Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Who Do You Think Owns Your Android Application

Avatar for Nazneen Rupawalla Nazneen Rupawalla
April 19, 2016
Programming
0
57

Who Do You Think Owns Your Android Application

Presented at Droidcon Torino on 8th April 2016

Avatar for Nazneen Rupawalla

Nazneen Rupawalla

April 19, 2016
Tweet

More Decks by Nazneen Rupawalla

See All by Nazneen Rupawalla
Who Do You Think Owns Your Android Application?
Avatar for Nazneen Rupawalla nazneen
0
370

Other Decks in Programming

See All in Programming
Cap'n Webについて
Avatar for Yusuke Wada yusukebe
0
170
例外処理とどう使い分ける?Result型を使ったエラー設計 #burikaigi
Avatar for Takuma Kajikawa kajitack
16
5.5k
生成AIを利用するだけでなく、投資できる組織へ
Avatar for pospome pospome
2
450
フロントエンド開発の勘所 -複数事業を経験して見えた判断軸の違い-
Avatar for Yoichiro Kubo heimusu
7
2.5k
Spinner 軸ズレ現象を調べたらレンダリング深淵に飲まれた #レバテックMeetup
Avatar for 弁護士ドットコム bengo4com
1
220
re:Invent 2025 トレンドからみる製品開発への AI Agent 活用
Avatar for Kohei Yoshikawa yoskoh
0
650
HTTPプロトコル正しく理解していますか? 〜かわいい猫と共に学ぼう。ฅ^•ω•^ฅ ニャ〜
Avatar for ♛Heitor Hirose hekuchan
2
640
[AI Engineering Summit Tokyo 2025] LLMは計画業務のゲームチェンジャーか? 最適化業務における活⽤の可能性と限界
Avatar for terry-u16 terryu16
2
340
ELYZA_Findy AI Engineering Summit登壇資料_AIコーディング時代に「ちゃんと」やること_toB LLMプロダクト開発舞台裏_20251216
Avatar for 株式会社ELYZA elyza
2
1.1k
Combinatorial Interview Problems with Backtracking Solutions - From Imperative Procedural Programming to Declarative Functional Programming - Part 2
Avatar for Philip Schwarz philipschwarz
PRO
0
140
Pythonではじめるオープンデータ分析〜書籍の紹介と書籍で紹介しきれなかった事例の紹介〜
Avatar for Ryo YOSHI welliving
3
790
The Art of Re-Architecture - Droidcon India 2025
Avatar for Sid Patil siddroid
0
160

Featured

See All Featured
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
49
3.3k
Building Flexible Design Systems
Avatar for Yesenia Perez-Cruz yeseniaperezcruz
330
40k
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
29
4.1k
Agile Leadership in an Agile Organization
Avatar for Dr. Kim W Petersen kimpetersen
PRO
0
69
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
55
3.2k
Exploring the relationship between traditional SERPs and Gen AI search
Avatar for Ray Grieselhuber raygrieselhuber
PRO
2
3.5k
Conquering PDFs: document understanding beyond plain text
Avatar for Ines Montani inesmontani
PRO
4
2.2k
The Impact of AI in SEO - AI Overviews June 2024 Edition
Avatar for Aleyda Solis aleyda
5
700
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
231
22k
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
Avatar for Tech SEO Connect techseoconnect
PRO
0
67
Navigating Algorithm Shifts & AI Overviews - #SMXNext
Avatar for Aleyda Solis aleyda
0
1.1k
Getting science done with accelerated Python computing platforms
Avatar for Jacob Tomlinson jacobtomlinson
1
98

Transcript

  1. Who Do You Think Owns Your Android Application?

  2. 2 Insecure apps can grant unwanted access to data

  3. Android App

  4. SERVICES 4 DEMO

  5. SERVICES 5

  6. SERVICES - SECURE IMPLEMENTATION 6 Mark components as exported =

    false Enforce a permission Helps solve the Confused Deputy Problem

  7. 7 WiFi Access? Access Granted WiFi Access? Access Denied WiFi

    Manager Our app Malicious App CONFUSED DEPUTY PROBLEM

  8. 8 WiFi Access? Access Granted WiFi Manager Our app Malicious

    App CONFUSED DEPUTY PROBLEM WiFi Access? Access Granted

  9. BROADCAST RECEIVER 9 DEMO

  10. BROADCAST RECEIVER 10

  11. BROADCAST RECEIVER - SECURE IMPLEMENTATION 11 Enforce a permission

  12. BROADCAST RECEIVER - SECURE IMPLEMENTATION 12 Use Intent.setPackage

  13. BROADCAST RECEIVER - SECURE IMPLEMENTATION 13 Use LocalBroadcastManager

  14. PERMISSIONS 14 Bad Reviews Extra permissions can cause a security

    vulnerability

  15. CAMERA PERMISSION 15

  16. SEND_SMS PERMISSION 16

  17. 17 SSL Pinning

  18. WEBVIEW 18

  19. WEBVIEW : JAVA - JAVASCRIPT INTERFACE 19

  20. WEBVIEW : ALTERNATIVE TO JAVA - JAVASCRIPT INTERFACE 20

  21. 21 WEBVIEW : UNINTENDED URLS Whitelisting Blacklisting Files can be

    accessed using URL “file:///android_asset…….”

  22. 22 Logging

  23. 23 Hacker App to test these vulnerabilities

  24. 24 Proguard obfuscation

  25. 25 DexGuard

  26. 26 Android Lint

  27. 27 Zero permissions apps are secure apps?

  28. LINKS Github Repo: https://github.com/AndroidSecurityBasics/ Blog Link: https://www.thoughtworks.com/insights/blog/ who-do-you-think-owns-your-android-app https://www.thoughtworks.com/de/insights/ blog/who-do-you-think-owns-your-android-app-

    part-two

  29. THANK YOU