Coconut is an Android Studio plugin that can help developers handle privacy. Specifically, it provides the following benefits for privacy by reminding and requiring developers to add privacy annotations:
- guide developers to think through privacy risks
- document privacy practices (especially hard-to-analyze factors such as purposes)
- suggest better privacy practices
- make privacy practices more transparent
The initial release of Coconut is described in the following paper:
“Coconut: An IDE Plugin for Developing Privacy-Friendly Apps”. Tianshi Li, Yuvraj Agarwal, Jason I. Hong. In Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, Volume 2 Issue 4, December 2018.
(UbiComp talk slides)
Pre-release alpha version download
You can directly install the plugin in Android Studio using the pre-built jar: 0.0.1. It has been tested and worked fine for the latest Android Studio version (3.5)
Please refer to the “Install plugin from disk” section in the official guide for installing the plugin in IntelliJ IDEA/Android Studio.
How to build the source code
- 1) Android Studio (for Android development and plugin testing, recommended version: Android Studio AI-182.5126.96.36.19914842, see Android Studio download archives)
- 2) IntelliJ IDEA (for plugin development)
- Install the “Groovy” plugin in IntelliJ IDEA or Android Studio
Steps to build and run the plugin
- open the privacyhelperplugin project with IntelliJ IDEA
- setup the IntelliJ Platform SDK. Go to File -> Project Structure -> SDKs, use the “+” button to add an IntelliJ Platform Plugin SDK and then select the right path in your Android Studio folder. See the screenshot below for details.
- You need to manually add the Groovy plugin jars (in Groovy/libs) to the classpath of the SDK. See the last four jars in the screenshot below as an example.
- Make sure you name the SDK: Android Studio AI-182.5188.8.131.5214842, otherwise you will need to modify
- Make sure you use the Jetbrains Java Runtime (JDK), which should be bundled with the Android Studio application (See this post for more information). You will need to create a new JDK with this path, then specify it for the “Internal Java Platform” in the SDK config (See the screenshot).
- setup run/debug configuration. Go to Run -> Edit Configurations. Add a new configuration under the Plugin category. Make sure you select the right JRE. See the screenshot below.
- select the configuration that you just created, and run/debug it (just as how you do that in Android Studio)
If done correctly, you should be able to see Coconut in your plugin list (Android Studio -> Preferences -> Plugins).
For a more comprehensive instruction, please refer to: https://www.jetbrains.org/intellij/sdk/docs/basics/getting_started/running_and_debugging_a_plugin.html
Test Coconut on an example Android app
- Download the CoconutTest project
- Open the project with an Android Studio that has Coconut installed. Coconut will automatically initiate privacy inspection at the project start time.
- If the project has incomplete annotations, the plugin will pop up a notification like this:
- Then you can use the PrivacyChecker tool window and quickfixes to add annotations to address these errors. You also need to import the annotation library jar to use these annotaions (available at this repo).
- Tianshi Li (Carnegie Mellon University)
- Mike Czapik (Carnegie Mellon University)
- Tiffany Yu (Carnegie Mellon University)
- Elijah Neundorfer (Columbus State University)