Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Who Do You Think Owns Your Android Application
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Nazneen Rupawalla
April 19, 2016
Programming
0
58
Who Do You Think Owns Your Android Application
Presented at Droidcon Torino on 8th April 2016
Nazneen Rupawalla
April 19, 2016
Tweet
Share
More Decks by Nazneen Rupawalla
See All by Nazneen Rupawalla
Who Do You Think Owns Your Android Application?
nazneen
0
370
Other Decks in Programming
See All in Programming
Oxlintはいいぞ
yug1224
5
1.4k
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
610
フロントエンド開発の勘所 -複数事業を経験して見えた判断軸の違い-
heimusu
7
2.8k
AIフル活用時代だからこそ学んでおきたい働き方の心得
shinoyu
0
140
2026年 エンジニアリング自己学習法
yumechi
0
140
ぼくの開発環境2026
yuzneri
0
240
Patterns of Patterns
denyspoltorak
0
1.4k
AI時代の認知負荷との向き合い方
optfit
0
160
Rust 製のコードエディタ “Zed” を使ってみた
nearme_tech
PRO
0
210
AWS re:Invent 2025参加 直前 Seattle-Tacoma Airport(SEA)におけるハードウェア紛失インシデントLT
tetutetu214
2
120
CSC307 Lecture 05
javiergs
PRO
0
500
Grafana:建立系統全知視角的捷徑
blueswen
0
330
Featured
See All Featured
Highjacked: Video Game Concept Design
rkendrick25
PRO
1
290
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
3.6k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.3k
How STYLIGHT went responsive
nonsquared
100
6k
What does AI have to do with Human Rights?
axbom
PRO
0
2k
The innovator’s Mindset - Leading Through an Era of Exponential Change - McGill University 2025
jdejongh
PRO
1
93
AI: The stuff that nobody shows you
jnunemaker
PRO
2
270
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.8k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
31
3.1k
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
62
50k
Conquering PDFs: document understanding beyond plain text
inesmontani
PRO
4
2.3k
Transcript
Who Do You Think Owns Your Android Application?
2 Insecure apps can grant unwanted access to data
Android App
SERVICES 4 DEMO
SERVICES 5
SERVICES - SECURE IMPLEMENTATION 6 Mark components as exported =
false Enforce a permission Helps solve the Confused Deputy Problem
7 WiFi Access? Access Granted WiFi Access? Access Denied WiFi
Manager Our app Malicious App CONFUSED DEPUTY PROBLEM
8 WiFi Access? Access Granted WiFi Manager Our app Malicious
App CONFUSED DEPUTY PROBLEM WiFi Access? Access Granted
BROADCAST RECEIVER 9 DEMO
BROADCAST RECEIVER 10
BROADCAST RECEIVER - SECURE IMPLEMENTATION 11 Enforce a permission
BROADCAST RECEIVER - SECURE IMPLEMENTATION 12 Use Intent.setPackage
BROADCAST RECEIVER - SECURE IMPLEMENTATION 13 Use LocalBroadcastManager
PERMISSIONS 14 Bad Reviews Extra permissions can cause a security
vulnerability
CAMERA PERMISSION 15
SEND_SMS PERMISSION 16
17 SSL Pinning
WEBVIEW 18
WEBVIEW : JAVA - JAVASCRIPT INTERFACE 19
WEBVIEW : ALTERNATIVE TO JAVA - JAVASCRIPT INTERFACE 20
21 WEBVIEW : UNINTENDED URLS Whitelisting Blacklisting Files can be
accessed using URL “file:///android_asset…….”
22 Logging
23 Hacker App to test these vulnerabilities
24 Proguard obfuscation
25 DexGuard
26 Android Lint
27 Zero permissions apps are secure apps?
LINKS Github Repo: https://github.com/AndroidSecurityBasics/ Blog Link: https://www.thoughtworks.com/insights/blog/ who-do-you-think-owns-your-android-app https://www.thoughtworks.com/de/insights/ blog/who-do-you-think-owns-your-android-app-
part-two
THANK YOU
nazneen
yug1224
ivargrimstad
heimusu
shinoyu
yumechi
yuzneri
denyspoltorak
optfit
nearme_tech
tetutetu214
javiergs
blueswen
rkendrick25
raygrieselhuber
caitiem20
tammyeverts
nonsquared
axbom
jdejongh
jnunemaker
bluesmoon
danielanewman
soudai
inesmontani
