Article Sidebar

PDF
Date Published: 26/08/2024
Online Published: 27/08/2024
Abstract Views: 62
Views PDF: 33
DOI: https://doi.org/10.54607/hcmue.js.21.7.4032(2024)
Issue
Vol. 21 No. 7 (2024)
Section
Articles
How to Cite
Lê , C. B., Nguyễn , L. B. T., Trương , P. L., Trần , M. T., & Trần , A. D. (2024). DEVELOPMENT OF A CUSTOMIZABLE SECURE CODING PLUGIN FOR ANDROID APPLICATION DEVELOPMENT. HCMUE Journal of Science, 21(7), 1252. https://doi.org/10.54607/hcmue.js.21.7.4032(2024)

DEVELOPMENT OF A CUSTOMIZABLE SECURE CODING PLUGIN FOR ANDROID APPLICATION DEVELOPMENT

Công Bình Lê , Lê Bảo Thi Nguyễn , Phước Lộc Trương , Minh Triết Trần , Anh Duy Trần

Main Article Content

Abstract

Even though Android is a popular mobile operating system, its application ecosystem is still facing many security issues. Lack of awareness and proper attention to security issues during Android application development is considered one of the main causes leading to this situation. This research was conducted to propose a tool to support secure programming. Aligned with the philosophy of DevSecOps, we prioritize placing the developer at the core of the process, aiming to optimize the solution by integrating secure programming practices from the earliest stages of software development.

This article presents two main contributions of the research: synthesizing and classifying security issues in Android application development, along with developing the ArmorDroid tool - a plugin for Android Studio that supports secure programming. This plugin can detect vulnerabilities in source code instantly and suggest modifications during development. It works with Java, Kotlin, and XML files. This plugin provides secure programming standards for Android app development and also educates developers on writing secure code. Developers can also customize rules to fit specific needs and share them with the other programmer community. Our work also presents results from a preliminary study on the effectiveness of the ArmorDroid plugin.

 

Keywords

Android Studio plugin, DevSecOps, Secure Coding

Article Details

References

Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., & Mcdaniel, P. (2014). FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation.
De Cremer, P., Desmet, N., Madou, M., & De Sutter, B. (2020). Sensei: Enforcing secure coding guidelines in the integrated development environment. Software: Practice and Experience, 50(9), 1682-1718. Wiley Online Library.
Egele, M., Brumley, D., Fratantonio, Y., & Kruegel, C. (2013). An empirical study of cryptographic misuse in android applications. Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (pp.73-84).
Fan, W., Zhang, D., Chen, Y.-g., Wu, F., & Liu, Y. (2020). EstiDroid: Estimate API Calls of Android Applications Using Static Analysis Technology. IEEE Access, 8, 105384-105398.
Moore, R., & Lopes, J. (1999). Paper templates. In TEMPLATE'06, 1st International Conference on Template Production. Scitepress.
Nguyen, D. C., Wermke, D., Acar, Y., Backes, M., Weir, C., & Fahl, S. (2017). A stitch in time: Supporting Android developers in writing secure code. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp.1065-1077).
Pan, L., Cui, B., Yan, J., Ma, X., Yan, J., & Zhang, J. (2019). Androlic: an extensible flow, context, object, field, and path-sensitive static analysis framework for Android. Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (pp.394-397).
Senanayake, J., Kalutarage, H., Al-Kadri, M. O., Petrovski, A., & Piras, L. (2023). Android source code vulnerability detection: a systematic literature review. ACM Computing Surveys, 55(9), 1-37.
Smith, J. (1998). The Book (2nd ed.). The Publishing Company.
Statista. (2023). Quarterly number of mobile app downloads worldwide from 1st quarter 2016 to 4th quarter 2022. https://www.statista.com/statistics/695094/quarterly-number-of-mobile-app-downloads-store/
Talukder, M. A. I., Shahriar, H., Qian, K., Rahman, M., Ahamed, S., Wu, F., & Agu, E. (2019). DroidPatrol: a static analysis plugin for secure mobile software development. 2019 IEEE 43rd annual computer software and applications conference (COMPSAC), 1, 565-569. IEEE.
Tebib, M. E. A., Graa, M., & Andre, P. (2023). A survey on secure android apps development life-cycle: Vulnerabilities and tools. International Journal On Advances in Security, 16(1 & 2), 54-71.
Tran, A.-D., Nguyen, M.-Q., Phan, G.-H., & Tran, M.-T. (2021). Security Issues in Android Application Development and Plug-in for Android Studio to Support Secure Programming. In Future Data and Security Engineering. Big Data, Security and Privacy, Smart City and Industry 4.0 Applications: 8th International Conference, FDSE 2021, Virtual Event, November 24--26, 2021, Proceedings 8 (pp. 105-122). Springer.
UAST - Unified Abstract Syntax Tree. (2023). UAST - Unified Abstract Syntax Tree. https://plugins.jetbrains.com/docs/intellij/uast.html