Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Who Do You Think Owns Your Android Application

Avatar for Nazneen Rupawalla Nazneen Rupawalla
April 19, 2016
Programming
0
55

Who Do You Think Owns Your Android Application

Presented at Droidcon Torino on 8th April 2016

Avatar for Nazneen Rupawalla

Nazneen Rupawalla

April 19, 2016
Tweet

More Decks by Nazneen Rupawalla

See All by Nazneen Rupawalla
Who Do You Think Owns Your Android Application?
Avatar for Nazneen Rupawalla nazneen
0
370

Other Decks in Programming

See All in Programming
Performance for Conversion! 分散トレーシングでボトルネックを 特定せよ
Avatar for Andrey Chernov inetand
0
5.4k
print("Hello, World")
Avatar for 高見龍 eddie
2
530
The Past, Present, and Future of Enterprise Java with ASF in the Middle
Avatar for ivargrimstad ivargrimstad
0
190
詳解!defer panic recover のしくみ / Understanding defer, panic, and recover
Avatar for convto convto
0
250
概念モデル→論理モデルで気をつけていること
Avatar for sunnyone sunnyone
3
300
GitHubとGitLabと AWS CodePipelineで CI/CDを組み比べてみた
Avatar for Satoshi Kaneyasu satoshi256kbyte
4
250
複雑なドメインに挑む.pdf
Avatar for Yuki Sakai yukisakai1225
5
1.2k
Testing Trophyは叫ばない
Avatar for toms toms74209200
0
900
さようなら Date。 ようこそTemporal! 3年間先行利用して得られた知見の共有
Avatar for 8-beeeaaat!!! 8beeeaaat
3
1.5k
Deep Dive into Kotlin Flow
Avatar for Matsuda Jumpei jmatsu
1
380
Ruby Parser progress report 2025
Avatar for yui-knk yui_knk
1
460
MCPとデザインシステムに立脚したデザインと実装の融合
Avatar for Yuku Kotani yukukotani
4
1.5k

Featured

See All Featured
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
52
3.4k
[RailsConf 2023] Rails as a piece of cake
Avatar for Vladimir Dementyev palkan
57
5.8k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
49
14k
Bash Introduction
Avatar for André Augusto Costa Santos 62gerente
615
210k
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
95
14k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
30
9.7k
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
29
2.9k
Unsuck your backbone
Avatar for Amy Palamountain ammeep
671
58k
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
18
1.1k
Testing 201, or: Great Expectations
Avatar for Joseph Mastey jmmastey
45
7.7k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
52
5.6k
RailsConf 2023
Avatar for Aaron Patterson tenderlove
30
1.2k

Transcript

  1. Who Do You Think Owns Your Android Application?

  2. 2 Insecure apps can grant unwanted access to data

  3. Android App

  4. SERVICES 4 DEMO

  5. SERVICES 5

  6. SERVICES - SECURE IMPLEMENTATION 6 Mark components as exported =

    false Enforce a permission Helps solve the Confused Deputy Problem

  7. 7 WiFi Access? Access Granted WiFi Access? Access Denied WiFi

    Manager Our app Malicious App CONFUSED DEPUTY PROBLEM

  8. 8 WiFi Access? Access Granted WiFi Manager Our app Malicious

    App CONFUSED DEPUTY PROBLEM WiFi Access? Access Granted

  9. BROADCAST RECEIVER 9 DEMO

  10. BROADCAST RECEIVER 10

  11. BROADCAST RECEIVER - SECURE IMPLEMENTATION 11 Enforce a permission

  12. BROADCAST RECEIVER - SECURE IMPLEMENTATION 12 Use Intent.setPackage

  13. BROADCAST RECEIVER - SECURE IMPLEMENTATION 13 Use LocalBroadcastManager

  14. PERMISSIONS 14 Bad Reviews Extra permissions can cause a security

    vulnerability

  15. CAMERA PERMISSION 15

  16. SEND_SMS PERMISSION 16

  17. 17 SSL Pinning

  18. WEBVIEW 18

  19. WEBVIEW : JAVA - JAVASCRIPT INTERFACE 19

  20. WEBVIEW : ALTERNATIVE TO JAVA - JAVASCRIPT INTERFACE 20

  21. 21 WEBVIEW : UNINTENDED URLS Whitelisting Blacklisting Files can be

    accessed using URL “file:///android_asset…….”

  22. 22 Logging

  23. 23 Hacker App to test these vulnerabilities

  24. 24 Proguard obfuscation

  25. 25 DexGuard

  26. 26 Android Lint

  27. 27 Zero permissions apps are secure apps?

  28. LINKS Github Repo: https://github.com/AndroidSecurityBasics/ Blog Link: https://www.thoughtworks.com/insights/blog/ who-do-you-think-owns-your-android-app https://www.thoughtworks.com/de/insights/ blog/who-do-you-think-owns-your-android-app-

    part-two

  29. THANK YOU