introduction to android security -...
Post on 03-Oct-2020
4 Views
Preview:
TRANSCRIPT
Introduction to Android Security
Agenda:
1: Admin stuff
3: Android security model
2: Why this talk
4: “Best” practices
5: Reverse engineer an app
6: QA
Admin stuff:
• You say what?
• .NET + Android + Web
• Independent contractor for DVT
• MSc Computer Science
• Toffie_cj@yahoo.com
• Give away
Why this talk:
• Get developers talking
• Android device increase
• Cybersecurity month
http://www.appbrain.com/stats/in-app-billing-android-applications
1 billion devices 2014
http://androidvulnerabilities.org/
Android security model:
Android framework
Android security model:
Android security model:
• Kernel security measures
• User based permissions
• Process isolation
• Secure IPC communication
“Best” practices:
• Data
• Internal data
• External data
• Content providers
“Best” practices:
• Permissions
• Demo
“Best” practices: Demo
“Best” practices: Demo
“Best” practices: Demo
“Best” practices:
• Network
• Https
• Telephony
• Check user input
• WebView
• Handling credentials
• Cryptography
• IPC
• Obfuscate
“Best” practices:
“Best” practices:
“Best” practices:
“Best” practices:
“Best” practices:
“Best” practices:
https://github.com/guardianproject/NetCipher
• https://github.com/rtyley/spongycastle/#downloads
• https://github.com/scottyab/secure-preferences
• Password-based encryption (PBE)
• SQLCipher • Device Management
• Fast IDentity Online (FIDO) Alliance (https://fidoalliance.org/)
Reverser engineer an app:
• Money….
• ?!
Reverser engineer an app:• Pull apk
• Rename .zip
• Unzip
• Classes.dex
• Apk tool
Reverser engineer an app:
• http://sourceforge.net/projects/paros/
• https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
The OWASP Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.
https://nmap.org/
QA:
• Questions
References:
• developer.android.com/training/articles/security-tips.htm
• https://www.safaribooksonline.com/library/view/android-security-cookbook/9781782167167/
• https://www.coursera.org/course/mobilecloudsecurity
• http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1118958500.html
top related