Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Who Do You Think Owns Your Android Application?
Search
Nazneen Rupawalla
October 31, 2015
Programming
0
370
Who Do You Think Owns Your Android Application?
Session on securing your Android apps at VodQA Chennai
Nazneen Rupawalla
October 31, 2015
Tweet
Share
More Decks by Nazneen Rupawalla
See All by Nazneen Rupawalla
Who Do You Think Owns Your Android Application
nazneen
0
55
Other Decks in Programming
See All in Programming
Nuances on Kubernetes - RubyConf Taiwan 2025
envek
0
190
Portapad紹介プレゼンテーション
gotoumakakeru
1
130
サーバーサイドのビルド時間87倍高速化
plaidtech
PRO
0
470
パスタの技術
yusukebe
1
400
Jakarta EE Core Profile and Helidon - Speed, Simplicity, and AI Integration
ivargrimstad
0
190
TanStack DB ~状態管理の新しい考え方~
bmthd
2
320
新世界の理解
koriym
0
140
kiroでゲームを作ってみた
iriikeita
0
180
画像コンペでのベースラインモデルの育て方
tattaka
3
1.8k
GUI操作LLMの最新動向: UI-TARSと関連論文紹介
kfujikawa
0
1k
The State of Fluid (2025)
s2b
0
200
State of CSS 2025
benjaminkott
1
120
Featured
See All Featured
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
9
780
Making Projects Easy
brettharned
117
6.3k
A better future with KSS
kneath
239
17k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3.1k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.4k
Statistics for Hackers
jakevdp
799
220k
Optimizing for Happiness
mojombo
379
70k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
Unsuck your backbone
ammeep
671
58k
Fireside Chat
paigeccino
39
3.6k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3k
Six Lessons from altMBA
skipperchong
28
4k
Transcript
Who Do You Think Owns Your Android Application? Nazneen Rupawalla
Vo d Q A
2 Insecure apps can grant unwanted access to data.
COMMON MAL W ARE Backdoor apps Downloaders Mobile spies Click
Fraud enablers Rooting enablers Data stealers 3
Permissions 4 Service Database Activity APPLICATION COMPONENTS
5 Service Database Activity Settings File Activity Content Provider Cloud
INTENT FILTER • Action • Components can subscribe to the
action 6
INTENT FILTER • Explicitly mark components as exported or not.
• Grant appropriate permissions in the manifest file. • Will help solve the Confused Deputy Problem. 7
8 WiFi Manager Innocent App Malicious App WiFi Access? Access
Granted WiFi Access? Access Confused Deputy Problem
WiFi Manager Innocent App Malicious App WiFi Access? Access Granted
WiFi Access? Access Granted 9
BROADCAST RECEIVER 10 Downloading in progress WiFi is cut off
Downloading stops. App registers for network broadcast WiFi is connected again Broadcast is sent by OS Broadcast is received by app. Downloading resumed.
BROADCAST RECEIVER EXAMPLE 11 • Enforce a permission • Use
Intent.setPackage • Use LocalBroadcastManager
PERMISSIONS 12 • Bad Reviews • Extra Permissions can cause
a security vulnerability
• SMS • Camera EXTRA PERMISSIONS EXAMPLES 13
14 Hacker App to test these vulnerabilities
15 Logging
16 Proguard obfuscation
17 Android Lint
18 Zero permissions apps are secure apps?
LINKS Github Repo: https://github.com/AndroidSecurityBasics/ Blog Link: https://www.thoughtworks.com/insights/blog/who-do-you-think-owns- your-android-app
THANK YOU Presented By – Nazneen Rupawalla (@Nzneen)