Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Guard your Android

Guard your Android

A basic session for Android users Presented at GDG Baroda's DevFest 2015 on 1st Nov, 2015.
Androids have penetrated our life so deeply, we are now using Android for everything, let it be booking a movie, browsing a website, purchasing groceries, ordering food, and what not! In such a scenario, it is important for you to know, how you can stay safe while doing all these activities. Find out how you can make your Android device more secure, and more reliable.

Harsh Dattani

November 01, 2015

More Decks by Harsh Dattani

Other Decks in Programming


  1. We all know! • Fastest Growing Mobile Operating System •

    1.5 billion downloads a month and growing • Millions of Devices running this Operating System • Easy (Are you sure?) to Develop Applications • Open Source!
  2. What we Don’t know! • It’s easy to create malware

    and target Android. • Even “seem like trusty” app can be malicious. • It’s not that our data, but friend’s data is also important!
  3. Important Security Terms! • Assets • Vulnerabilities • Attack Vectors

    • Threats • Proactive Measures • Counter Measures • Patches • Malware
  4. Some Famous Android Malware • Fake Opera Browser • Fake

    Angry Bird Space • Droid Dream Malware • Blackmart • Cracked Apks • Battery Savers • And More...!
  5. Unix Security Policy 1. Process Isolation 2. Hardware Isolation 3.

    User Permission Model 4. R/W/X Permissions to file 5. Secure IPC
  6. Android Security Policy 1. Application Isolation 2. Sandbox of Application

    3. Secure Communication 4. Signing the Application 5. Permission model of Application
  7. Application Isolation • Each application has own GID/UID. • System

    apps also have own GID/UID. • Based on UNIX Security Model.
  8. Permission Policy (Default) • No app can Write other app

    data. • But can Read data, with due permission • Connect to network • Cannot Use Peripherals • Cannot Use System APIs to Read/Send SMS, Call.. • Cannot Load App on System Start
  9. Some Steps! 1. Select popular application. 2. Reverse Engineer it.

    a. Dex2jar b. Apktool c. Smali/Baksmali and many more.. 3. Inject malicious code. 4. Distribute the app. (With new Certi)
  10. Dangers of Root! • Isolation is gone! • We have

    unknown code (Custom ROM) • Permission Exploits • Privacy! (Major)