Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Guard your Android

Harsh Dattani
November 01, 2015
Programming
0
89

Guard your Android

A basic session for Android users Presented at GDG Baroda's DevFest 2015 on 1st Nov, 2015.
Androids have penetrated our life so deeply, we are now using Android for everything, let it be booking a movie, browsing a website, purchasing groceries, ordering food, and what not! In such a scenario, it is important for you to know, how you can stay safe while doing all these activities. Find out how you can make your Android device more secure, and more reliable.

Harsh Dattani

November 01, 2015
Tweet

More Decks by Harsh Dattani

See All by Harsh Dattani
Whats new in Android N
harshdattani
0
40
Developing Secure Android Application
harshdattani
2
330
Introduction to Material Design
harshdattani
3
140

Other Decks in Programming

See All in Programming
使ってみよう Azure AI Document Intelligence
kosmosebi
2
310
MetricKitで予期せぬ終了を検知する話 / Detect unexpected termination with MetricKit
nekowen
1
190
Zero Waste, Radical Magic, and Italian Graft – Quarkus Efficiency Secrets
hollycummins
0
230
R言語の環境構築と基礎 Tokyo.R 112
bob3bob3
0
270
GitHub Copilotのススメ
marcy731
1
200
⼤規模⾔語モデルの拡張(RAG)が 終わったかも知れない件について
nearme_tech
23
15k
2 週間で Twitter Bot を作ってみた
contour_gara
0
380
Goのエラースタックトレースの歴史と今後
sonatard
8
1.4k
Prepare for Jakarta EE 11 - Performance and Developer Productivity
ivargrimstad
0
780
VSCodeでのDatabricks開発もお勧めしたい/I would also recommend Databricks development with VSCode.
kazumain
0
250
Java 22 Overview
kishida
1
180
単体テストを書かない技術 #phpcon_odawara
o0h
PRO
27
8.3k

Featured

See All Featured
Happy Clients
brianwarren
92
6.4k
Designing for Performance
lara
601
67k
Building an army of robots
kneath
300
41k
Code Reviewing Like a Champion
maltzj
514
39k
Bash Introduction
62gerente
604
210k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
21
1.6k
Automating Front-end Workflow
addyosmani
1356
200k
Git: the NoSQL Database
bkeepers
PRO
422
63k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
25
2.3k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.9k
How STYLIGHT went responsive
nonsquared
92
4.8k
Visualization
eitanlees
136
14k

Transcript

  1. Stay Hungry, Stay Foolish! Stay Alert, Stay Safe! Om Shanti

  2. Aboutme.apk A Student and a Learner! Always! :P Harsh Dattani

    GDG Baroda

  3. We all know! • Fastest Growing Mobile Operating System •

    1.5 billion downloads a month and growing • Millions of Devices running this Operating System • Easy (Are you sure?) to Develop Applications • Open Source!

  4. What we Don’t know! • It’s easy to create malware

    and target Android. • Even “seem like trusty” app can be malicious. • It’s not that our data, but friend’s data is also important!

  5. Important Security Terms! • Assets • Vulnerabilities • Attack Vectors

    • Threats • Proactive Measures • Counter Measures • Patches • Malware

  6. Some Famous Android Malware • Fake Opera Browser • Fake

    Angry Bird Space • Droid Dream Malware • Blackmart • Cracked Apks • Battery Savers • And More...!

  7. Unix Security Policy 1. Process Isolation 2. Hardware Isolation 3.

    User Permission Model 4. R/W/X Permissions to file 5. Secure IPC

  8. Application Installation

  9. Android Security Policy 1. Application Isolation 2. Sandbox of Application

    3. Secure Communication 4. Signing the Application 5. Permission model of Application

  10. Virtualization

  11. Application Isolation • Each application has own GID/UID. • System

    apps also have own GID/UID. • Based on UNIX Security Model.

  12. Permission Policy (Default) • No app can Write other app

    data. • But can Read data, with due permission • Connect to network • Cannot Use Peripherals • Cannot Use System APIs to Read/Send SMS, Call.. • Cannot Load App on System Start

  13. Darwin’s Theory!

  14. Dalvik → ART

  15. 1.0 → 6.0

  16. Less Secure → More Less Secure

  17. Some Steps! 1. Select popular application. 2. Reverse Engineer it.

    a. Dex2jar b. Apktool c. Smali/Baksmali and many more.. 3. Inject malicious code. 4. Distribute the app. (With new Certi)

  18. Root?

  19. But it’s not Free!

  20. Dangers of Root! • Isolation is gone! • We have

    unknown code (Custom ROM) • Permission Exploits • Privacy! (Major)

  21. Exploitation Frameworks • AFE • Santoku • MSFvemon • Androguard

    • APKTool • Dex2Jar

  22. Security Checklist?

  23. JQuery?