SACH: A Tool for Assisting Secure Android Application Development

To mitigate the risk of attacks to mobile applications, it is important for mobile application developers to develop secure mobile applications. There have been tools that statically analyze the mobile applications to determine whether there are data leakage or access control vulnerabilities The Software Engineering Institute at Carnegie Melon University published CERT Java secure coding rules applicable to developing android applications. This paper describes SACH (Secure Android Coding Helper) - a tool we implemented to help developers identify security vulnerabilities in Android application. The tool analyzes Android application source code to detect violations of CERT Java secure coding rules. This tool will help Android developers to write Android code that comply with CERT Java secure coding rules. It can also be used in the classroom to teach students about Android secure coding.