TUM Logo

Android Copy and Waste Development: Detecting Vulnerabilities in Reused Code Snippets Distributed Over Stack Overflow

Android Copy and Waste Development: Detecting Vulnerabilities in Reused Code Snippets Distributed Over Stack Overflow

Supervisor(s): Felix Fischer
Status: open
Topic: Android stuff
Type of Thesis: Masterthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

Motivation

The Appification process forces developers to face a major challenge in implementing security. Most app developers suffer from little to no knowledge about the underlying con- cepts or are simply overchallenged by their complexity. But nowadays there seems to be an easy way out by querying the web community for handy code snippets in order to copy and paste them blindly being unaware of its security implications. One of the most famous Q&A sites to discuss and share those snippets is Stack Overflow. There are already over 650k questions regarding Android development with an amount of over 920k answers pro- viding an overall set of more than 1 million Java code samples. The goal of this thesis is to analyze this crowd sourced code base regarding its qualities in security and to find out how much of it is reused in apps available through Google’s Play Store.

Task Description

    •    Evaluate existing approaches enabling static code analysis for Java code snippets found on Stack Overflow 

    •    Create a concept which allows the detection of reused Java code snippets in Android app binaries 

    •    Develop automated assessment methods to evaluate the security qualities of the de- tected snippets 

    •    Implement a proof of concept tool which will be used in an analysis of hundreds of thousands Android apps

Requirements

    •    Good programming skills 

    •    Knowledge in static code analysis is advantageous but may also be acquired during 
this thesis

Contact

Felix Fischer
Fraunhofer Research Institution for Applied and Integrated Security (AISEC)
Parkring 4, 85748 Garching bei München
felix.fischer@aisec.fraunhofer.de