Android Application Security at Devoxx 2013

Slide 1

Slide 1 text

@fmaelbrancke @tegbird Android Application Security Filip Maelbrancke Tegbir Dhillon

Slide 2

Slide 2 text

Application security ANDROID FOR DEVELOPERS

Slide 3

Slide 3 text

WE Filip Maelbrancke Consultant @ iDA MediaFoundry ! ! ! Tegbir Dhillon Team lead @ ING Bank Belgium

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

demo app http://git.io/devoxx-2013-android-app-sec CODE

Slide 6

Slide 6 text

Security The only system that is truly secure is one that is switched off and unplugged, locked in a titanium-lined safe, buried in a concrete bunker, and surrounded by nerve gas and very highly-paid armed guards. Even then, I wouldn't stake my life on it. “ ” Gene Spafford

Slide 7

Slide 7 text

Security = managing risk Cri$cality/Impact High Risk Low Risk Asset Medium Risk Exploitability Low Risk Vulnerability Medium Risk M edium Risk Probability Low Risk Threat

Slide 8

Slide 8 text

All in one device Increases threat proBability ! • GPS • Contacts • Camera • Email (work) • Wallet

Slide 9

Slide 9 text

Always out Vulnerability / Exploitability ! • Stolen • Forgotten • Lost • Weak pins • Use of open public WiFi

Slide 10

Slide 10 text

Everyone uses it

Slide 11

Slide 11 text

Everyone uses it

Slide 12

Slide 12 text

Android security application sandbox Each app runs with its own userID

Slide 13

Slide 13 text

traditional System resources File system Network System resource App 1 App 2 App ... UID = 1 2 3 4 5 starts permissions UID = 1 2 3 4 5

Slide 14

Slide 14 text

Android sandbox App1$$ Linux$UID:$ 12345$ Resources$ UID:12345$ DB$ Network$ File$ resources$ Permissions$$ UID:12345$ Sandbox$ App2$$ Linux$UID:$ 56789$ Resources$ UID:56789$ DB$ Network$ Files$ resources$ Permissions$ UID:56789$ $ Sandbox$ App1$$ App2$$

Slide 15

Slide 15 text

shared user id App1$$ App2$$ App1$$ Linux$UID:$ 10160$ Resources$ UID:10160$ DB$ Network$ File$ Resources$ DB$ Network$ File$ resources$ Permissions$$ UID:10160$ App1$$ Linux$UID:$ 10160$ Sandbox$

Slide 16

Slide 16 text

Permission types Permission) Permission)Level) Normal) Permission)Level) dangerous) Permission)Level) Signature) Permission)Level) SignatureOrSystem)

Slide 17

Slide 17 text

Signing tips Secure your private key Strong passwords Four eyes principle Keep key-store in safe place Provide geographic redundancy

Slide 18

Slide 18 text

typical mobile app MOBILE APPLICATION UI LOCAL STORAGE REMOTING LAYER REMOTE API COMMUNICATION CHANNEL

Slide 19

Slide 19 text

Security APP HARDENING DATA NETWORK SERVICES

Slide 20

Slide 20 text

No content

Slide 21

Slide 21 text

Securing the app JAVA CLASS DEX

Slide 22

Slide 22 text

Obfuscation

Slide 23

Slide 23 text

Proguard obfuscate optimize Shrink

Slide 24

Slide 24 text

proguard obfuscation

Slide 25

Slide 25 text

proguard configuration

Slide 26

Slide 26 text

proguard Beware!

Slide 27

Slide 27 text

proguard loggingwrapper

Slide 28

Slide 28 text

proguard configuration

Slide 29

Slide 29 text

proguard BEtter

Slide 30

Slide 30 text

reverse engineer

Slide 31

Slide 31 text

reverse engineer TOOLS ! • Apktool • Dex2jar • Apk to Java !

Slide 32

Slide 32 text

reverse engineer code

Slide 33

Slide 33 text

other techniques If possible, run code at server! server String encryption Hide sensitive strings eg “Secure” Native code Java Native Interface reflection Proxy Introduces indirection Class encryption Use DexGuard

Slide 34

Slide 34 text

dexguard Same conﬁg proguard++ Commercial Good value for the money Tamper checks

Slide 35

Slide 35 text

proguard tips Test! release build Mapping.txt Save! Crash? Supported on Crashlytics, Crittercism, ...

Slide 36

Slide 36 text

TAMPER DETECTION

Slide 37

Slide 37 text

Environment 1.installer 2.debugger / emulator 3.BINARY Validation Tamper detection / protection

Slide 38

Slide 38 text

INSTALLER PLAY STORE INSTALLER

Slide 39

Slide 39 text

debugger Debugger check

Slide 40

Slide 40 text

debugger Debugger check

Slide 41

Slide 41 text

emulator EMULATOR check

Slide 42

Slide 42 text

SIGNING KEY Valid signing key ! • SHA1 of signing cert • Embed • Check with runtime signature !

