CordovaConfig

Abstract

Despite their recentness, hybrid mobile apps have established an increasing share in the mobile apps market. This can be attributed to the fact that these apps offer the balance between providing full functionality at an affordable development cost. Hybrid mobile apps are web apps hosted in a thin native container. Several libraries facilitate building hybrid apps by providing interfaces through which native phone resources can be accessed using Javascript code. Configuring mobile hybrid apps properly is an important but often neglected activity. Coarse-grained configurations and risky default settings result in several privacy and security breaches. Moreover, middleware libraries provide a basic interface to the developers which may drive them off from changing the default settings. We are seeking to provide an automated, interactive, and contextual support for configuring hybrid apps. In this paper, we present a tool prototype, CordovaConfig, which provides fine-grained configurations that are aligned with the app's behavior. We evaluate the potential use and effectiveness of CordovaConfig on 22 students. Our results demonstrate that interactive configuration support can (1) help address this important non-functional requirement early in the development cycle (2) increase programmers awareness in potential risks associated with insecure settings (3) increase developers understanding of configuration items. This is supported by a quantitative and qualitative evaluation. We also uncover common programmers practices and perceptions of hybrid apps security & configurations