Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Who Do You Think Owns Your Android Application
Search
Nazneen Rupawalla
April 19, 2016
Programming
0
56
Who Do You Think Owns Your Android Application
Presented at Droidcon Torino on 8th April 2016
Nazneen Rupawalla
April 19, 2016
Tweet
Share
More Decks by Nazneen Rupawalla
See All by Nazneen Rupawalla
Who Do You Think Owns Your Android Application?
nazneen
0
370
Other Decks in Programming
See All in Programming
AI駆動開発ライフサイクル(AI-DLC)のホワイトペーパーを解説
swxhariu5
0
670
Stay Hacker 〜九州で生まれ、Perlに出会い、コミュニティで育つ〜
pyama86
1
780
Honoを技術選定したAI要件定義プラットフォームAcsimでの意思決定
codenote
0
160
ビルドプロセスをデバッグしよう!
yt8492
0
300
Verilator + Rust + gRPC と Efinix の RISC-V でAIアクセラレータをAIで作ってる話 RTLを語る会(18) 2025/11/08
ryuz88
0
350
Nitro v3
kazupon
2
280
JEP 496 と JEP 497 から学ぶ耐量子計算機暗号入門 / Learning Post-Quantum Crypto Basics from JEP 496 & 497
mackey0225
2
220
組織もソフトウェアも難しく考えない、もっとシンプルな考え方で設計する #phpconfuk
o0h
PRO
10
4.1k
HTTPじゃ遅すぎる! SwitchBotを自作ハブで動かして学ぶBLE通信
occhi
0
240
Chart.jsで長い項目を表示するときのハマりどころ
yumechi
0
100
Eloquentを使ってどこまでコードの治安を保てるのか?を新人が考察してみた
itokoh0405
0
3.1k
GraalVM Native Image トラブルシューティング機能の最新状況(2025年版)
ntt_dsol_java
0
100
Featured
See All Featured
Making Projects Easy
brettharned
120
6.4k
Rebuilding a faster, lazier Slack
samanthasiow
84
9.3k
Why You Should Never Use an ORM
jnunemaker
PRO
60
9.6k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
670
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.5k
A Tale of Four Properties
chriscoyier
162
23k
Building a Modern Day E-commerce SEO Strategy
aleyda
45
8k
Done Done
chrislema
186
16k
What's in a price? How to price your products and services
michaelherold
246
12k
[RailsConf 2023] Rails as a piece of cake
palkan
57
6.1k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
658
61k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
Transcript
Who Do You Think Owns Your Android Application?
2 Insecure apps can grant unwanted access to data
Android App
SERVICES 4 DEMO
SERVICES 5
SERVICES - SECURE IMPLEMENTATION 6 Mark components as exported =
false Enforce a permission Helps solve the Confused Deputy Problem
7 WiFi Access? Access Granted WiFi Access? Access Denied WiFi
Manager Our app Malicious App CONFUSED DEPUTY PROBLEM
8 WiFi Access? Access Granted WiFi Manager Our app Malicious
App CONFUSED DEPUTY PROBLEM WiFi Access? Access Granted
BROADCAST RECEIVER 9 DEMO
BROADCAST RECEIVER 10
BROADCAST RECEIVER - SECURE IMPLEMENTATION 11 Enforce a permission
BROADCAST RECEIVER - SECURE IMPLEMENTATION 12 Use Intent.setPackage
BROADCAST RECEIVER - SECURE IMPLEMENTATION 13 Use LocalBroadcastManager
PERMISSIONS 14 Bad Reviews Extra permissions can cause a security
vulnerability
CAMERA PERMISSION 15
SEND_SMS PERMISSION 16
17 SSL Pinning
WEBVIEW 18
WEBVIEW : JAVA - JAVASCRIPT INTERFACE 19
WEBVIEW : ALTERNATIVE TO JAVA - JAVASCRIPT INTERFACE 20
21 WEBVIEW : UNINTENDED URLS Whitelisting Blacklisting Files can be
accessed using URL “file:///android_asset…….”
22 Logging
23 Hacker App to test these vulnerabilities
24 Proguard obfuscation
25 DexGuard
26 Android Lint
27 Zero permissions apps are secure apps?
LINKS Github Repo: https://github.com/AndroidSecurityBasics/ Blog Link: https://www.thoughtworks.com/insights/blog/ who-do-you-think-owns-your-android-app https://www.thoughtworks.com/de/insights/ blog/who-do-you-think-owns-your-android-app-
part-two
THANK YOU
nazneen
swxhariu5
pyama86
codenote
yt8492
ryuz88
kazupon
mackey0225
o0h
occhi
yumechi
.jpg){kind=avatar}
itokoh0405
ntt_dsol_java
brettharned
samanthasiow
jnunemaker
bluesmoon
thoeni
chriscoyier
aleyda
chrislema
michaelherold
palkan
lemiorhan
afnizarnur
