Click here for the Daily Orange's inclusive journalism fellowship applications for this year


News

Professor researches mobile app security

Correction: In a previous version of this article, Carlos Caicedo’s concern for an app’s stability using javascript was misstated. Caicedo said that Native Android applications written in Java can be more secure, in most cases, than those written with HTML5. The Daily Orange regrets this error.

A Syracuse University professor is working on a program that could help protect smartphone users from falling victim to hackers.

HTML5-based apps are only becoming more popular — a recent Gartner report predicts that by 2016, 50 percent of apps will be HTML5-based. With this comes an increased risk of malicious coding.

HTML5 is a program that allows a developer to write mobile web app codes which are accessible on all smartphone platforms, making it a more attractive option for developers than writing individual codes for each device, said Kevin Du, a professor of electrical engineering and science.

Although developing mobile web apps for all platforms takes less effort than writing individual code for individual software, developers risk creating a code that hackers can easily infiltrate, he said.



Thanks to grants from Google and the National Science Foundation, Du and his graduate students have been working on a program that will scan the Google Play store apps for faulty coding. A prototype of the program is expected to be completed this fall.

When users do something as simple as connect to a Wi-Fi network, scan a QR code or play an MP3 file, they could be granting a hacker access to their device if they are using an insecure mobile web app, Du said.

The code can allow the hacker to gain access to contact lists, mobile banking information and locations, Du said.

Carlos Caicedo, an assistant professor at the School of Information Studies, said he also believes HTML5 will continue to rise in popularity, and added that he teaches his students to use HTML5.

“I do see a potential rise in mobile web apps because the libraries of codes can be used to build powerful applications with very few commands,” Caicedo said.

 

The only issue, he added, is the stability. Native Android applications written in Java can be more secure, in most cases, than those written with HTML5.

Xing Jin, a doctoral candidate at SU, has worked with Du on software security for the past year and a half. His work with Du currently consists of finding mistakes in a developer’s coding and alerting them of the issue.

“If the developers aren’t aware of this kind of attack, they’re still making the same mistakes. I will help to protect them and their systems,” Jin said.

He added that by helping the developers, he is also helping protect the general users from devastating damage.

For users to protect themselves from having information stolen, sold or used, Du suggested avoiding downloading apps that haven’t often been downloaded, scanning QR codes that aren’t affiliated with a recognizable organization and avoiding unprotected Wi-Fi hot spots in places like coffee shops and airports.

Keeping up with hackers is difficult due to the speed at which they function, Du said. He and his students take pride in helping smartphone users avoid becoming victims.

Jin agreed he did have the ability to be a hacker himself, but chooses to protect smartphone users from evil people.

“Professor Du always said, ‘You need to have an evil mind, but have a good heart,” Jin said.

Jin hopes to work for a company like Samsung after his graduation in finding ways to protect the software the devices run from malicious coding.

“I would like to use my knowledge to help the systems developer,” Jin said. “I would like to see my work implemented within Samsung’s technology to benefit the greater good.”





Top Stories