Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Who Do You Think Owns Your Android Application
Search
Nazneen Rupawalla
April 19, 2016
Programming
0
56
Who Do You Think Owns Your Android Application
Presented at Droidcon Torino on 8th April 2016
Nazneen Rupawalla
April 19, 2016
Tweet
Share
More Decks by Nazneen Rupawalla
See All by Nazneen Rupawalla
Who Do You Think Owns Your Android Application?
nazneen
0
370
Other Decks in Programming
See All in Programming
まだ間に合う!Claude Code元年をふりかえる
nogu66
5
850
新卒エンジニアのプルリクエスト with AI駆動
fukunaga2025
0
230
ゲームの物理 剛体編
fadis
0
350
Rubyで鍛える仕組み化プロヂュース力
muryoimpl
0
140
組み合わせ爆発にのまれない - 責務分割 x テスト
halhorn
1
150
脳の「省エネモード」をデバッグする ~System 1(直感)と System 2(論理)の切り替え~
panda728
PRO
0
100
AIコードレビューがチームの"文脈"を 読めるようになるまで
marutaku
0
360
20251127_ぼっちのための懇親会対策会議
kokamoto01_metaps
2
440
これだけで丸わかり!LangChain v1.0 アップデートまとめ
os1ma
6
1.9k
UIデザインに役立つ 2025年の最新CSS / The Latest CSS for UI Design 2025
clockmaker
18
7.5k
20251212 AI 時代的 Legacy Code 營救術 2025 WebConf
mouson
0
190
モデル駆動設計をやってみよう ワークショップ開催報告(Modeling Forum2025) / model driven design workshop report
haru860
0
270
Featured
See All Featured
Visualization
eitanlees
150
16k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
54k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.2k
GraphQLとの向き合い方2022年版
quramy
50
14k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.3k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
231
22k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.6k
How to train your dragon (web standard)
notwaldorf
97
6.4k
Context Engineering - Making Every Token Count
addyosmani
9
530
Producing Creativity
orderedlist
PRO
348
40k
Done Done
chrislema
186
16k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
122
21k
Transcript
Who Do You Think Owns Your Android Application?
2 Insecure apps can grant unwanted access to data
Android App
SERVICES 4 DEMO
SERVICES 5
SERVICES - SECURE IMPLEMENTATION 6 Mark components as exported =
false Enforce a permission Helps solve the Confused Deputy Problem
7 WiFi Access? Access Granted WiFi Access? Access Denied WiFi
Manager Our app Malicious App CONFUSED DEPUTY PROBLEM
8 WiFi Access? Access Granted WiFi Manager Our app Malicious
App CONFUSED DEPUTY PROBLEM WiFi Access? Access Granted
BROADCAST RECEIVER 9 DEMO
BROADCAST RECEIVER 10
BROADCAST RECEIVER - SECURE IMPLEMENTATION 11 Enforce a permission
BROADCAST RECEIVER - SECURE IMPLEMENTATION 12 Use Intent.setPackage
BROADCAST RECEIVER - SECURE IMPLEMENTATION 13 Use LocalBroadcastManager
PERMISSIONS 14 Bad Reviews Extra permissions can cause a security
vulnerability
CAMERA PERMISSION 15
SEND_SMS PERMISSION 16
17 SSL Pinning
WEBVIEW 18
WEBVIEW : JAVA - JAVASCRIPT INTERFACE 19
WEBVIEW : ALTERNATIVE TO JAVA - JAVASCRIPT INTERFACE 20
21 WEBVIEW : UNINTENDED URLS Whitelisting Blacklisting Files can be
accessed using URL “file:///android_asset…….”
22 Logging
23 Hacker App to test these vulnerabilities
24 Proguard obfuscation
25 DexGuard
26 Android Lint
27 Zero permissions apps are secure apps?
LINKS Github Repo: https://github.com/AndroidSecurityBasics/ Blog Link: https://www.thoughtworks.com/insights/blog/ who-do-you-think-owns-your-android-app https://www.thoughtworks.com/de/insights/ blog/who-do-you-think-owns-your-android-app-
part-two
THANK YOU
nazneen
nogu66
fukunaga2025
fadis
muryoimpl
halhorn
panda728
marutaku
kokamoto01_metaps
os1ma
clockmaker
mouson
haru860
eitanlees
aki_iinuma
kevinliebholz
quramy
rmw
danielanewman
bcantrill
notwaldorf
addyosmani
orderedlist
chrislema
panda_program
