Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Android Security Tips
Search
Merab Tato Kutalia
May 15, 2019
Technology
1
28
Android Security Tips
Android Security Tips
Merab Tato Kutalia
May 15, 2019
Tweet
Share
More Decks by Merab Tato Kutalia
See All by Merab Tato Kutalia
What's new in Android 14?
tatocaster
0
110
Migrate to Gradle version catalog and convention plugins
tatocaster
2
1.6k
Make Codebases Secure with OWASP
tatocaster
0
150
Secure Coding Standards
tatocaster
0
120
ტანგო ანდროიდთან
tatocaster
0
140
Adopting Huawei Mobile Services
tatocaster
0
35
Android UI Testing & Challenges
tatocaster
0
54
Reverse & Inject - droidcon
tatocaster
3
190
mobile DevOps
tatocaster
1
77
Other Decks in Technology
See All in Technology
AWS を使う上で知っておきたいオンプレミス知識/aws-on-premise-essentials
emiki
1
4.3k
レガシーをぶっ壊せ。AEONで始めるDevRelの話 / Qiita Night 2024-2-22
aeonpeople
3
1.2k
複雑な構成要素を持つUIとの向き合い方 〜新・支出グラフでの実例〜 / B43 TECH TALK
nakamuuu
0
130
JAWS-UG Bedrock Claude Night
yamahiro
3
430
ユーザーストーリーのレビューを自動化したみたの
bun913
1
380
ChatGPT for IT Service Management (IT Pro)
dahatake
7
1.4k
開発生産性大幅アップ!Postman VS Code拡張機能
nagix
2
340
Kernel MemoryでAzure OpenAI Serviceとお手軽データソース連携
mitsuzono
1
150
どうするコスト最適化のトレードオフ
tetsuyaooooo
1
410
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.8k
Hands-on Gemini, the Google DeepMind LLM
meteatamel
1
110
SIEMを用いて、セキュリティログ分析の可視化と分析を実現し、PDCAサイクルを回してみた
coconala_engineer
0
270
Featured
See All Featured
RailsConf 2023
tenderlove
2
530
Infographics Made Easy
chrislema
238
18k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
321
20k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.9k
In The Pink: A Labor of Love
frogandcode
138
21k
The Cost Of JavaScript in 2023
addyosmani
15
3.8k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
124
32k
Visualization
eitanlees
135
14k
Why Our Code Smells
bkeepers
PRO
331
56k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
13
1.5k
Transcript
Android App Security Tips Merabi Kutalia
Tato Kutalia tatocaster tatocaster.me github.com/tatocaster twitter.com/@TatoKutalia
None
Topics • data storage • app permissions • networking •
webview(javascript) • dynamically loaded code
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17)
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable • Scoped Storage(Android Q)
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable • Scoped Storage(Android Q) • Content Providers(Sql Injection)
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable • Scoped Storage(Android Q) • Content Providers(Sql Injection) • Shared preferences + leak
app permissions • data leak caused by misused permissions
networking • HTTPS (it’s 2019!)
networking • HTTPS (it’s 2019!) • localhost! (https://twitter.com/ fs0c131y/status/1085460755313508352)
networking • HTTPS (it’s 2019!) • localhost! (https://twitter.com/ fs0c131y/status/1085460755313508352) •
GCM/FCM/SMS (Sensitive Data)
webview • setJavascriptEnabled - No!
webview • setJavascriptEnabled - No!
webview • setJavascriptEnabled - No! • webkit
dynamically loaded code • Yes you can (https://stackoverflow.com/q/ 6857807/6845290 )
Proguard/R8
Proguard • rules
Tools • Apktool • Dex2Jar • JD-GUI
Nomrebi .com
Nomrebi .com
None
Thank you