Mobile SCALe: Rules and Analysis for Secure Java and Android Coding

November 2013 • Technical Report

Lujo Bauer (Carnegie Mellon University, Department of Electrical and Computer Engineering), Lori Flynn, Limin Jia (Carnegie Mellon University, Department of Electrical and Computer Engineering), Will Klieber, Fred Long, Dean F. Sutherland, David Svoboda

In this report, the authors describe Android secure coding rules, guidelines, and static analysis developed as part of the Mobile SCALe project.

Publisher:

Software Engineering Institute

CMU/SEI Report Number

CMU/SEI-2013-TR-015

DOI (Digital Object Identifier):

10.1184/R1/6575507.v1

Subjects

Abstract

This report describes Android secure coding rules, guidelines, and static analysis that were developed as part of the Mobile Source Code Analysis Laboratory (SCALe) project. The project aims to create a set of rules that can be checked (and potentially enforced) and to develop checkers for these rules. These efforts are intended to increase confidence in continued safe and secure operation of mobile devices and the networks on which they operate. The focus for this phase of the project is the Android platform for mobile devices. Work described in this report involved three activities: (1) preparing the Java Coding Guidelines book for publication, (2) developing Android secure coding rules for the Android section of the CERT Oracle Secure Coding Standard for Java wiki, and (3) developing software that does static analysis of a set of Android apps for data flows between them so that security leaks can be detected.

Download PDF

Cite This Report

SEI

Bauer, Lujo; Flynn, Lori; Jia, Limin; Klieber, Will; Long, Fred; Sutherland, Dean; & Svoboda, David. Mobile SCALe: Rules and Analysis for Secure Java and Android Coding. CMU/SEI-2013-TR-015. Software Engineering Institute, Carnegie Mellon University. 2013. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=69225

IEEE

Bauer. Lujo, Flynn. Lori, Jia. Limin, Klieber. Will, Long. Fred, Sutherland. Dean, and Svoboda. David, "Mobile SCALe: Rules and Analysis for Secure Java and Android Coding," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2013-TR-015, 2013. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=69225

APA

Bauer, Lujo., Flynn, Lori., Jia, Limin., Klieber, Will., Long, Fred., Sutherland, Dean., & Svoboda, David. (2013). Mobile SCALe: Rules and Analysis for Secure Java and Android Coding (CMU/SEI-2013-TR-015). Retrieved June 02, 2023, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=69225

CHI

Lujo Bauer, Lori Flynn, Limin Jia, Will Klieber, Fred Long, Dean Sutherland, & David Svoboda. Mobile SCALe: Rules and Analysis for Secure Java and Android Coding (CMU/SEI-2013-TR-015). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2013. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=69225

MLA

Bauer, Lujo., Flynn, Lori., Jia, Limin., Klieber, Will., Long, Fred., Sutherland, Dean., & Svoboda, David. 2013. Mobile SCALe: Rules and Analysis for Secure Java and Android Coding (Technical Report CMU/SEI-2013-TR-015). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=69225

BibTex

@techreport{BauerMobileSCALe2013,
title={Mobile SCALe: Rules and Analysis for Secure Java and Android Coding},
author={Lujo Bauer and Lori Flynn and Limin Jia and Will Klieber and Fred Long and Dean Sutherland and David Svoboda},
year={2013},
number={CMU/SEI-2013-TR-015},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=69225} }

Ask a question about this Technical Report

Software Engineering Institute