A Stitch in Time: Supporting Android Developers in WritingSecure Code
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017
Abstract
Despite security advice in the official documentation and an extensive body of security research about vulnerabilities and exploits, many developers still fail to write secure Android applications. Frequently, Android developers fail to adhere to security best practices, leaving applications vulnerable to a multitude of attacks. We point out the advantage of a low-time-cost tool both to teach better secure coding and to improve app security. Using the FixDroid IDE plug-in, we show that professional and hobby app developers can work with and learn from an in-environment tool without it impacting their normal work; and by performing studies with both students and professional developers, we identify key UI requirements and demonstrate that code delivered with such a tool by developers previously inexperienced in security contains significantly less security problems. Perfecting and adding such tools to the Android development environment is an essential step in getting both security and privacy for the next generation of apps.Reference
@inproceedings{DBLP:conf/ccs/NguyenWA0WF17,
author = {Duc Cuong Nguyen and
Dominik Wermke and
Yasemin Acar and
Michael Backes and
Charles Weir and
Sascha Fahl},
bibsource = {dblp computer science bibliography, https://dblp.org},
biburl = {https://dblp.org/rec/conf/ccs/NguyenWA0WF17.bib},
booktitle = {Proceedings of the 2017 ACM SIGSAC Conference on Computer and
Communications Security, CCS 2017, Dallas, TX, USA, October 30 -
November 03, 2017},
doi = {10.1145/3133956.3133977},
editor = {Bhavani M. Thuraisingham and
David Evans and
Tal Malkin and
Dongyan Xu},
pages = {1065--1077},
publisher = {ACM},
title = {A Stitch in Time: Supporting Android Developers in WritingSecure Code},
url = {https://doi.org/10.1145/3133956.3133977},
year = {2017}
}