Upload File

lifting all boats: getting developers to improve app security · lifting all boats: getting...

  • Home
  • Documents
  • Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google
43
Lifting all boats: getting developers to improve app security

Upload: others

Post on 20-May-2020

7 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

Lifting all boats:getting developers to improve app security

Page 2: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

modern design with privacy is possible

Page 3: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

we put privacy first

Page 4: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

privacy through user experience

Page 5: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google
Page 6: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google
Page 7: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google
Page 8: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google
Page 9: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google
Page 10: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

there are many threats

Page 11: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

CipherKit libraries

Page 12: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

SQLCipher for Android

https://github.com/sqlcipher/android-database-sqlcipher

https://github.com/guardianproject/netcipher
https://github.com/guardianproject/netcipher
Page 13: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google
Page 14: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google
Page 15: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

https://github.com/sqlcipher/android-database-sqlcipher

https://github.com/guardianproject/netcipher
https://github.com/guardianproject/netcipher
Page 16: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

NetCipher

https://github.com/guardianproject/netcipher

https://github.com/guardianproject/netcipher
https://github.com/guardianproject/netcipher
Page 17: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

NetCipher

• add TLSv1.2 on older devices

• good TLS settings on all devices

• easy Tor support

• simplified proxy support

• used in Facebook Android app

https://github.com/guardianproject/netcipher

https://github.com/guardianproject/netcipher
https://github.com/guardianproject/netcipher
Page 18: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

StrongHttpsClient httpClient = new StrongHttpsClient(getApplicationContext());

ch.boye Apache HttpClient:

HttpsURLConnection connection = NetCipher.getHttpsURLConnection(“https://mysite.com”)

Android URLConnection:

compile 'info.guardianproject.netcipher:netcipher:1.2.1'

build.gradle:

https://mysite.com
https://mysite.com
Page 19: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

more APIs!

• OkHTTP / Retrofit 'info.guardianproject.netcipher:netcipher-okhttp3:2.0.0-alpha1'

• Google Volley

• 'info.guardianproject.netcipher:netcipher-volley:2.0.0-alpha1'

• Apache HttpClient for Android 'info.guardianproject.netcipher:netcipher-httpclient:2.0.0-alpha1'

https://github.com/guardianproject/netcipher

https://github.com/guardianproject/netcipher
https://github.com/guardianproject/netcipher
Page 20: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

more proxying!

• Lantern

• Psiphon

• Meek and Tor Pluggable Transports

new proxies:

https://github.com/guardianproject/netcipher

https://github.com/guardianproject/netcipher
https://github.com/guardianproject/netcipher
Page 21: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

IOCipher

https://github.com/guardianproject/iocipher

https://github.com/guardianproject/netcipher
https://github.com/guardianproject/netcipher
Page 22: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

https://github.com/guardianproject/iocipher

https://github.com/guardianproject/netcipher
https://github.com/guardianproject/netcipher
Page 23: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google
Page 24: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

https://github.com/guardianproject/iocipher

https://github.com/guardianproject/netcipher
https://github.com/guardianproject/netcipher
Page 25: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

CacheWord

https://github.com/guardianproject/cacheword

https://github.com/guardianproject/netcipher
https://github.com/guardianproject/netcipher
Page 26: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

The problem with app passwords

https://github.com/guardianproject/cacheword

https://github.com/guardianproject/netcipher
https://github.com/guardianproject/netcipher
Page 27: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

CacheWord Solution

https://github.com/guardianproject/cacheword

https://github.com/guardianproject/netcipher
https://github.com/guardianproject/netcipher
Page 28: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google
Page 29: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

https://articles.forensicfocus.com/2014/10/01/decrypt-wechat-enmicromsgdb-database/

do not use device IDs as passwords!

https://articles.forensicfocus.com/2014/10/01/decrypt-wechat-enmicromsgdb-database/
https://articles.forensicfocus.com/2014/10/01/decrypt-wechat-enmicromsgdb-database/
Page 30: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

PanicKit

https://github.com/guardianproject/panickit

https://github.com/guardianproject/netcipher
https://github.com/guardianproject/netcipher
Page 31: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

PanicKit

https://github.com/guardianproject/panickit

https://github.com/guardianproject/netcipher
https://github.com/guardianproject/netcipher
Page 32: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google
Page 33: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

TrustedIntents

https://github.com/guardianproject/trustedintents

https://github.com/guardianproject/netcipher
https://github.com/guardianproject/netcipher
Page 34: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

is it really you?

• am I directing users to the real Orbot?

• did this file come from the real Google Drive?

• was this Intent from one of our own apps?

https://github.com/guardianproject/trustedintents

https://github.com/guardianproject/netcipher
https://github.com/guardianproject/netcipher
Page 35: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

https://github.com/guardianproject/trustedintents

https://github.com/guardianproject/netcipher
https://github.com/guardianproject/netcipher
Page 36: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

reproducible builds!