Slide 43

Slide 43 text

SIGNING KEY Valid signing key

Slide 44

Slide 44 text

rooted device root detection ! • Check typical apps / ﬁles • Check keys • … !

Slide 45

Slide 45 text

No content

Slide 46

Slide 46 text

local Data protection Avoid it if you can Avoid External storage Avoid external storage for sensitive information For critical info set android:saveEnabled="false" Backup set android:allowBackup=false proper permissions MODE_PRIVATE with ﬁles

Slide 47

Slide 47 text

local Data protection getWindow().setFlags(LayoutParams.FLAG_SECURE, LayoutParams.FLAG_SECURE); avoid screen shots LOGOUT on inactivity if usability allows and clear the cached information

Slide 48

Slide 48 text

keylogger

Slide 49

Slide 49 text

encryption

Slide 50

Slide 50 text

bouncy castle Android = subset of upstream release cut-down CONSISTENT Consistent crypto across Android versions MINIMAL change github.com/rtyley/spongycastle Spongy castle Repackage of Bouncy Castle for Android

Slide 51

Slide 51 text

encryption libs SQLCipher sqlcipher.net ! • Modiﬁed version of SQLite • AES-256 encryption • Drop-in replacement ! iocipher guardianproject.info/code/iocipher ! Virtual encrypted disk

Slide 52

Slide 52 text

key management Store along with the data (ﬁle private to the app) Store Embed Embed in source code (obfuscated ?) EASY TO EXTRACT

Slide 53

Slide 53 text

key management don’t store Don’t store the key on the device Have it entered each time necessary Store In systems service SOLUTIONS

Slide 54

Slide 54 text

key derivation Long random strings of bits encryption keys people vs keys Users are familiar with passwords Crypto algo PBKDF2WithHmacSHA1 password based encryption Generate strong crypto keys based on humanly-manageable passwords

Slide 55

Slide 55 text

proper key derivation Using a salt protects from table- assisted / pre-computed dictionary attacks SALT key stretching Repeat the key derivation operation multiple times to produce the ﬁnal key Slows down brute force attacks https://github.com/nelenkov/android-pbe http://nelenkov.blogspot.jp/2012/04/using-password-based-encryption-on.html Nikolay Elenkov

Slide 56

Slide 56 text

KEYCHain? Keystore provider ! • Since Android 4.3 • Can be hardware-backed https://github.com/nelenkov/android-keystore Nikolay Elenkov

Slide 57

Slide 57 text

network

Slide 58

Slide 58 text

Secure communication channel use https Use SSL / TLS ! • Confidentiality • Authentication ! VALIDATION Hostname verification ! Certificate pinning

Slide 59

Slide 59 text

secure communication channel hostname verification

Slide 60

Slide 60 text

Trustmanager StrongTrustManager ! • Validate whole certiﬁcate chain • Debian certiﬁcate store !

Slide 61

Slide 61 text

self-signed cert

Slide 62

Slide 62 text

self-signed cert don’t trust all!

Slide 63

Slide 63 text

certificate pinning echo | openssl s_client -connect host:443 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > mycertiﬁcate.pem get certificate (openssl) embed in application /res/raw Custom trustmanager Based on keystore Load into keystore SSL context Init SSL context with TrustManager https://developer.android.com/training/articles/security-ssl.html

Slide 64

Slide 64 text

No content

Slide 65

Slide 65 text

Securing services Controls ! • Kill switch for speciﬁc functionality • Server downtime communication • Mandatory update mechanism !

Slide 66

Slide 66 text

securing services Backend REST and APIs can have similar vulnerabilities to web applications mitigate follow OWASP top 10

Slide 67

Slide 67 text

Effective security Using CryptoLint, we performed a study on cryptographic implementations in 11,748 Android applications. Overall we ﬁnd that 10,327 programs – 88% in total – use cryptography inappropriately. The raw scale of misuse indicates a widespread misunderstanding of how to properly use cryptography in Android development. “ ”

Slide 68

Slide 68 text

effective security hardcoded passphrases manually seeded SecureRandom insufﬁcient key generation iterations hardcoded salts non-random initialization vectors

Slide 69

Slide 69 text

security testing Static analysis Manual code review design review Analysis Static Dynamic Penetration testing

Slide 70

Slide 70 text

HOW TO CONTACT TWITTER: @fmaelbrancke EMAIL: filip@maelbrancke.net THANK YOU TWITTER: @tegbird EMAIL: tegbird@gmail.com