SeMA: Extending and Analyzing Storyboards to Develop Secure Android Apps

As security of mobile apps is crucial to modern-day living, there is a growing need to help developers build apps with provable security guarantees that apps do not leak sensitive user information or cannot be exploited to perform actions without the user's consent. The current prevalent approach to mobile app security curatively addresses vulnerabilities after apps have been developed. This approach has downsides in terms of time, resources, user inconvenience, and information loss. As an alternative, we propose a design-based mobile app development methodology called SeMA to prevent the creation of vulnerabilities in mobile apps. SeMA enables app designers and developers to iteratively reason about the security of an app by using its storyboard, an existing and prevalent design artifact. A proof of concept realization of SeMA using Android Studio tooling is able to prevent 49 known vulnerabilities that plague Android apps.