Network_Security_in_Android.pdf

Transcript

1. Network Security in Android

2. None

3. KOKO is mainstreaming liquid bio-ethanol cooking fuel as a fast,

   safe and affordable alternative to dirty cooking fuels such as charcoal https://kokonetworks.com

4. Protecting your app from reverse engineering and man in the

   middle attacks

5. SSL certificate pinning Obfuscation with proguard

6. SSL Certificate pinning Why SSL Certificate pinning? to prevent man

   in the middle attack What is SSL? -Secure Socket Layer - its a protocol that has always been used to encrypt and secure transmitted data between server and client (website and browser).

7. SSL Certificate pinning What is ssl certificate pinning? is ensuring

   that any client SSL request first validates that the server’s certificate exactly matches the bundle’s certificate previously stored in the application.

8. SSL Certificate pinning

9. SSL Certificate pinning What steps do we need? • Obtaining

   a certificate for the desired host (preferably the whole certificate chain). • Pin the certificate to an instance of DefaultHttpClient

10. SSL Certificate pinning Get certificate public key from ssllabs This

    is the hashed public key of the certificate

11. SSL Certificate pinning

12. SSL Certificate pinning

13. SSL Certificate pinning - Failure

14. Obfuscation What? -is a process of creating source code in

    a form that is hard for human to understand. Why? To prevent reverse engineering To reduce your app size

15. 1. Configure your gradle file (app/gradle) 2. Use default android

    proguard rules or create your own 3. Edt your rules Obfuscation Steps

16. Obfuscated Code

17. Non-obfuscated code

18. Resources Proguard android ssl pinning practical proguard rules

19. Demo….!!!!!! Demo github link

20. Thank you !!