Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Intro to Pre-Report "The Security"

Intro to Pre-Report "The Security"

In Google I/O 2016, new functionality "Pre-Report" was introduced in Google Play Developer Console. When alpha/beta apk is uploaded there, then various devices with different OS installs the apk and inspect the app by running it just like our users. Not only the result of manipulation including crash events will be reported on Pre-Report, but also vulnerability scan will be conducted. I was curious what type of scan will be done, and this presentation is the first report.

Kengo Suzuki

June 10, 2016
Tweet

More Decks by Kengo Suzuki

Other Decks in Technology

Transcript

  1. "CPVU.F w ໊લ w ླ໦ݚޗ w 5XJUUFS!LFOHPTDBM w (JUIVCLFOTDBM w

    ৬ྺ w ๭ηΩϡϦςΟاۀॴଐ ೥݄ʙ  w ๭'JOUFDIܥελʔτΞοϓॴଐʢ೥݄ʙʣ
  2. 5JQT w ηΩϡϦςΟςετ͸͕͔͔࣌ؒΔ NJO͘Β͍  w (PPHMF"VUI࿈ܞΛ͍ͯ͠Ε͹αΠϯΠϯ΋উखʹ w ഑෍஍Ҭ͕ࠃͰ΋ώϯσΟʔޠͱΞϥϏΞޠͷςε τΛ͢ΔX

    w աڈʹΞοϓϩʔυͨ͠ΞϧϑΝɾϕʔλ൛΋ର৅ʹ ͯ͘͠ΕΔͬΆ͍ w ͨͩ͠ΫϥογϡͱεΫϦʔϯγϣοτͷΈ
  3. ݁Ռ w 44-ݕূແࢹͷΈݕ஌ w "1*ʹΑͬͯ੬ऑੑϙΠϯτ͕ҟͳΔ৔߹͸ݕࠪ͞ Εͳ͍ʁ w "1*ະຬΛUBSHFUʹͯ͠ςετͯ͠ΈΔ  w

    ςʔϚͱ͔ͷमਖ਼͕ΊΜͲͯ͘΍Βͳ͔ͬͨ  w ๬·͘͠ͳͯ͘΋ɺۀ຿্ඞཁʹͳΓͦ͏ͳ࣮૷͸ ΞϥʔτΛ͋͛ͳ͍Α͏ʹͯ͠Δͷ͔΋
  4. $PODMVTJPO w ੩తղੳͰ͋Δ͜ͱ͕൑໌ w ԿΛݕ஌ͯ͘͠ΕΔͷ͔Θ͔Βͳ͍ w ๬·͘͠ͳͯ͘΋ɺۀ຿্ඞཁʹͳΓͦ͏ͳ࣮૷͸ΞϥʔτΛ ͋͛ͳ͍Α͏ʹͯ͠Δͷ͔΋ w ৭ʑɺະ஌਺

    w ͦ΋ͦ΋Զͷ࣮૷ɾςετख๏͋ͬͯΔ͔ʁ w ˣ΋ࢼͯ͠ΈΔ w ϥΠϒϥϦʹ͓͚Δ੬ऑੑ w ྫ0L)UUQະຬͷ)551ϔομΠϯδΣΫγϣϯ