Nguyen, Duc Cuong and Wermke, Dominik and Acar, Yasemin and Backes, Michael and Weir, Charles Alexander Forbes and Fahl, Sascha (2017) A Stitch in Time : Supporting Android Developers in Writing Secure Code. In: CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security :. ACM, New York, pp. 1065-1077. ISBN 9781450349468
CCS_FixDroid_CR.pdf - Accepted Version
Available under License Creative Commons Attribution-NonCommercial.
Download (745kB)
Abstract
Despite security advice in the official documentation and an extensive body of security research about vulnerabilities and exploits, many developers still fail to write secure Android applications. Frequently, Android developers fail to adhere to security best practices, leaving applications vulnerable to a multitude of attacks. We point out the advantage of a low-time-cost tool both to teach better secure coding and to improve app security. Using the FixDroid™ IDE plug-in, we show that professional and hobby app developers can work with and learn from an in-environment tool without it impacting their normal work; and by performing studies with both students and professional developers, we identify key UI requirements and demonstrate that code delivered with such a tool by developers previously inexperienced in security contains significantly less security problems. Perfecting and adding such tools to the Android development environment is an essential step in getting both security and privacy for the next generation of apps.