While the computing landscape is currently moving towards mobile computing, the security threats to mobile devices are also growing explosively. Mobile applications are becoming a major security target nowadays. Most of the malicious mobile attacks take advantage of vulnerabilities in mobile applications, such as sensitive data leakage via an inadvertent or side channel, unsecured sensitive data storage, data transmission, and many others. Most vulnerabilities should be addressed in the mobile software development phase; however, most development teams often have little to no time for security remediation, as they are usually tasked for the project deadlines. Even worse, many development professionals lack awareness of the importance of security vulnerability and the necessary security knowledge and skills at the development stage. Security vulnerabilities open the doors to security threats and attacks that may be prevented at an early stage. The combination of the mobile devices' prevalence and mobile threats' rapid growth has resulted in a shortage of mobile-security personnel. Education for secure mobile application development is in big demand in IT fields. With more schools developing teaching materials on mobile application development, more educational activities are needed to promote mobile security education and to meet the emerging industry and education needs. However, mobile security is a relatively weak area and is not well represented in most schools' computing curriculum. Secure mobile software development is an important and integral part of mobile application development instead of an add-on component. Moreover, Securing Mobile application has many special issues in addition to securing traditional software development such as security protection of SMS, GPS, sensors, cameras.

The overall goal of this project is to address the needs and challenges of building capacity and the lack of pedagogical materials and a real-world learning environment in secure mobile software development through effective, engaging, and investigative approaches.

We propose to build the capacity on secure mobile software development through three venues: (1) curriculum development and enhancement with a collection of eight transferrable learning modules with companions hands-on labs on mobile coding (Data sanitization for input validation, Data sanitization output encoding, Secure sensitive data storage, Secure exception handling for recovery, Secure inter-activity communication, Secure external communication, Secure SQLite content provider, Secure programming for mobile sensors ), which can be integrated into existing undergraduate and graduate computing classes that will be mapped to ISA KAs proposed in CS curricula 2013 to enhance the student’s secure mobile software development ability; (2) an open-source Mobile Secure Software Development API plugin for the most popular Android Studio IDE which will check your mobile project to discover any untrusted input and output that need validation and encoding.