Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Android Security Tips
Search
Merab Tato Kutalia
May 15, 2019
Technology
1
41
Android Security Tips
Android Security Tips
Merab Tato Kutalia
May 15, 2019
Tweet
Share
More Decks by Merab Tato Kutalia
See All by Merab Tato Kutalia
What's new in Android 14?
tatocaster
0
160
Migrate to Gradle version catalog and convention plugins
tatocaster
3
1.9k
Make Codebases Secure with OWASP
tatocaster
0
190
Secure Coding Standards
tatocaster
0
150
ტანგო ანდროიდთან
tatocaster
0
260
Adopting Huawei Mobile Services
tatocaster
0
62
Android UI Testing & Challenges
tatocaster
1
110
Reverse & Inject - droidcon
tatocaster
3
300
mobile DevOps
tatocaster
1
130
Other Decks in Technology
See All in Technology
頭部ふわふわ浄酔器
uyupun
0
110
ViteとTypeScriptのProject Referencesで 大規模モノレポのUIカタログのリリースサイクルを高速化する
shuta13
3
210
GraphRAG グラフDBを使ったLLM生成(自作漫画DBを用いた具体例を用いて)
seaturt1e
1
150
知覚とデザイン
rinchoku
1
590
AIとともに歩んでいくデザイナーの役割の変化
lycorptech_jp
PRO
0
890
Okta Identity Governanceで実現する最小権限の原則 / Implementing the Principle of Least Privilege with Okta Identity Governance
tatsumin39
0
170
ヘンリー会社紹介資料(エンジニア向け) / company deck for engineer
henryofficial
0
400
入院医療費算定業務をAIで支援する:包括医療費支払い制度とDPCコーディング (公開版)
hagino3000
0
110
From Natural Language to K8s Operations: The MCP Architecture and Practice of kubectl-ai
appleboy
0
240
事業開発におけるDify活用事例
kentarofujii
5
1.5k
20251024_TROCCO/COMETAアップデート紹介といくつかデモもやります!_#p_UG 東京:データ活用が進む組織の作り方
soysoysoyb
0
110
ソースを読む時の思考プロセスの例-MkDocs
sat
PRO
1
250
Featured
See All Featured
YesSQL, Process and Tooling at Scale
rocio
173
15k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
140
34k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
116
20k
Designing Experiences People Love
moore
142
24k
The Pragmatic Product Professional
lauravandoore
36
7k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.7k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.2k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Thoughts on Productivity
jonyablonski
70
4.9k
Docker and Python
trallard
46
3.6k
Done Done
chrislema
185
16k
Transcript
Android App Security Tips Merabi Kutalia
Tato Kutalia tatocaster tatocaster.me github.com/tatocaster twitter.com/@TatoKutalia
None
Topics • data storage • app permissions • networking •
webview(javascript) • dynamically loaded code
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17)
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable • Scoped Storage(Android Q)
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable • Scoped Storage(Android Q) • Content Providers(Sql Injection)
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable • Scoped Storage(Android Q) • Content Providers(Sql Injection) • Shared preferences + leak
app permissions • data leak caused by misused permissions
networking • HTTPS (it’s 2019!)
networking • HTTPS (it’s 2019!) • localhost! (https://twitter.com/ fs0c131y/status/1085460755313508352)
networking • HTTPS (it’s 2019!) • localhost! (https://twitter.com/ fs0c131y/status/1085460755313508352) •
GCM/FCM/SMS (Sensitive Data)
webview • setJavascriptEnabled - No!
webview • setJavascriptEnabled - No!
webview • setJavascriptEnabled - No! • webkit
dynamically loaded code • Yes you can (https://stackoverflow.com/q/ 6857807/6845290 )
Proguard/R8
Proguard • rules
Tools • Apktool • Dex2Jar • JD-GUI
Nomrebi .com
Nomrebi .com
None
Thank you