Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Who Do You Think Owns Your Android Application

Avatar for Nazneen Rupawalla Nazneen Rupawalla
April 19, 2016
Programming
59
0

Who Do You Think Owns Your Android Application

Presented at Droidcon Torino on 8th April 2016

Avatar for Nazneen Rupawalla

Nazneen Rupawalla

April 19, 2016

More Decks by Nazneen Rupawalla

See All by Nazneen Rupawalla
Who Do You Think Owns Your Android Application?
Avatar for Nazneen Rupawalla nazneen
0
380

Other Decks in Programming

See All in Programming
ネイティブアプリとWebフロントエンドのAPI通信ラッパーにおける共通化の勘所
Avatar for Suguru Ohki suguruooki
0
230
[PHPerKaigi 2026]PHPerKaigi2025の企画CodeGolfが最高すぎて社内で内製して半年運営して得た内製と運営の知見
Avatar for Z.O.E. ikezoemakoto
0
310
「速くなった気がする」をデータで疑う
Avatar for Leaf senleaf24
0
110
PHPのバージョンアップ時にも役立ったAST(2026年版)
Avatar for Atsushi Matsuo matsuo_atsushi
0
270
Linux Kernelの1文字のミスで 権限昇格ができた話
Avatar for rona rqda
0
2.2k
ポーリング処理廃止によるイベント駆動アーキテクチャへの移行
Avatar for Seitaro Fujigaki seitarof
3
1.3k
我々はなぜ「層」を分けるのか〜「関心の分離」と「抽象化」で手に入れる変更に強いシンプルな設計〜 #phperkaigi / PHPerKaigi 2026
Avatar for shogogg shogogg
2
720
今こそ押さえておきたい アマゾンウェブサービス(AWS)の データベースの基礎 おもクラ #6版
Avatar for Satoshi Kaneyasu satoshi256kbyte
1
210
Nuxt Server Components
Avatar for wattanx wattanx
0
220
Rethinking API Platform Filters
Avatar for Vincent Amstoutz vinceamstoutz
0
4.2k
Reactive ❤️ Loom: A Forbidden Love Story
Avatar for Francesco Nigro franz1981
2
210
おれのAgentic Coding 2026/03
Avatar for TsukasaSekiguchi tsukasagr
1
120

Featured

See All Featured
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
287
14k
A Guide to Academic Writing Using Generative AI - A Workshop
Avatar for Kenji Saito ks91
PRO
0
250
Stewardship and Sustainability of Urban and Community Forests
Avatar for Eric Wiseman pwiseman
0
170
We Analyzed 250 Million AI Search Results: Here's What I Found
Avatar for Josh Blyskal joshbly
1
1.1k
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
Avatar for AKADEMIYA2063 akademiya2063
PRO
1
79
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
463
34k
The Mindset for Success: Future Career Progression
Avatar for Greg Gifford greggifford
PRO
0
290
Primal Persuasion: How to Engage the Brain for Learning That Lasts
Avatar for Mike Taylor tmiket
0
300
The Curious Case for Waylosing
Avatar for Cassini Nazir cassininazir
0
280
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
234
17k
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
52
3.6k
How to Get Subject Matter Experts Bought In and Actively Contributing to SEO & PR Initiatives.
Avatar for Liv Day livdayseo
0
91

Transcript

  1. Who Do You Think Owns Your Android Application?

  2. 2 Insecure apps can grant unwanted access to data

  3. Android App

  4. SERVICES 4 DEMO

  5. SERVICES 5

  6. SERVICES - SECURE IMPLEMENTATION 6 Mark components as exported =

    false Enforce a permission Helps solve the Confused Deputy Problem

  7. 7 WiFi Access? Access Granted WiFi Access? Access Denied WiFi

    Manager Our app Malicious App CONFUSED DEPUTY PROBLEM

  8. 8 WiFi Access? Access Granted WiFi Manager Our app Malicious

    App CONFUSED DEPUTY PROBLEM WiFi Access? Access Granted

  9. BROADCAST RECEIVER 9 DEMO

  10. BROADCAST RECEIVER 10

  11. BROADCAST RECEIVER - SECURE IMPLEMENTATION 11 Enforce a permission

  12. BROADCAST RECEIVER - SECURE IMPLEMENTATION 12 Use Intent.setPackage

  13. BROADCAST RECEIVER - SECURE IMPLEMENTATION 13 Use LocalBroadcastManager

  14. PERMISSIONS 14 Bad Reviews Extra permissions can cause a security

    vulnerability

  15. CAMERA PERMISSION 15

  16. SEND_SMS PERMISSION 16

  17. 17 SSL Pinning

  18. WEBVIEW 18

  19. WEBVIEW : JAVA - JAVASCRIPT INTERFACE 19

  20. WEBVIEW : ALTERNATIVE TO JAVA - JAVASCRIPT INTERFACE 20

  21. 21 WEBVIEW : UNINTENDED URLS Whitelisting Blacklisting Files can be

    accessed using URL “file:///android_asset…….”

  22. 22 Logging

  23. 23 Hacker App to test these vulnerabilities

  24. 24 Proguard obfuscation

  25. 25 DexGuard

  26. 26 Android Lint

  27. 27 Zero permissions apps are secure apps?

  28. LINKS Github Repo: https://github.com/AndroidSecurityBasics/ Blog Link: https://www.thoughtworks.com/insights/blog/ who-do-you-think-owns-your-android-app https://www.thoughtworks.com/de/insights/ blog/who-do-you-think-owns-your-android-app-

    part-two

  29. THANK YOU