Security Issues in Android Application Development and Plug-in for Android Studio to Support Secure Programming

Abstract

In the context of modern Android application development, security issues and secure programming are considered unignorable aspects to ensure the safety of Android applications while still guarantee the development speed. The lack of attention to security factors in the software development process or the delay of traditional security assurance methods are the main causes of unsafe Android software. Those unsafe Android applications contain many vulnerabilities and a high risk of leaking user information, especially since Android applications are rapidly developed and published. Developers must adhere to a secure development process to counter Android application risks to avoid data leakage or access control flaws. Security has to be integrated throughout the application development process to secure the software development life cycle. This paper presents two main research contributions: summarizing common security issues in Android applications and developing a plug-in for Android Studio to support secure programming, 9Fix. The low-time-cost 9Fix plug-in can inspect your vulnerable code and instantly suggest an alternative secure code for developers in programming time that helps to improve the security and instruct the developers on how to write a secure code. Moreover, the developers can add their own security rules to 9Fix so 9Fix can adapt smoothly in a specific situation. We also demonstrate the effectiveness and the convenience based on the student feedback by experimenting with the 9Fix plugin.