Android: Improvement of Security Smell detections and evaluation on practitioners

This project is intended for MSc students


Introduction

The feature usage in Android apps increases continuously and therefore the risks of using insecure code, e.g., represented by Security Smells, evolves widely.

Problem

Based on these risks various threats could evolve such as data manipulation and breach, app hijacking, or different kinds of extortion.

State of the art

The current work on Security Smells includes a definition of common smells in the Android ecosystem with a refined list for Android ICC smells. Furthermore, a tool exists that detects and reports the smells not only in compiled binaries but also during live programming sessions in Android Studio, greatly supporting security-inexperienced practitioners.

Task

The goal is first to design sophisticated detection strategies to improve the quality of results further, second, to implement these strategies, before finally, an evaluation of the improved tool has to be performed with students and other practitioners that agree to participate in the project.

The focus of this project lies in the elaboration of existing smells and their implementation in Java, the AST traversal, and ultimately, the tool evaluation.


Guiding research questions

Contact

Pascal Gadient PhD