Page 37: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

XCodeGhost

• malware version of XCode inserted library

• 10s of millions of users received affected apps

• reproducible builds would have prevented this

• more info at https://reproducible-builds.org

https://reproducible
https://reproducible
Page 38: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

an community run Android app store that distributes verified Free Software

F-Droid

Page 39: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

fdroidserver tools

• makes reproducible builds trivial

• drozer scans for vulnerabilities

• libscout scans for old libs

• full, automated, secure build environment

• flexible automated signatures

Page 40: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

https://github.com/guardianproject

https://github.com/guardianproject/netcipher
https://github.com/guardianproject/netcipher
Page 41: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google
Page 42: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

Lifting all boats: getting developers to improve

app security

Hans-Christoph SteinerGuardian Project

[email protected]

mailto:[email protected]
mailto:[email protected]
Page 43: Lifting all boats: getting developers to improve app security · Lifting all boats: getting developers to improve app security . modern design with privacy is possible. ... • Google

To The Public Open House May 30 , 2017 · Sculling Boats Seasonal + Vistor Motor Boats Charter Boats Motor Boats Non-Mo- toized Boats PORT CREDIT MEMORIAL PARK (WEST) Lakeshore Rd

LIFTING ALL BOATS: Quality Improvement as a Means to Reducing Racial Health Disparities Anne Marie Murphy, PhD 1, Danielle Dupuy, MPH 2, Garth Rauscher,

DYNAMIC BOATS

Lifting Appliance Lifting Gear

Home | Euromoney - Sub-Saharan Africa Guide · 2013-07-08 · A rising tide appears to be lifting boats across the region. Economic, political and structural stability improved in

MANUAL PRO - 2 - Boats · The boats hull, ˜oor, all hull attachments and accessories, but not limited to, ˜oorboards. seats, rope holders, oar locks, oars, rope, air pump, lifting

Lifting & Spreader Beams€¦ · Lifting & Spreader Beams. Lifting & Spreader Beams

Ranger Boats | Bass Boats & Recreational Fishing Boats · leading manufacturer of quality fishing boats and your investment can, with care, retain its value while giving excellent

Building Boats

Motor boats

Boats Built by Beacon Park Boats

Developers Developers

Buy Boats, Sell Boats, Review Boats Cobia 344 CC: Fish ... · PDF file9/22/2014 Cobia 344 CC: Fish-Seeking Missile ... Buy Boats, Sell Boats, Review Boats Cobia 344 ... It’s a slice

Polish Motor Gun Boats and Torpedo Boats from WW2 histories/Polish-MTBsMGBs/Polish Motor Gun... · Polish Motor Gun Boats and Torpedo Boats from WW2 ... and three, (as Motor Gun Boats

Solar boats

Morningstar Boats - Morningstar Boats

Contents · fishing Boats Freshwater Boats Smaller freshwater boats, such as aluminum, jon boats and bass boats, range anywhere from 2.4 to 6 metres (8 to 20 feet). Which makes them

HERCULES MARINE LIMITED Boats, Offshore …...Updated January 2019 HERCULES MARINE LIMITED Boats, Offshore Supply Boats, Line Boats, Offshore Barges & Port Agents Email: [email protected]

Larson boats

Polish Motor Gun Boats and Torpedo Boats from WW2

Lifting Small Boats: The Rise of Water Trails Small Boats.pdf · Lifting Small Boats: The Rise of Water Trails California Trails and Greenways Conference Monterey April 19, 2017

CONNECTICUT GREEN BANK RISING TOGETHER 2018 …...made famous the phrase “a rising tide lifts all boats.” In the years since, some have said that this tide is not lifting all boats

Professional Rib Boats | VSR - Very Slender Rib | Coach Boats

Servicing of Inflatable Liferafts, Inflatable Boats, …...- 1 - MARINE GUIDANCE NOTE MGN 339 (M+F) Servicing of Inflatable Liferafts, Inflatable Boats, Rescue Boats, Fast Rescue Boats,

JTC Series Lifting Screw Jack,Lifting Screw Drive Spindle,Lifting Jack Gear,Screw Type Lifting Jacks,Jack Screw Assembly for Lifting,Lifting With Acme Jack Screws,Mechanical Lifting

Origami boats

LIFTING ALL BOATS? - Brown University2020/05/15  · Lifting all boats? Accomplishments and challenges from 20 years of education reform in Massachusetts. Providence, RI: Educational

Choose&Use Lifting Lifting Magnets

RESCUE BOAT...Rescue boat includes lifting eyes, foamed filled seats, foamed filled gunwale tubes and aluminum tread plate flooring ELEVATING BOATS LLC Corporate/EBI Liftboats, LLC

Boats Guide

Yes, we cover that! - American Modern Insurance Group · Air Boats / Fan Boats Cabin Cruisers House Boats Personal Watercraft Runabouts Sport Fishing Antique Boats Hovercrafts Pontoon

EXECUTIVE SUMMARY LIFTING ALL BOATS?...MCAS scores predict later outcomes. TERMINAL HIGH SCHOOL GRADUATES HIGH SCHOOL DROPOUTS $0 $10,000 $20,000 $30,000 $40,000 $50,000 $60,000 $70,000

Developers Developers Developers

Lund Boats - Aluminum Fishing Boats, Bass Boats ......that Shell Lake Boat Company discontinued the manufacturing of wooden strip boats. It is worth noting that many of those boats

CRESTLINER PREMIUM BOAT COVERS - DOWCO Inc....select Crestliner Boats with a walkthu windshield. Cover Support System. Integrated lifting straps & ratchet system. Straps Ensure Water