Filters








61,068 Hits in 13.8 sec

Engineering Privacy in Smartphone Apps: A Technical Guideline Catalog for App Developers

Majid Hatamian
2020 IEEE Access  
In other words, a privacy engineering perspective is needed to fill the gap between secure mobile app development and legal privacy principles needed to be followed by developers.  ...  It covers the takeaways of the workshop, where experts provided their knowledge on privacy and security requirements for public safety mobile apps.  ... 
doi:10.1109/access.2020.2974911 fatcat:hg2u2xfvgfc23aphbq7aqxzotu

SeMA: A Design Methodology for Building Secure Android Apps [article]

Joydeep Mitra, Venkatesh-Prasad Ranganath
2019 arXiv   pre-print
UX (user experience) designers visually capture the UX of an app via storyboards. This method is also used in Android app development to conceptualize and design apps.  ...  Therefore, securing user information is imperative in mobile apps. In this context, storyboarding tools offer limited capabilities to capture and reason about security requirements of an app.  ...  To understand the reasons for and benefits of these ideas, we need to understand the current landscape of Android app development practices.  ... 
arXiv:1902.10056v4 fatcat:tyziefxfunfqpgsfx3oqz5jrum

SOURCERER: Developer-Driven Security Testing Framework for Android Apps [article]

Muhammad Sajidur Rahman, Blas Kojusner, Ryon Kennedy, Prerit Pathak, Lin Qi, Byron Williams
2021 arXiv   pre-print
App developers struggle to find an actionable and prioritized list of vulnerabilities from a laundry list of security warnings reported by static analysis tools.  ...  SOURCERER guides developers to identify domain-specific assets of an app, detect and prioritize vulnerabilities, and mitigate those vulnerabilities based on secure development guidelines.  ...  As the onus of securing mobile apps is often placed on app developers, one cannot ignore asking: why do app developers fail to adopt security tools and guidelines when security practitioners and researchers  ... 
arXiv:2111.01631v2 fatcat:cnpgk3rtfjfpfad5sbwsim232u

Denial-of-App Attack

Steven Arzt, Stephan Huber, Siegfried Rasthofer, Eric Bodden
2014 Proceedings of the 4th ACM Workshop on Security and Privacy in Smartphones & Mobile Devices - SPSM '14  
To the best of our knowledge, the attack applies to all versions prior to Android 4.4.3. https://github.com/secure-software-engineering/ denial-of-app-attack  ...  It is even possible to block many applications from a list predefined by the attacker instead of just a single app.  ...  This work was supported by the BMBF within EC SPRIDE and by the Hessian LOEWE excellence initiative within CASED.  ... 
doi:10.1145/2666620.2666621 dblp:conf/ccs/ArztHRB14 fatcat:syieqnetlreujfrzpwqdmth23a

The Privacy Component App [chapter]

Michelle Finneran Dennedy, Jonathan Fox, Thomas R. Finneran
2014 The Privacy Engineer's Manifesto  
It provides a practical example of a rule-based program and a proof of the privacy component concept. • Why: The privacy component mission based on the requirements developed in this section • Who: The  ...  The Tool will take the mobile app developer directly to these guidelines, including mobile device patterns, which encourage the development and operation of mobile apps to reflect sound data privacy and  ... 
doi:10.1007/978-1-4302-6356-2_7 fatcat:xqrl4ieh3veovf55hvjnxoh5g4

What Makes People Install a COVID-19 Contact-Tracing App? Understanding the Influence of App Design and Individual Difference on Contact-Tracing App Adoption Intention [article]

Tianshi Li, Camille Cobb, Jackie Yang, Sagar Baviskar, Yuvraj Agarwal, Beibei Li, Lujo Bauer, Jason I. Hong
2021 arXiv   pre-print
With these findings, we discuss practical implications on the design, marketing, and deployment of COVID-19 contact-tracing apps in the U.S.  ...  In this paper, we present a national-scale survey experiment (N = 1963) in the U.S. to investigate the effects of app design choices and individual differences on COVID-19 contact-tracing app adoption  ...  Acknowledgement The authors would like to acknowledge Cori Faklaris, Ruotong Wang, and Laura Dabbish for their help on the study design.  ... 
arXiv:2012.12415v3 fatcat:wgugfytt75hrpbu3hpjzdopyla

Are Free Android App Security Analysis Tools Effective in Detecting Known Vulnerabilities? [article]

Venkatesh-Prasad Ranganath, Joydeep Mitra
2019 arXiv   pre-print
More effort is required if security analysis tools are to help developers build secure apps.  ...  We hope the observations from this evaluation will help app developers choose appropriate security analysis tools and persuade tool developers and researchers to identify and address limitations in their  ...  Acknowledgement The authors would like to thank Aditya Narkar and Nasik Muhammad Nafi for their help in implementing 17 new benchmarks that are being cataloged as Ghera benchmarks for the first time in  ... 
arXiv:1806.09059v7 fatcat:33dgk7oornbuzfsy57cwrlsdaa

Detecting (absent) app-to-app authentication on cross-device short-distance channels

Stefano Cristalli, Long Lu, Danilo Bruschi, Andrea Lanzi
2019 Proceedings of the 35th Annual Computer Security Applications Conference on - ACSAC '19  
In addition to discovering the security issue, we design an algorithm based on data-flow analysis for detecting the presence of CATCH in Android apps.  ...  We perform experiments on a set of Android apps and show the CATCH problem is always present on the whole analyzed applications set.  ...  ACKNOWLEDGMENTS This project has received funding by the Italian Ministry of Foreign Affairs and International Cooperation (grant number: PGR00814).  ... 
doi:10.1145/3359789.3359814 dblp:conf/acsac/CristalliLBL19 fatcat:vbf4lb6u3zbqtb3g4dvnzbxrya

