Many android apps that try to use SSL to secure network communication fail in doing so and are insecure. By detecting such security flaws and interviewing the developers, the study presented in this video shows the necessity of rethinking how developers interact with security code. As shown, developers are not, as often implied, infallible. This means that prevention of security problems should be carried out by increasing the usability of programming software to match the requirements of app developers, follows MATTHEW SMITH.
DOI:
https://doi.org/10.21036/LTPUB10054

Researcher

Matthew Smith is a Professor for Computer Science at the Rheinische-Friedrichs-University Bonn (Germany). His research interests lie at the intersection of technical IT security and privacy and behavioral research. He focuses on “Usability Security” considering the human factor.

For his PhD thesis he was awarded the thesis award by the Association for the Facilitation of Research Transfer (GFFT e.V.) Germany. He is a member of the Fraunhofer FKIE in Bonn and the Research Center L3S at the University of Hanover.

Institution

University of Bonn (Rheinische Friedrich-Wilhelms-Universität Bonn)

Bonn is one of the large universities in Germany, with around 36,000 students, 550 professors, 6,500 other staff staff. It offers a wide disciplinary spectrum comprising some 200 different degree programmes, from Agricultural Science to Tibetan Studies. This diversity is what characterizes Bonn as a full-range university with a strong international orientation. In many international university rankings Bonn is placed among the 100 best universities in the world.Its academic and research profile features internationally renowned specializations in the fields of Mathematics, Physics/Astronomy, Economics, Chemistry, Pharma Research, Biosciences, Genetic Medicine, Neurosciences and Philosophy/Ethics. Other disciplines, such as Geography and Law, are of outstanding importance within the German research scene. The Rheinische Friedrich-Wilhelms-Universität Bonn is rooted in a long tradition going back almost 200 years. It was founded in 1818 by Friedrich-Wilhelm III, the Prussian king whose name it bears. Imbued with the spirit of Wilhelm von Humboldt, the university quickly joined the circle of Germany's most distinguished universities and became a major pole of attraction for leading scholars as well as students.The list of famous professors ranges from the astronomer Friedrich Wilhelm Argelander (1799-1875), through the chemist August Kekulé von Stradonitz (1829–1896) and political economist Josef Schumpeter (1883–1950) to the philologist Ernst Robert Curtius (1886–1956) and the theologists Karl Barth (1886–1968) and Joseph Ratzinger (born 1927), now Pope Benedict XVI. Bonn's best-known students include Heinrich Heine, Karl Marx, Friedrich Nietzsche, and Konrad Adenauer. The university is proud of a long list of award-winning scientists and scholars, with about twenty Leibniz Prize winners and around thirty ERC grantees. In the last three decades two professors have received the Nobel Prize: Wolfgang Paul (for Physics, 1989) and Reinhard Selten (for Economics, 1994). (Source: University of Bonn)
Show more

Original publication

Rethinking SSL Development in an Appified World

Fahl Sascha, Harbach Marian, Smith Matthew, Perl Henning and Koetter Markus
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Published in 2013

Why Eve and Mallory Love Android: An Analysis of Android SSL (in) Security

Fahl Sascha, Harbach Marian, Muders Thomas, Baumgärtner Lars, Freisleben Bernd and Smith Matthew
Proceedings of the 2012 ACM conference on Computer and communications security
Published in 2012

Reading recommendations

Users Are Not the Enemy

Adams Anne and Sasse Martina Angela
Communications of the ACM
Published in 1999

User-Centered Security: Stepping Up to the Grand Challenge

Zurko Mary Ellen
Computer Security Applications Conference, 21st Annual
Published in 2005

Usable Security: History, Themes and Challenges

Garfinkel Simson and Lipford Heather Richter
Published in 2014

Beyond