VDAs, identifies research \r\n gaps in existing approaches, and provides recommendations to enhance \r\n existing techniques and guide new development, supporting software \r\n engineers in making informed technique selection decisions.}\r\n}\r\n\r\n","author_short":["Zongo Meyo, undefined","Morales, R.","Pete, I.","Gu�h�neuc, Y."],"editor_short":["Kato, N."],"key":"ZongoMeyo26-IoTJ-VulnerabilityIoTApps","id":"ZongoMeyo26-IoTJ-VulnerabilityIoTApps","bibbaseid":"zongomeyo-morales-pete-guhneuc-asystematicliteraturereviewonvulnerabilitydetectionapproachesforiotmobileapplications-2026","role":"author","urls":{"Paper":"http://www.ptidej.net/publications/documents/IoTJ26b.doc.pdf"},"keyword":["Topic: <b>ESE for the IoT</b>","Rubrique : <b>GL empirique pour l'IdO</b>","Journal: <b>IoTJ</b>"],"metadata":{"authorlinks":{}}},"bibtype":"article","biburl":"http://www.yann-gael.gueheneuc.net/Work/Publications/Biblio/complete-bibliography.bib","dataSources":["8vn5MSGYWB4fAx9Z4"],"keywords":["topic: <b>ese for the iot</b>","rubrique : <b>gl empirique pour l'ido</b>","journal: <b>iotj</b>"],"search_terms":["systematic","literature","review","vulnerability","detection","approaches","iot","mobile","applications","zongo meyo","morales","pete","gu�h�neuc"],"title":"A Systematic Literature Review on Vulnerability Detection Approaches for IoT Mobile Applications","year":2026}