Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Who Do You Think Owns Your Android Application
Search
Nazneen Rupawalla
April 19, 2016
Programming
0
56
Who Do You Think Owns Your Android Application
Presented at Droidcon Torino on 8th April 2016
Nazneen Rupawalla
April 19, 2016
Tweet
Share
More Decks by Nazneen Rupawalla
See All by Nazneen Rupawalla
Who Do You Think Owns Your Android Application?
nazneen
0
370
Other Decks in Programming
See All in Programming
20 years of Symfony, what's next?
fabpot
2
340
Context is King? 〜Verifiability時代とコンテキスト設計 / Beyond "Context is King"
rkaga
6
990
スタートアップを支える技術戦略と組織づくり
pospome
8
16k
配送計画の均等化機能を提供する取り組みについて(⽩⾦鉱業 Meetup Vol.21@六本⽊(数理最適化編))
izu_nori
0
140
DSPy Meetup Tokyo #1 - はじめてのDSPy
masahiro_nishimi
1
160
AIコードレビューがチームの"文脈"を 読めるようになるまで
marutaku
0
350
tparseでgo testの出力を見やすくする
utgwkk
1
180
LLM Çağında Backend Olmak: 10 Milyon Prompt'u Milisaniyede Sorgulamak
selcukusta
0
110
connect-python: convenient protobuf RPC for Python
anuraaga
0
380
まだ間に合う!Claude Code元年をふりかえる
nogu66
2
240
【CA.ai #3】Google ADKを活用したAI Agent開発と運用知見
harappa80
0
290
AIコーディングエージェント(Gemini)
kondai24
0
200
Featured
See All Featured
Building an army of robots
kneath
306
46k
Reflections from 52 weeks, 52 projects
jeffersonlam
355
21k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.3k
Build The Right Thing And Hit Your Dates
maggiecrowley
38
3k
Embracing the Ebb and Flow
colly
88
4.9k
What's in a price? How to price your products and services
michaelherold
246
12k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.4k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.5k
Fireside Chat
paigeccino
41
3.7k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.1k
Transcript
Who Do You Think Owns Your Android Application?
2 Insecure apps can grant unwanted access to data
Android App
SERVICES 4 DEMO
SERVICES 5
SERVICES - SECURE IMPLEMENTATION 6 Mark components as exported =
false Enforce a permission Helps solve the Confused Deputy Problem
7 WiFi Access? Access Granted WiFi Access? Access Denied WiFi
Manager Our app Malicious App CONFUSED DEPUTY PROBLEM
8 WiFi Access? Access Granted WiFi Manager Our app Malicious
App CONFUSED DEPUTY PROBLEM WiFi Access? Access Granted
BROADCAST RECEIVER 9 DEMO
BROADCAST RECEIVER 10
BROADCAST RECEIVER - SECURE IMPLEMENTATION 11 Enforce a permission
BROADCAST RECEIVER - SECURE IMPLEMENTATION 12 Use Intent.setPackage
BROADCAST RECEIVER - SECURE IMPLEMENTATION 13 Use LocalBroadcastManager
PERMISSIONS 14 Bad Reviews Extra permissions can cause a security
vulnerability
CAMERA PERMISSION 15
SEND_SMS PERMISSION 16
17 SSL Pinning
WEBVIEW 18
WEBVIEW : JAVA - JAVASCRIPT INTERFACE 19
WEBVIEW : ALTERNATIVE TO JAVA - JAVASCRIPT INTERFACE 20
21 WEBVIEW : UNINTENDED URLS Whitelisting Blacklisting Files can be
accessed using URL “file:///android_asset…….”
22 Logging
23 Hacker App to test these vulnerabilities
24 Proguard obfuscation
25 DexGuard
26 Android Lint
27 Zero permissions apps are secure apps?
LINKS Github Repo: https://github.com/AndroidSecurityBasics/ Blog Link: https://www.thoughtworks.com/insights/blog/ who-do-you-think-owns-your-android-app https://www.thoughtworks.com/de/insights/ blog/who-do-you-think-owns-your-android-app-
part-two
THANK YOU
nazneen
fabpot
rkaga
pospome
izu_nori
masahiro_nishimi
marutaku
utgwkk
selcukusta
anuraaga
nogu66
harappa80
kondai24
kneath
jeffersonlam
tammyeverts
maggiecrowley
colly
michaelherold
zakiyama
malarkey
jcasabona
paigeccino
afnizarnur
