SeMA: A Design Methodology for Building Secure Android Apps
This work addresses security integration for Android app developers and designers, offering a novel approach to a known bottleneck in secure app development.
The paper tackles the problem of integrating security into Android app design by proposing a storyboard-based methodology that enables specification and verification of security properties at design time, addressing vulnerabilities from design flaws.
UX (user experience) designers visually capture the UX of an app via storyboards. This method is also used in Android app development to conceptualize and design apps. Recently, security has become an integral part of Android app UX because mobile apps are used to perform critical activities such as banking, communication, and health. Therefore, securing user information is imperative in mobile apps. In this context, storyboarding tools offer limited capabilities to capture and reason about security requirements of an app. Consequently, security cannot be baked into the app at design time. Hence, vulnerabilities stemming from design flaws can often occur in apps. To address this concern, in this paper, we propose a storyboard based design methodology to enable the specification and verification of security properties of an Android app at design time.