An Automated tool for detection and enforcement of security in mobile application development

Abstract

With the large number of mobile applications being developed and used, the mobile application security has become a key concern to the mobile application users as well as to the mobile application designers, developers and testers. Numbers of security guidelines and prevention mechanisms have been introduced through previous research work and considerable amount of mobile security frameworks, testing tools and source code analyzers have been implemented upon those research outcomes. However it was identified that these tools and instruments majorly support the testing phase of secure software development life cycle and there is a research gap open for developing a technically supportive program for the developers to build secure mobile applications. The intention of this project is to come up with a concept where the developer is enforced to build a secure mobile application based on a predefined set of security criteria during the application development phase. These security criteria are defined based on security requirements of the mobile application project. The source code will be validated against these security criteria and if any issue is found, it will be fixed automatically during the source code compilation. This system is implemented in java platform with the help of java annotation processor and xml parser. The source code is written as s a set of reusable jar file which is published as “buildsec” library. This library is tested and evaluated in android mobile platform by injecting vulnerable codes snippets into the android mobile source code and “buildsec” library was able to find and fix those security issues in the source code. The automatic fixing of security issues during compile time will help the development team to ensure that the mobile application is security compliance in advance. This will reduce the testing effort as well as development re-work that takes to fix the security issues originated from the development phase.