Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Who Do You Think Owns Your Android Application?
Search
Nazneen Rupawalla
October 31, 2015
Programming
0
370
Who Do You Think Owns Your Android Application?
Session on securing your Android apps at VodQA Chennai
Nazneen Rupawalla
October 31, 2015
Tweet
Share
More Decks by Nazneen Rupawalla
See All by Nazneen Rupawalla
Who Do You Think Owns Your Android Application
nazneen
0
55
Other Decks in Programming
See All in Programming
Platformに“ちょうどいい”責務ってどこ? 関心の熱さにあわせて考える、責務分担のプラクティス
estie
1
240
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
430
Navigation 2 を 3 に移行する(予定)ためにやったこと
yokomii
0
360
Swift Updates - Learn Languages 2025
koher
2
520
How Android Uses Data Structures Behind The Scenes
l2hyunwoo
0
490
Improving my own Ruby thereafter
sisshiki1969
1
160
ファインディ株式会社におけるMCP活用とサービス開発
starfish719
0
2.1k
速いWebフレームワークを作る
yusukebe
5
1.7k
Azure SRE Agentで運用は楽になるのか?
kkamegawa
0
2.6k
Android 16 × Jetpack Composeで縦書きテキストエディタを作ろう / Vertical Text Editor with Compose on Android 16
cc4966
2
280
OSS開発者という働き方
andpad
5
1.7k
デザイナーが Androidエンジニアに 挑戦してみた
874wokiite
0
580
Featured
See All Featured
Gamification - CAS2011
davidbonilla
81
5.4k
Thoughts on Productivity
jonyablonski
70
4.8k
The Art of Programming - Codeland 2020
erikaheidi
56
13k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
Building Adaptive Systems
keathley
43
2.7k
Site-Speed That Sticks
csswizardry
10
830
Designing Experiences People Love
moore
142
24k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
23
1.4k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
Transcript
Who Do You Think Owns Your Android Application? Nazneen Rupawalla
Vo d Q A
2 Insecure apps can grant unwanted access to data.
COMMON MAL W ARE Backdoor apps Downloaders Mobile spies Click
Fraud enablers Rooting enablers Data stealers 3
Permissions 4 Service Database Activity APPLICATION COMPONENTS
5 Service Database Activity Settings File Activity Content Provider Cloud
INTENT FILTER • Action • Components can subscribe to the
action 6
INTENT FILTER • Explicitly mark components as exported or not.
• Grant appropriate permissions in the manifest file. • Will help solve the Confused Deputy Problem. 7
8 WiFi Manager Innocent App Malicious App WiFi Access? Access
Granted WiFi Access? Access Confused Deputy Problem
WiFi Manager Innocent App Malicious App WiFi Access? Access Granted
WiFi Access? Access Granted 9
BROADCAST RECEIVER 10 Downloading in progress WiFi is cut off
Downloading stops. App registers for network broadcast WiFi is connected again Broadcast is sent by OS Broadcast is received by app. Downloading resumed.
BROADCAST RECEIVER EXAMPLE 11 • Enforce a permission • Use
Intent.setPackage • Use LocalBroadcastManager
PERMISSIONS 12 • Bad Reviews • Extra Permissions can cause
a security vulnerability
• SMS • Camera EXTRA PERMISSIONS EXAMPLES 13
14 Hacker App to test these vulnerabilities
15 Logging
16 Proguard obfuscation
17 Android Lint
18 Zero permissions apps are secure apps?
LINKS Github Repo: https://github.com/AndroidSecurityBasics/ Blog Link: https://www.thoughtworks.com/insights/blog/who-do-you-think-owns- your-android-app
THANK YOU Presented By – Nazneen Rupawalla (@Nzneen)
nazneen
estie
ivargrimstad
yokomii
koher
l2hyunwoo
sisshiki1969
starfish719
yusukebe
kkamegawa
cc4966
andpad
874wokiite
davidbonilla
jonyablonski
erikaheidi
eileencodes
marcelosomers
yeseniaperezcruz
keathley
csswizardry
moore
honnibal
malarkey
hatefulcrawdad
