Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Who Do You Think Owns Your Android Application
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Nazneen Rupawalla
April 19, 2016
Programming
63
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Who Do You Think Owns Your Android Application
Presented at Droidcon Torino on 8th April 2016
Nazneen Rupawalla
April 19, 2016
More Decks by Nazneen Rupawalla
See All by Nazneen Rupawalla
Who Do You Think Owns Your Android Application?
nazneen
0
390
Other Decks in Programming
See All in Programming
Semantic Version 単位で戦略を柔軟に変えて、パッケージアップデートを自動化する
daitasu
1
350
Claude Opus 4.6以後の受託開発エンジニアの変化(Claude Code開発ノウハウ大公開スペシャルbyクラスメソッド)
iidatakuma
1
580
分散システム、なんですぐ死んでしまうん?耐障害性を高めたいあなたのためのレジリエンスパターン入門
mshibuya
7
5.7k
「正の参照」と 「負の導出」で組む ハーネスエンジニアリング
cottpan
1
140
【やさしく解説 設計編・中級 #6】良いアーキテクチャとは ~ 一本の登り道の、行き先 ~
panda728
PRO
0
140
LaravelLive Japan の裏方のすべて — 第188回 PHP勉強会@東京 (2026-06-24)
suguruooki
2
150
関数型プログラミングのメリットって何だろう?
wanko_it
0
160
初めてのKubernetes 本番運用でハマった話
oku053
0
120
Observability in Practice:Grafana 與 Edge Device SRE 的那些事
blueswen
0
190
共通化で考えるべきは、実装より公開する型だった
codeegg
0
210
壊れたパーサから始める関数型設計と構成的なパーサ #fp_matsuri
raiga0310
2
200
これからAgentCoreを触る方へトレンドはGatewayです
har1101
6
480
Featured
See All Featured
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
970
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
28
3.6k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
230
23k
Darren the Foodie - Storyboard
khoart
PRO
3
3.4k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
23k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
16k
We Have a Design System, Now What?
morganepeng
55
8.2k
Getting science done with accelerated Python computing platforms
jacobtomlinson
2
260
The B2B funnel & how to create a winning content strategy
katarinadahlin
PRO
1
420
Into the Great Unknown - MozCon
thekraken
41
2.6k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.4k
Paper Plane
katiecoart
PRO
2
52k
Transcript
Who Do You Think Owns Your Android Application?
2 Insecure apps can grant unwanted access to data
Android App
SERVICES 4 DEMO
SERVICES 5
SERVICES - SECURE IMPLEMENTATION 6 Mark components as exported =
false Enforce a permission Helps solve the Confused Deputy Problem
7 WiFi Access? Access Granted WiFi Access? Access Denied WiFi
Manager Our app Malicious App CONFUSED DEPUTY PROBLEM
8 WiFi Access? Access Granted WiFi Manager Our app Malicious
App CONFUSED DEPUTY PROBLEM WiFi Access? Access Granted
BROADCAST RECEIVER 9 DEMO
BROADCAST RECEIVER 10
BROADCAST RECEIVER - SECURE IMPLEMENTATION 11 Enforce a permission
BROADCAST RECEIVER - SECURE IMPLEMENTATION 12 Use Intent.setPackage
BROADCAST RECEIVER - SECURE IMPLEMENTATION 13 Use LocalBroadcastManager
PERMISSIONS 14 Bad Reviews Extra permissions can cause a security
vulnerability
CAMERA PERMISSION 15
SEND_SMS PERMISSION 16
17 SSL Pinning
WEBVIEW 18
WEBVIEW : JAVA - JAVASCRIPT INTERFACE 19
WEBVIEW : ALTERNATIVE TO JAVA - JAVASCRIPT INTERFACE 20
21 WEBVIEW : UNINTENDED URLS Whitelisting Blacklisting Files can be
accessed using URL “file:///android_asset…….”
22 Logging
23 Hacker App to test these vulnerabilities
24 Proguard obfuscation
25 DexGuard
26 Android Lint
27 Zero permissions apps are secure apps?
LINKS Github Repo: https://github.com/AndroidSecurityBasics/ Blog Link: https://www.thoughtworks.com/insights/blog/ who-do-you-think-owns-your-android-app https://www.thoughtworks.com/de/insights/ blog/who-do-you-think-owns-your-android-app-
part-two
THANK YOU