Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Who Do You Think Owns Your Android Application
Search
Nazneen Rupawalla
April 19, 2016
Programming
0
54
Who Do You Think Owns Your Android Application
Presented at Droidcon Torino on 8th April 2016
Nazneen Rupawalla
April 19, 2016
Tweet
Share
More Decks by Nazneen Rupawalla
See All by Nazneen Rupawalla
Who Do You Think Owns Your Android Application?
nazneen
0
350
Other Decks in Programming
See All in Programming
定理証明プラットフォーム lapisla.net
abap34
1
600
ある日突然あなたが管理しているサーバーにDDoSが来たらどうなるでしょう?知ってるようで何も知らなかったDDoS攻撃と対策 #phpcon.2024
akase244
2
7.8k
最近のVS Codeで気になるニュース 2025/01
74th
1
220
EC2からECSへ 念願のコンテナ移行と巨大レガシーPHPアプリケーションの再構築
sumiyae
3
610
PHPUnitしか使ってこなかった 一般PHPerがPestに乗り換えた実録
mashirou1234
0
450
オニオンアーキテクチャを使って、 Unityと.NETでコードを共有する
soi013
0
380
ISUCON14感想戦で85万点まで頑張ってみた
ponyo877
1
770
Linux && Docker 研修/Linux && Docker training
forrep
16
3k
Fixstars高速化コンテスト2024準優勝解法
eijirou
0
190
ゼロからの、レトロゲームエンジンの作り方
tokujiros
3
1.1k
月刊 競技プログラミングをお仕事に役立てるには
terryu16
1
1.2k
CNCF Project の作者が考えている OSS の運営
utam0k
5
550
Featured
See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.5k
A better future with KSS
kneath
238
17k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
365
25k
Docker and Python
trallard
43
3.2k
Designing for humans not robots
tammielis
250
25k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
28
4.5k
Typedesign – Prime Four
hannesfritz
40
2.5k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
29
980
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Why Our Code Smells
bkeepers
PRO
335
57k
The Cost Of JavaScript in 2023
addyosmani
47
7.2k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.6k
Transcript
Who Do You Think Owns Your Android Application?
2 Insecure apps can grant unwanted access to data
Android App
SERVICES 4 DEMO
SERVICES 5
SERVICES - SECURE IMPLEMENTATION 6 Mark components as exported =
false Enforce a permission Helps solve the Confused Deputy Problem
7 WiFi Access? Access Granted WiFi Access? Access Denied WiFi
Manager Our app Malicious App CONFUSED DEPUTY PROBLEM
8 WiFi Access? Access Granted WiFi Manager Our app Malicious
App CONFUSED DEPUTY PROBLEM WiFi Access? Access Granted
BROADCAST RECEIVER 9 DEMO
BROADCAST RECEIVER 10
BROADCAST RECEIVER - SECURE IMPLEMENTATION 11 Enforce a permission
BROADCAST RECEIVER - SECURE IMPLEMENTATION 12 Use Intent.setPackage
BROADCAST RECEIVER - SECURE IMPLEMENTATION 13 Use LocalBroadcastManager
PERMISSIONS 14 Bad Reviews Extra permissions can cause a security
vulnerability
CAMERA PERMISSION 15
SEND_SMS PERMISSION 16
17 SSL Pinning
WEBVIEW 18
WEBVIEW : JAVA - JAVASCRIPT INTERFACE 19
WEBVIEW : ALTERNATIVE TO JAVA - JAVASCRIPT INTERFACE 20
21 WEBVIEW : UNINTENDED URLS Whitelisting Blacklisting Files can be
accessed using URL “file:///android_asset…….”
22 Logging
23 Hacker App to test these vulnerabilities
24 Proguard obfuscation
25 DexGuard
26 Android Lint
27 Zero permissions apps are secure apps?
LINKS Github Repo: https://github.com/AndroidSecurityBasics/ Blog Link: https://www.thoughtworks.com/insights/blog/ who-do-you-think-owns-your-android-app https://www.thoughtworks.com/de/insights/ blog/who-do-you-think-owns-your-android-app-
part-two
THANK YOU
nazneen
abap34
akase244
74th
sumiyae
mashirou1234
soi013
ponyo877
forrep
eijirou
tokujiros
terryu16
utam0k
maggiecrowley
kneath
cassininazir
trallard
tammielis
kevinliebholz
hannesfritz
garrettdimon
denniskardys
bkeepers
addyosmani
kastner
