Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Who Do You Think Owns Your Android Application?
Search
Nazneen Rupawalla
October 31, 2015
Programming
390
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Who Do You Think Owns Your Android Application?
Session on securing your Android apps at VodQA Chennai
Nazneen Rupawalla
October 31, 2015
More Decks by Nazneen Rupawalla
See All by Nazneen Rupawalla
Who Do You Think Owns Your Android Application
nazneen
0
63
Other Decks in Programming
See All in Programming
フィードバックで育てるAI開発
kotaminato
1
110
PHPだって関数型したい 〜できること、できないこと〜 / fp-in-php
jsoizo
0
190
Go1.27で導入されるジェネリクスメソッドでできること
mackee
0
280
Signal Forms: Details & Live Coding @enterJS 2026 in Mannheim
manfredsteyer
PRO
0
230
【やさしく解説 設計編 #1】「ドメイン駆動」と「実装駆動」ってなに? 〜設計の考え方を、たとえ話で学ぼう〜
panda728
PRO
1
110
その問い、本当に正しいですか?AI時代のエンジニアに必要な哲学と認知科学 / ai-philosophy-cognitive-science
minodriven
14
6.8k
Webフレームワークの ベンチマークについて
yusukebe
0
200
分散システム、なんですぐ死んでしまうん?耐障害性を高めたいあなたのためのレジリエンスパターン入門
mshibuya
7
5.7k
Generative UI & AI-Assistants for Your Angular Solutions
manfredsteyer
PRO
0
100
AIエージェントで 変わるAndroid開発環境
takahirom
2
510
act2-costs.pdf
sumedhbala
0
110
トークンをケチるな、設計しろ:GitHub Copilotを賢く使うコンテキスト戦略
ochtum
0
310
Featured
See All Featured
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.5k
SEO for Brand Visibility & Recognition
aleyda
0
4.6k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
21
1.5k
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
signer
PRO
0
3.6k
16th Malabo Montpellier Forum Presentation
akademiya2063
PRO
0
190
The Power of CSS Pseudo Elements
geoffreycrofte
82
6.4k
Abbi's Birthday
coloredviolet
3
8.6k
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
65
56k
Navigating Algorithm Shifts & AI Overviews - #SMXNext
aleyda
1
1.4k
Groundhog Day: Seeking Process in Gaming for Health
codingconduct
0
240
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
190
AI in Enterprises - Java and Open Source to the Rescue
ivargrimstad
0
1.4k
Transcript
Who Do You Think Owns Your Android Application? Nazneen Rupawalla
Vo d Q A
2 Insecure apps can grant unwanted access to data.
COMMON MAL W ARE Backdoor apps Downloaders Mobile spies Click
Fraud enablers Rooting enablers Data stealers 3
Permissions 4 Service Database Activity APPLICATION COMPONENTS
5 Service Database Activity Settings File Activity Content Provider Cloud
INTENT FILTER • Action • Components can subscribe to the
action 6
INTENT FILTER • Explicitly mark components as exported or not.
• Grant appropriate permissions in the manifest file. • Will help solve the Confused Deputy Problem. 7
8 WiFi Manager Innocent App Malicious App WiFi Access? Access
Granted WiFi Access? Access Confused Deputy Problem
WiFi Manager Innocent App Malicious App WiFi Access? Access Granted
WiFi Access? Access Granted 9
BROADCAST RECEIVER 10 Downloading in progress WiFi is cut off
Downloading stops. App registers for network broadcast WiFi is connected again Broadcast is sent by OS Broadcast is received by app. Downloading resumed.
BROADCAST RECEIVER EXAMPLE 11 • Enforce a permission • Use
Intent.setPackage • Use LocalBroadcastManager
PERMISSIONS 12 • Bad Reviews • Extra Permissions can cause
a security vulnerability
• SMS • Camera EXTRA PERMISSIONS EXAMPLES 13
14 Hacker App to test these vulnerabilities
15 Logging
16 Proguard obfuscation
17 Android Lint
18 Zero permissions apps are secure apps?
LINKS Github Repo: https://github.com/AndroidSecurityBasics/ Blog Link: https://www.thoughtworks.com/insights/blog/who-do-you-think-owns- your-android-app
THANK YOU Presented By – Nazneen Rupawalla (@Nzneen)