Home > Research > Publications & Outputs > A Stitch in Time

Electronic data

  • A Stitch In Time

    Rights statement: © ACM, 2017. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security http://dx.doi.org/10.1145/3133965.3133977

    Accepted author manuscript, 727 KB, PDF-document

    Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License

Links

Text available via DOI:

View graph of relations

A Stitch in Time: Supporting Android Developers in Writing Secure Code

Research output: Contribution in Book/Report/ProceedingsConference contribution

Published
Close
Publication date30/10/2017
Host publicationCCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
Place of PublicationNew York
PublisherACM
Pages1065-1077
Number of pages13
ISBN (Electronic)9781450349468
Original languageEnglish

Abstract

Despite security advice in the official documentation and an extensive body of security research about vulnerabilities and exploits, many developers still fail to write secure Android applications. Frequently, Android developers fail to adhere to security best practices, leaving applications vulnerable to a multitude of attacks. We point out the advantage of a low-time-cost tool both to teach better secure coding and to improve app security. Using the FixDroid™ IDE plug-in, we show that professional and hobby app developers can work with and learn from an in-environment tool without it impacting their normal work; and by performing studies with both students and professional developers, we identify key UI requirements and demonstrate that code delivered with such a tool by developers previously inexperienced in security contains significantly less security problems. Perfecting and adding such tools to the Android development environment is an essential step in getting both security and privacy for the next generation of apps.

Bibliographic note

© ACM, 2017. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security http://dx.doi.org/10.1145/3133965.3133977