Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Who Do You Think Owns Your Android Application
Search
Nazneen Rupawalla
April 19, 2016
Programming
0
54
Who Do You Think Owns Your Android Application
Presented at Droidcon Torino on 8th April 2016
Nazneen Rupawalla
April 19, 2016
Tweet
Share
More Decks by Nazneen Rupawalla
See All by Nazneen Rupawalla
Who Do You Think Owns Your Android Application?
nazneen
0
360
Other Decks in Programming
See All in Programming
DataformでPythonする / dataform-de-python
snhryt
0
150
あのころの iPod を どうにか再生させたい
orumin
2
190
ソフトウェア設計とAI技術の活用
masuda220
PRO
26
7.3k
Dart 参戦!!静的型付き言語界の隠れた実力者
kno3a87
0
170
中級グラフィックス入門~効率的なメッシュレット描画~
projectasura
4
2.4k
Infer入門
riru
2
180
CEDEC 2025 『ゲームにおけるリアルタイム通信への QUIC導入事例の紹介』
segadevtech
2
750
新世界の理解
koriym
0
130
Gemini CLIの"強み"を知る! Gemini CLIとClaude Codeを比較してみた!
kotahisafuru
3
920
WebAssemblyインタプリタを書く ~Component Modelを添えて~
ruccho
1
240
なぜ今、Terraformの本を書いたのか? - 著者陣に聞く!『Terraformではじめる実践IaC』登壇資料
fufuhu
4
410
Strands Agents で実現する名刺解析アーキテクチャ
omiya0555
1
110
Featured
See All Featured
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Rebuilding a faster, lazier Slack
samanthasiow
83
9.1k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
31
1.3k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
47
9.6k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
RailsConf 2023
tenderlove
30
1.2k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
50k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.8k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.8k
Mobile First: as difficult as doing things right
swwweet
223
9.9k
Balancing Empowerment & Direction
lara
1
530
Transcript
Who Do You Think Owns Your Android Application?
2 Insecure apps can grant unwanted access to data
Android App
SERVICES 4 DEMO
SERVICES 5
SERVICES - SECURE IMPLEMENTATION 6 Mark components as exported =
false Enforce a permission Helps solve the Confused Deputy Problem
7 WiFi Access? Access Granted WiFi Access? Access Denied WiFi
Manager Our app Malicious App CONFUSED DEPUTY PROBLEM
8 WiFi Access? Access Granted WiFi Manager Our app Malicious
App CONFUSED DEPUTY PROBLEM WiFi Access? Access Granted
BROADCAST RECEIVER 9 DEMO
BROADCAST RECEIVER 10
BROADCAST RECEIVER - SECURE IMPLEMENTATION 11 Enforce a permission
BROADCAST RECEIVER - SECURE IMPLEMENTATION 12 Use Intent.setPackage
BROADCAST RECEIVER - SECURE IMPLEMENTATION 13 Use LocalBroadcastManager
PERMISSIONS 14 Bad Reviews Extra permissions can cause a security
vulnerability
CAMERA PERMISSION 15
SEND_SMS PERMISSION 16
17 SSL Pinning
WEBVIEW 18
WEBVIEW : JAVA - JAVASCRIPT INTERFACE 19
WEBVIEW : ALTERNATIVE TO JAVA - JAVASCRIPT INTERFACE 20
21 WEBVIEW : UNINTENDED URLS Whitelisting Blacklisting Files can be
accessed using URL “file:///android_asset…….”
22 Logging
23 Hacker App to test these vulnerabilities
24 Proguard obfuscation
25 DexGuard
26 Android Lint
27 Zero permissions apps are secure apps?
LINKS Github Repo: https://github.com/AndroidSecurityBasics/ Blog Link: https://www.thoughtworks.com/insights/blog/ who-do-you-think-owns-your-android-app https://www.thoughtworks.com/de/insights/ blog/who-do-you-think-owns-your-android-app-
part-two
THANK YOU
nazneen
snhryt
orumin
masuda220
kno3a87
projectasura
riru
segadevtech
koriym
kotahisafuru
ruccho
fufuhu
omiya0555
samlambert
samanthasiow
afnizarnur
garrettdimon
mongodb
smashingmag
tenderlove
chrisshort
dougneiner
bluesmoon
swwweet
lara