Towards Automated Android App Collusion Detection [article]

Irina Mariuca Asavoae, Jorge Blasco, Thomas M. Chen, Harsha Kumara Kalutarage, Igor Muttik, Hoang Nga Nguyen, Markus Roggenbach, Siraj Ahmed Shaikh
2016 arXiv   pre-print
In this paper we provide a concise definition of collusion and report on a number of automated detection approaches, developed in co-operation with Intel Security.  ...  Android OS supports multiple communication methods between apps. This opens the possibility to carry out threats in a collaborative fashion, c.f. the Soundcomber example from 2011.  ...  Acknowledgement This work has been funded by EPSRC and we are excited to work on this challenging piece of research 1 .  ... 
arXiv:1603.02308v1 fatcat:mie7nrhsszgf7hyxlpogmlbjzm

Development of a Multidimensional App-Quality Assessment Tool for Health-Related Apps (AQUA)

Teresa O'Rourke, Rüdiger Pryss, Winfried Schlee, Thomas Probst
2020 Digital Psychology  
A multitude of health-related mobile applications is available to the public in app stores. Many of these apps were not developed by health professionals and do not keep what they promise.  ...  Method Based on existing app-quality assessment tools and guidelines for evaluating health-related app-quality, items were constructed to assess objective and subjective app-quality.  ...  The Impact dimension was added to the user version of the questionnaire to assess the subjective effectiveness of a health-related app from the user's point of view.  ... 
doi:10.24989/dp.v1i2.1816 fatcat:denlkt5kebgphlurh4sdoqrq64

Towards Mobile Twin Peaks for App Development

Giovanna Avellis, Julian Harty, Yijun Yu
2017 2017 IEEE/ACM 4th International Conference on Mobile Software Engineering and Systems (MOBILESoft)  
To recommend architectural design decisions to the developers, we aim to obtain architecturecritical requirements from a set of general apps by combining, for example, analytics, ethnographic study, and  ...  Requirements of mobile apps are often hard to elicit from massive numbers of users, although it is important for the solution architecture to meet them.  ...  Acknowledgements We thank Anthony Finkelstein and Bashar Nuseibeh for inspiring this work. In part it is supported by ERC Advanced Grant 291652 -ASAP.  ... 
doi:10.1109/mobilesoft.2017.10 dblp:conf/icse/AvellisHY17 fatcat:wsnhpklvjrdkjio6nknwyxok2i

SeMA: Extending and Analyzing Storyboards to Develop Secure Android Apps [article]

Joydeep Mitra, Venkatesh-Prasad Ranganath, Torben Amtoft, Mike Higgins
2020 arXiv   pre-print
To this end, they have access to our personal information and have the ability to perform actions on our behalf.  ...  Recent research efforts have focused on developing solutions to secure mobile ecosystems (i.e., app platforms, apps, and app stores), specifically in the context of detecting vulnerabilities in Android  ...  This need has manifested in the development of security requirements engineering: identifying a system's security-related requirements and checking if the system design satisfies the identified requirements  ... 
arXiv:2001.10052v3 fatcat:aceqddny2fbg3hm3odkk3mualy

Reaching the masses: a new subdiscipline of app programmer education

Charles Weir, Awais Rashid, James Noble
2016 Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering - FSE 2016  
Only by introducing the powerful motivating techniques developed for other disciplines can we hope to upskill independent app developers, and achieve the security that we'll need in 2025 to safeguard our  ...  The rise of apps has engaged millions of independent app developers, who rarely encounter any but low level security techniques.  ...  So app developers need to consider mechanisms to ensure upgrading. There are practical issues: though the 'App Stores' support upgrading, this feature is often not actioned by users.  ... 
doi:10.1145/2950290.2983981 dblp:conf/sigsoft/WeirRN16 fatcat:trrrk7d4tbaqdieixq4xqrntje

Regulating mobile mental health apps

Nicolas P. Terry, Tracy D. Gunter
2018 Behavioral sciences & the law  
As a result, prudent providers will need to progress with caution when it comes to recommending apps to patients or relying on app-generated data to guide treatment.  ...  Mobile medical apps (MMAs) are a fast-growing category of software typically installed on personal smartphones and wearable devices.  ...  service providers to meet self-identified needs and/or promote products or services to meet those needs.  ... 
doi:10.1002/bsl.2339 pmid:29659069 fatcat:m4kapaudlvgbjdoqhbb4fxyayq

Do We Need a "Killer App" in Psychiatric Treatment? Adapting App Usage to Lived Experience (Preprint)

Emil Chiauzzi, Amy Newell
2018 JMIR Mental Health  
mentality of current mental health app development.  ...  As a means of gaining a perspective that moves beyond usability testing, surveys, and app ratings, the primary objective of this patient perspective is to question the killer app and condition-specific  ...  Conflicts of Interest Emil Chiauzzi is an employee of and owns stock options in PatientsLikeMe, Inc. Amy Newell has no conflicts to report. Abbreviations None.  ... 
doi:10.2196/12292 pmid:31008711 pmcid:PMC6658296 fatcat:wea3e7anh5gqpnknu42lxp3abm
« Previous Showing results 1 — 15 out of 61,068 results