Redesigning a Tool for Secure Android

Redesigning a Tool for Secure Android

There are over one billion of the world’s population currently suffering from some form of disability. People with disabilities are more likely to have a harder time in society than people without a disability when it comes to employment, health, education, and even financially [1]. Today, technologies have become an important part of people’s daily life. It is important to provide people with disabilities accessibility to technology. The Section 508 of the Rehabilitation Act was amended to require all federal agencies to make their electronics more accessible to people withdisabilities. The National Security Agency (NSA) developed a list of accessibility requirements based on the Section 508 act for the following types of disabilities [2]:xVisual Disability- In 2014, out of the 285 million people on earth that are visually impaired, there are 39 million that are blind [3]. This covers a spectrum of low vision to the total blindness. According to the NSA Fundamental Accessibility Requirement [10], userswith visual disability should be able to navigate asoftware tool using a keyboard or physical control. The use of a mouse or free roaming devices should not be required. They also require an on screen reading tool such as Narrator [4] for windows users and VoiceOver for Macs [5]. xAuditory Disability- According to the World Health Organization (WHO), over 360 million people suffer from hearing loss [6]. The NSA requires the software to be accessible without any auditory information.xAmbulatory disability- Multiple disabilities fall under Ambulatory including paralysis, amputation and birthdefects that restrict users to the use of one or both hands. The NSA requires the software to be fully operational with either a mouse or one keyboard input.xxCognitive and Learning Disorder -People with this disability usually suffer from a perfect ability to listen, think, speak, write, spell, read, using language, and comprehend things. This disability includes Autism, Cerebral Palsey, Down Syndrome, Fragile X and Fetal Alcohol Syndrome.xSeizures -This disability causes one’s senses to be momentarily disrupted and sometimes have moments of unconsciousness. It is caused by abnormal electrical activities in the brain

Through previous research, we developed a Secure Android Coding Helper (SACH) tool that scans Android program source code and reports security vulnerabilities [9].Cognitive, learning disabilities and seizures are disabilities that cannot be incorporated into SACH because they require human assistance. The following changes were implemented in SACH to address accessibility:xVisual Disability -SACH was re-designed to allow users to fully use SACH without the use of a mouse orany free roaming devices. Instead, users should be able to use on screen reading tools and keyboard shortcuts to fully navigate the software. In addition, SACH needed to cater to users with color blindness.Therefore, right color schemes were used to allow the user to distinguish different colors.xAuditory Disability – For a user with auditory disability, SACH must be fully operational without theuse of auditory information.Therefore, alerts are text-based instead of audio-based. Also the text must be visible.xAmbulatory Disability – SACH must be able to function fully with either the mouse or one-character keyboard input. Therefore, all operations can be done with a mouse or keyboard.The rest of the papers is organized as follows, Section IIdescribes the background of SACH and tools for accessibility.Section III describes the design and key features implemented in SACH for accessibility. Section IV concludes the paper and discusses the future work .CodeShoppy

 Redesigning a Tool for Secure Android

SACH is an educational tool that helps students learn about vulnerabilities in android programs. SACH uses 9 rules published by Computer Emergency Readiness Team (CERT)that covers security vulnerabilities in android programs ranging from coding practices to protecting sensitive data. CERT developed a set of secure coding rules published by the Software Engineering Institute at Carnegie Mellon University to help android developers identify vulnerabilities in their code [5].The 9 rules SACH uses are:1. (DRD01-J) Limit the accessibility of an app’s sensitive content provider.2. (DRD02-J) Do not allow WebView to access sensitive local resource through file scheme.3. (DRD03-J) Do not broadcast sensitive information using an implicit intent.4. (DRD04-J) Do not log sensitive information. 5. (DRD08-J) Always canonicalize a URL received by a content provider. 6. (DRD09-J) Restrict access to sensitive activities.7. (DRD10-J) Do not release apps that are debuggable.8. (DRD15-J) Consider privacy concerns when using Geolocation API.9. (DRD19-J) Properly verify server certificate on SSL/TLS.


Leave a Reply

Your email address will not be published. Required fields are marked *