Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Who Do You Think Owns Your Android Application?
Search
Nazneen Rupawalla
October 31, 2015
Programming
0
360
Who Do You Think Owns Your Android Application?
Session on securing your Android apps at VodQA Chennai
Nazneen Rupawalla
October 31, 2015
Tweet
Share
More Decks by Nazneen Rupawalla
See All by Nazneen Rupawalla
Who Do You Think Owns Your Android Application
nazneen
0
54
Other Decks in Programming
See All in Programming
ZeroETLで始めるDynamoDBとS3の連携
afooooil
0
150
「次に何を学べばいいか分からない」あなたへ──若手エンジニアのための学習地図
panda_program
3
710
DataformでPythonする / dataform-de-python
snhryt
0
150
バイブコーディングの正体——AIエージェントはソフトウェア開発を変えるか?
stakaya
5
740
変化を楽しむエンジニアリング ~ いままでとこれから ~
murajun1978
0
670
実践!App Intents対応
yuukiw00w
0
130
バイブスあるコーディングで ~PHP~ 便利ツールをつくるプラクティス
uzulla
1
320
リッチエディターを安全に開発・運用するために
unachang113
1
350
新しいモバイルアプリ勉強会(仮)について
uetyo
1
250
QA x AIエコシステム段階構築作戦
osu
0
240
Gemini CLIの"強み"を知る! Gemini CLIとClaude Codeを比較してみた!
kotahisafuru
3
920
React 使いじゃなくても知っておきたい教養としての React
oukayuka
18
5.3k
Featured
See All Featured
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
8
750
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
31
1.3k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.8k
Building a Modern Day E-commerce SEO Strategy
aleyda
43
7.4k
Building an army of robots
kneath
306
45k
Optimizing for Happiness
mojombo
379
70k
GraphQLとの向き合い方2022年版
quramy
49
14k
Rails Girls Zürich Keynote
gr2m
95
14k
Git: the NoSQL Database
bkeepers
PRO
431
65k
YesSQL, Process and Tooling at Scale
rocio
173
14k
The Art of Programming - Codeland 2020
erikaheidi
54
13k
Producing Creativity
orderedlist
PRO
346
40k
Transcript
Who Do You Think Owns Your Android Application? Nazneen Rupawalla
Vo d Q A
2 Insecure apps can grant unwanted access to data.
COMMON MAL W ARE Backdoor apps Downloaders Mobile spies Click
Fraud enablers Rooting enablers Data stealers 3
Permissions 4 Service Database Activity APPLICATION COMPONENTS
5 Service Database Activity Settings File Activity Content Provider Cloud
INTENT FILTER • Action • Components can subscribe to the
action 6
INTENT FILTER • Explicitly mark components as exported or not.
• Grant appropriate permissions in the manifest file. • Will help solve the Confused Deputy Problem. 7
8 WiFi Manager Innocent App Malicious App WiFi Access? Access
Granted WiFi Access? Access Confused Deputy Problem
WiFi Manager Innocent App Malicious App WiFi Access? Access Granted
WiFi Access? Access Granted 9
BROADCAST RECEIVER 10 Downloading in progress WiFi is cut off
Downloading stops. App registers for network broadcast WiFi is connected again Broadcast is sent by OS Broadcast is received by app. Downloading resumed.
BROADCAST RECEIVER EXAMPLE 11 • Enforce a permission • Use
Intent.setPackage • Use LocalBroadcastManager
PERMISSIONS 12 • Bad Reviews • Extra Permissions can cause
a security vulnerability
• SMS • Camera EXTRA PERMISSIONS EXAMPLES 13
14 Hacker App to test these vulnerabilities
15 Logging
16 Proguard obfuscation
17 Android Lint
18 Zero permissions apps are secure apps?
LINKS Github Repo: https://github.com/AndroidSecurityBasics/ Blog Link: https://www.thoughtworks.com/insights/blog/who-do-you-think-owns- your-android-app
THANK YOU Presented By – Nazneen Rupawalla (@Nzneen)