Empirical analysis of code smells

Some time ago I wrote about my analysis of open source iOS apps regarding code smells:

I was asked about the most and least smelly apps, so I combined a table with 10 apps with the highest total count of smells:

How smelly is the code and what about testing?

We analysed 273 open source iOS apps written in swift for 33 object oriented and 2 iOS specific code smells. We also looked at how well tested these apps were.

Where did we find open source apps?

Open source apps are not as common in iOS as in Android, but there is a collaborative list of open source iOS apps on GitHub. Some of the apps are in the app store, but not all of them.

Some stats

  • 568 apps written in swift
  • 273 apps successfully analysed
  • of which 68 apps also in app store
  • Smallest app has 2 classes
  • Largest app has 1112 classes
  • 10569 classes…

Why it is important to use them in closures — an example

If you’re familiar with Swift you should have heard the keywords unowned and weak. If you haven’t heard of them, look them up now. I won’t explain everything about the keywords, but I will tell you why you should know and use them.

What happens if we do not use unowned or weak keywords in closures?
The short answer is: memory leaks!
The long answer is: let me show you…

Let’s See How It Works!

To demonstrate how not using unowned or weak keywords can create memory leaks, I wrote a simple app that lets you enter web request status codes, then displays them in…

As mobile application developers we should be familiar with possible security risks that a mobile application might face. Knowing possible risks makes it easier to avoid possible pitfalls and write more secure applications.

OWASP (Open Web Application Security Project) is an online community of security specialists that have created freely available learning materials, documentation and tools to help build secure web and mobile applications. Among others they have compiled a list of 10 most common threats to mobile applications.

Although the documentation by OWASP is excellent I still had a difficult time understanding how these risks can be taken advantage…


I’m an iOS developer with an interest in app security. I’m also a PhD student and junior researcher working on static analysis for mobile applications.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store