Rights statement: © ACM, 2017. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security http://dx.doi.org/10.1145/3133965.3133977
Accepted author manuscript, 728 KB, PDF document
Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License
Final published version
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - A Stitch in Time
T2 - Supporting Android Developers in Writing Secure Code
AU - Nguyen, Duc Cuong
AU - Wermke, Dominik
AU - Acar, Yasemin
AU - Backes, Michael
AU - Weir, Charles Alexander Forbes
AU - Fahl, Sascha
N1 - © ACM, 2017. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security http://dx.doi.org/10.1145/3133965.3133977
PY - 2017/10/30
Y1 - 2017/10/30
N2 - Despite security advice in the official documentation and an extensive body of security research about vulnerabilities and exploits, many developers still fail to write secure Android applications. Frequently, Android developers fail to adhere to security best practices, leaving applications vulnerable to a multitude of attacks. We point out the advantage of a low-time-cost tool both to teach better secure coding and to improve app security. Using the FixDroid™ IDE plug-in, we show that professional and hobby app developers can work with and learn from an in-environment tool without it impacting their normal work; and by performing studies with both students and professional developers, we identify key UI requirements and demonstrate that code delivered with such a tool by developers previously inexperienced in security contains significantly less security problems. Perfecting and adding such tools to the Android development environment is an essential step in getting both security and privacy for the next generation of apps.
AB - Despite security advice in the official documentation and an extensive body of security research about vulnerabilities and exploits, many developers still fail to write secure Android applications. Frequently, Android developers fail to adhere to security best practices, leaving applications vulnerable to a multitude of attacks. We point out the advantage of a low-time-cost tool both to teach better secure coding and to improve app security. Using the FixDroid™ IDE plug-in, we show that professional and hobby app developers can work with and learn from an in-environment tool without it impacting their normal work; and by performing studies with both students and professional developers, we identify key UI requirements and demonstrate that code delivered with such a tool by developers previously inexperienced in security contains significantly less security problems. Perfecting and adding such tools to the Android development environment is an essential step in getting both security and privacy for the next generation of apps.
KW - Usable Security
KW - Support Developers
KW - Android Security
KW - Cryptographic API
U2 - 10.1145/3133956.3133977
DO - 10.1145/3133956.3133977
M3 - Conference contribution/Paper
SP - 1065
EP - 1077
BT - CCS '17 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
PB - ACM
CY - New York
ER -