Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Who Do You Think Owns Your Android Application?
Search
Nazneen Rupawalla
October 31, 2015
Programming
0
290
Who Do You Think Owns Your Android Application?
Session on securing your Android apps at VodQA Chennai
Nazneen Rupawalla
October 31, 2015
Tweet
Share
More Decks by Nazneen Rupawalla
See All by Nazneen Rupawalla
Who Do You Think Owns Your Android Application
nazneen
0
52
Other Decks in Programming
See All in Programming
TCAとKMPを用いた新規動画配信アプリ 「ABEMA Live」の設計
tomu28
1
100
⼤規模⾔語モデルの拡張(RAG)が 終わったかも知れない件について
nearme_tech
23
15k
コーンフレークから始める モデリング会話入門
ogurotakayuki
0
370
TYPO3 v13 – The road to LTS: What's new and new APIs
luisasofie_xoxo
0
200
スクラムガイドのスプリントレトロスペクティブを改めて読みかえしてみた / Re-reading the Sprint Retrospective Section in the Scrum Guide
mackey0225
3
420
Snowflakeで眠ったデータを起こそう!
estie
0
120
0→1と1→10の狭間で Javaという技術選定を振り返る/Reflecting on the Decision to Choose Java Between Scaling from 0 to 1 and 1 to 10
jaguar_imo
2
380
Komplexe Oberflächen mit SVG und der Web Animation API
joergneumann
0
670
Elm Form Validation
bkuhlmann
0
510
OpenAPIを中心に考えるAPI開発入門 / Introduction to API Development with a Focus on OpenAPI
seike460
PRO
2
170
1BRC--Nerd Sniping the Java Community
gunnarmorling
0
340
dbtのドメイン分割による データ基盤の改善とDigdagとの連携
sakama
0
310
Featured
See All Featured
Producing Creativity
orderedlist
PRO
337
39k
Fontdeck: Realign not Redesign
paulrobertlloyd
76
4.9k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
34
8.9k
For a Future-Friendly Web
brad_frost
172
9k
Robots, Beer and Maslow
schacon
PRO
155
7.9k
Fireside Chat
paigeccino
21
2.6k
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k
Build The Right Thing And Hit Your Dates
maggiecrowley
24
2k
What the flash - Photography Introduction
edds
64
11k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
241
1.2M
How to Ace a Technical Interview
jacobian
272
22k
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
Transcript
Who Do You Think Owns Your Android Application? Nazneen Rupawalla
Vo d Q A
2 Insecure apps can grant unwanted access to data.
COMMON MAL W ARE Backdoor apps Downloaders Mobile spies Click
Fraud enablers Rooting enablers Data stealers 3
Permissions 4 Service Database Activity APPLICATION COMPONENTS
5 Service Database Activity Settings File Activity Content Provider Cloud
INTENT FILTER • Action • Components can subscribe to the
action 6
INTENT FILTER • Explicitly mark components as exported or not.
• Grant appropriate permissions in the manifest file. • Will help solve the Confused Deputy Problem. 7
8 WiFi Manager Innocent App Malicious App WiFi Access? Access
Granted WiFi Access? Access Confused Deputy Problem
WiFi Manager Innocent App Malicious App WiFi Access? Access Granted
WiFi Access? Access Granted 9
BROADCAST RECEIVER 10 Downloading in progress WiFi is cut off
Downloading stops. App registers for network broadcast WiFi is connected again Broadcast is sent by OS Broadcast is received by app. Downloading resumed.
BROADCAST RECEIVER EXAMPLE 11 • Enforce a permission • Use
Intent.setPackage • Use LocalBroadcastManager
PERMISSIONS 12 • Bad Reviews • Extra Permissions can cause
a security vulnerability
• SMS • Camera EXTRA PERMISSIONS EXAMPLES 13
14 Hacker App to test these vulnerabilities
15 Logging
16 Proguard obfuscation
17 Android Lint
18 Zero permissions apps are secure apps?
LINKS Github Repo: https://github.com/AndroidSecurityBasics/ Blog Link: https://www.thoughtworks.com/insights/blog/who-do-you-think-owns- your-android-app
THANK YOU Presented By – Nazneen Rupawalla (@Nzneen)