Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Who Do You Think Owns Your Android Application

Avatar for Nazneen Rupawalla Nazneen Rupawalla
April 19, 2016
Programming
0
58

Who Do You Think Owns Your Android Application

Presented at Droidcon Torino on 8th April 2016

Avatar for Nazneen Rupawalla

Nazneen Rupawalla

April 19, 2016
Tweet

More Decks by Nazneen Rupawalla

See All by Nazneen Rupawalla
Who Do You Think Owns Your Android Application?
Avatar for Nazneen Rupawalla nazneen
0
370

Other Decks in Programming

See All in Programming
Package Management Learnings from Homebrew
Avatar for Mike McQuaid mikemcquaid
0
230
SourceGeneratorのススメ
Avatar for tkym htkym
0
200
「ブロックテーマでは再現できない」は本当か?
Avatar for Takashi Kitajima inc2734
0
1k
Oxlintはいいぞ
Avatar for Yuji Yamaguchi yug1224
5
1.4k
AIで開発はどれくらい加速したのか?AIエージェントによるコード生成を、現場の評価と研究開発の評価の両面からdeep diveしてみる
Avatar for どすこい daisuketakeda
1
2.5k
今こそ知るべき耐量子計算機暗号(PQC)入門 / PQC: What You Need to Know Now
Avatar for mackey0225 mackey0225
3
380
React 19でつくる「気持ちいいUI」- 楽観的UIのすすめ
Avatar for Hiroshi Morishige himorishige
11
7.5k
Best-Practices-for-Cortex-Analyst-and-AI-Agent
Avatar for ryotaro.ikeda@finatext.com ryotaroikeda
1
110
カスタマーサクセス業務を変革したヘルススコアの実現と学び
Avatar for Tomoyuki Hamaguchi _hummer0724
0
730
AgentCoreとHuman in the Loop
Avatar for Har1101 har1101
5
240
MDN Web Docs に日本語翻訳でコントリビュート
Avatar for uutan1108 ohmori_yusuke
0
650
Vibe Coding - AI 驅動的軟體開發
Avatar for Micky Li mickyp100
0
180

Featured

See All Featured
Amusing Abliteration
Avatar for ianozsvald ianozsvald
0
100
How to Talk to Developers About Accessibility
Avatar for Jason CranfordTeague jct
2
140
The SEO Collaboration Effect
Avatar for Kristina Bergwall kristinabergwall1
0
350
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
96
14k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
141
34k
Building Applications with DynamoDB
Avatar for Matt Wood mza
96
6.9k
Claude Code のすすめ
Avatar for schroneko schroneko
67
210k
A brief & incomplete history of 
UX Design for the World Wide Web: 1989–2019
Avatar for Jason CranfordTeague jct
1
300
DevOps and Value Stream Thinking: Enabling flow, efficiency and business value
Avatar for Helen Beal helenjbeal
1
110
How to Grow Your eCommerce with AI & Automation
Avatar for Katarina Dahlin katarinadahlin
PRO
1
110
Embracing the Ebb and Flow
Avatar for Simon Collison colly
88
5k
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
333
24k

Transcript

  1. Who Do You Think Owns Your Android Application?

  2. 2 Insecure apps can grant unwanted access to data

  3. Android App

  4. SERVICES 4 DEMO

  5. SERVICES 5

  6. SERVICES - SECURE IMPLEMENTATION 6 Mark components as exported =

    false Enforce a permission Helps solve the Confused Deputy Problem

  7. 7 WiFi Access? Access Granted WiFi Access? Access Denied WiFi

    Manager Our app Malicious App CONFUSED DEPUTY PROBLEM

  8. 8 WiFi Access? Access Granted WiFi Manager Our app Malicious

    App CONFUSED DEPUTY PROBLEM WiFi Access? Access Granted

  9. BROADCAST RECEIVER 9 DEMO

  10. BROADCAST RECEIVER 10

  11. BROADCAST RECEIVER - SECURE IMPLEMENTATION 11 Enforce a permission

  12. BROADCAST RECEIVER - SECURE IMPLEMENTATION 12 Use Intent.setPackage

  13. BROADCAST RECEIVER - SECURE IMPLEMENTATION 13 Use LocalBroadcastManager

  14. PERMISSIONS 14 Bad Reviews Extra permissions can cause a security

    vulnerability

  15. CAMERA PERMISSION 15

  16. SEND_SMS PERMISSION 16

  17. 17 SSL Pinning

  18. WEBVIEW 18

  19. WEBVIEW : JAVA - JAVASCRIPT INTERFACE 19

  20. WEBVIEW : ALTERNATIVE TO JAVA - JAVASCRIPT INTERFACE 20

  21. 21 WEBVIEW : UNINTENDED URLS Whitelisting Blacklisting Files can be

    accessed using URL “file:///android_asset…….”

  22. 22 Logging

  23. 23 Hacker App to test these vulnerabilities

  24. 24 Proguard obfuscation

  25. 25 DexGuard

  26. 26 Android Lint

  27. 27 Zero permissions apps are secure apps?

  28. LINKS Github Repo: https://github.com/AndroidSecurityBasics/ Blog Link: https://www.thoughtworks.com/insights/blog/ who-do-you-think-owns-your-android-app https://www.thoughtworks.com/de/insights/ blog/who-do-you-think-owns-your-android-app-

    part-two

  29. THANK YOU