Download to read offline
![- Custom keyboard
- Secure persistent datastore
- No EditText
- No immutable (Strings -> char[])
- Notify if root
Insecure Device
19](https://image.slidesharecdn.com/2smirnov-2-160414073411/85/Security-in-Android-Application-RedMadRobot-19-320.jpg)
![- Custom keyboard
- Secure persistent datastore
- No EditText
- No immutable (Strings -> char[])
- Notify if root
Insecure Device
19](https://image.slidesharecdn.com/2smirnov-2-160414073411/75/Security-in-Android-Application-RedMadRobot-19-2048.jpg)
Uploaded byit-people
Security in Android Application, Александр Смирнов, RedMadRobot, Москва
The document discusses security in Android applications. It begins by introducing the author and their background. The agenda then outlines that it will cover the Android security model, realities that differ from the official model, common vulnerabilities, and additional resources. It delves into the official security features like application isolation, permissions, and data storage protections. However, it notes realities like the prevalence of rooting that undermine the official protections. It details several common vulnerabilities in areas like data storage, network traffic, and application intents. It concludes by emphasizing the need for layered security rather than relying solely on the official Android protections.
More Related Content
Similar to Security in Android Application, Александр Смирнов, RedMadRobot, Москва
![[Wroclaw #1] Android Security Workshop](https://cdn.slidesharecdn.com/ss_thumbnails/owaspplwroclaw1-160225150939-thumbnail.jpg?width=600ounds&width=560&fit=bounds)
Security in Android Application, Александр Смирнов, RedMadRobot, Москва
- 1.
- 2. - 3+ yearsAndroid dev - 6+ years commercial dev - 1 year bank app dev - BlackHat friends since 2007 - DC7499 member WhoAmI 2
- 3.
- 4. - Android SecurityModel - Reality - Vulnerabilities - One more sentence - Appendix Agenda 4
- 5. Security • I • AndroidSecurity Model 5
- 6.
- 7.
- 8. - Is theparent of all App processes - COW(Copy On Write) strategy - /dev/socket/zygote Zygote 8 App 1 App 2 App 3 Zygote fork() fork() fork() start new App
- 9. - Before M -After M - Custom permissions - Protection level Permissions 9
- 10. - Protect userdata - Protect system resources - Provide application isolation Android Security Overview 10
- 11. • II • AndroidSecurity Model Reality Security 11
- 12.
- 13.
- 14.
- 15. - Memory Cache -DB + SQLCipher - SharedPreference + MODE_PRIVATE + Cipher - 21+ setStorageEncryption for local files - KeyStore Data Storage 15
- 16. - MITM hasyou - Check network – why? - Diffie–Hellman key exchange - Certificate Pinning == SSL Pinning (okhttp 2.7.4 || 3.1.2) Transport 16
- 17. - Use explicitintents - Validate Input - Manifest: intent-filter = exported=«yes» Intent 17
- 18. - Secure PUSH -Mobile application - SIMApplets - DCV (Dynamic Code Verification) 2FA: SMS 18
- 19. - Custom keyboard -Secure persistent datastore - No EditText - No immutable (Strings -> char[]) - Notify if root Insecure Device 19
- 20. - Check debug -Verify sign - Emulator check - Obfuscation - JNI Reverse Protection 20
- 21. Security 21 • IV • Onemore sentence
- 22. - Convenience vsSecurity - Socialization & Tools - Layered Security - Better than others - OWASP TOP 10 Mobile Risks One more sentence 22
- 23.
- 24. - Cyber RiskReport: bit.ly/1MuoIDS - OWASP Top 10 Mobile Risks: bit.ly/1FAIJiv - DefCon Groups List: bit.ly/1JQlNgC - Triada Malware: bit.ly/1qvyFqY - Obfuscation tools list: bit.ly/1XiHf6Z - Security Official Docs: bit.ly/1qvw1BK - Diffie–Hellman Video: bit.ly/23jV7Se - Tools for SA and Hacking: bit.ly/1qvxpUM Additional Information 24
- 25. - Android SecurityModel - Reality - Vulnerabilities - One more sentence Result 25
- 26.