guard your android

Report

Post on 08-Feb-2017

190 Views

Category:

Engineering

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Stay Hungry, Stay Foolish!Stay Alert, Stay Safe!

Om Shanti

Aboutme.apk

A Student and a Learner! Always! :P

Harsh Dattani GDG Baroda

We all know!

● Fastest Growing Mobile Operating System● 1.5 billion downloads a month and growing● Millions of Devices running this Operating

System● Easy (Are you sure?) to Develop Applications● Open Source!

What we Don’t know!

● It’s easy to create malware and target Android.

● Even “seem like trusty” app can be malicious.

● It’s not that our data, but friend’s data is also important!

Important Security Terms!

● Assets● Vulnerabilities● Attack Vectors● Threats● Proactive Measures● Counter Measures● Patches● Malware

Some Famous Android Malware

● Fake Opera Browser● Fake Angry Bird Space● Droid Dream Malware● Blackmart● Cracked Apks● Battery Savers● And More...!

Unix Security Policy

1. Process Isolation2. Hardware Isolation3. User Permission Model4. R/W/X Permissions to file5. Secure IPC

Application Installation

Android Security Policy

1. Application Isolation2. Sandbox of Application3. Secure Communication4. Signing the Application5. Permission model of Application

Virtualization

Application Isolation

● Each application has own GID/UID.

● System apps also have own GID/UID.

● Based on UNIX Security Model.

Permission Policy (Default)

● No app can Write other app data.● But can Read data, with due permission● Connect to network● Cannot Use Peripherals● Cannot Use System APIs to Read/Send

SMS, Call..● Cannot Load App on System Start

Darwin’s Theory!

Dalvik → ART

1.0 → 6.0

Less Secure → More Less Secure

Some Steps!

1. Select popular application. 2. Reverse Engineer it.

a. Dex2jarb. Apktoolc. Smali/Baksmali and many more..

3. Inject malicious code.4. Distribute the app. (With new Certi)

Root?

But it’s not Free!

Dangers of Root!

● Isolation is gone!

● We have unknown code (Custom ROM)

● Permission Exploits

● Privacy! (Major)

Exploitation Frameworks

● AFE● Santoku● MSFvemon● Androguard● APKTool● Dex2Jar

Security Checklist?

JQuery?

top related

registering your android in mobileiron...
Documents
android security: defending your users
Technology
your imagination” android
Documents
[unitekorea2013] protecting your android content
Technology
gutter guard gold coast: how to choose the best gutter guard...
Services
guard your precious proteins against aging
Documents
your leisure guard insurance policy - … · insurance...
Documents
ssg: sensor security guard for android...
Documents
bochur - guard your eyes
Documents
smart guard of your data storage
Documents
guard your toungue by alhuda international school
Education
automate your android
Documents
recycle your android devices
Documents
let`s build your android apps with android studio · pdf...
Documents
guard your brand! 4.22.2014
Law
guard your heart
Documents
professional android - wordpress.com · 2011-07-04 ·...
Documents
registering your android in mobileiron · 2020-06-09 ·...
Documents
your leisure guard insurance policy · 2020. 9. 1. ·...
Documents
why your android apps suck
Technology