Overview
Explore the security implications of copying and pasting code snippets from Stack Overflow into Android applications in this IEEE conference talk. Delve into a comprehensive study that quantifies the proliferation of security-related code from Stack Overflow in Android apps available on Google Play. Learn about the alarming findings: 15.4% of 1.3 million analyzed Android applications contained security-related code snippets from Stack Overflow, with 97.9% of those containing at least one insecure snippet. Understand the challenges developers face when integrating ready-to-use code solutions into production software, especially concerning code security. Gain insights into the research methodology, including the use of a stochastic gradient descent classifier to evaluate security scores and state-of-the-art static analysis to identify code reuse in Android applications. Reflect on the importance of caution and expertise when utilizing online programming resources for security-related code implementations.
Syllabus
Stack Overflow Considered Harmful? --- The Impact of Copy&Paste on Android Application Security
Taught by
IEEE Symposium on Security and Privacy