Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Guard your Android

Harsh Dattani
November 01, 2015
Programming
0
98

Guard your Android

A basic session for Android users Presented at GDG Baroda's DevFest 2015 on 1st Nov, 2015.
Androids have penetrated our life so deeply, we are now using Android for everything, let it be booking a movie, browsing a website, purchasing groceries, ordering food, and what not! In such a scenario, it is important for you to know, how you can stay safe while doing all these activities. Find out how you can make your Android device more secure, and more reliable.

Harsh Dattani

November 01, 2015
Tweet

More Decks by Harsh Dattani

See All by Harsh Dattani
Whats new in Android N
harshdattani
0
43
Developing Secure Android Application
harshdattani
2
350
Introduction to Material Design
harshdattani
3
160

Other Decks in Programming

See All in Programming
Content Security Policy入門 セキュリティ設定と 違反レポートのはじめ方 / Introduction to Content Security Policy Getting Started with Security Configuration and Violation Reporting
uskey512
1
440
弊社の「意識チョット低いアーキテクチャ」10選
texmeijin
5
23k
/←このスケジュール表に立ち向かう フロントエンド開発戦略 / A front-end development strategy to tackle a single-slash schedule.
nrslib
1
590
Universal Linksの実装方法と陥りがちな罠
kaitokudou
1
220
Android 15 でアクションバー表示時にステータスバーが白くなってしまう問題
tonionagauzzi
0
140
[PyCon Korea 2024 Keynote] 커뮤니티와 파이썬, 그리고 우리
beomi
0
110
Dev ContainersとGitHub Codespacesの素敵な関係
ymd65536
1
130
のびしろを広げる巻き込まれ力:偶然を活かすキャリアの作り方/oso2024
takahashiikki
1
410
推し活の ハイトラフィックに立ち向かう Railsとアーキテクチャ - Kaigi on Rails 2024
falcon8823
6
2.3k
WEBエンジニア向けAI活用入門
sutetotanuki
0
300
Honoの来た道とこれから
yusukebe
19
3.1k
C#/.NETのこれまでのふりかえり
tomokusaba
1
160

Featured

See All Featured
What's new in Ruby 2.0
geeforr
342
31k
Unsuck your backbone
ammeep
668
57k
Making Projects Easy
brettharned
115
5.9k
It's Worth the Effort
3n
183
27k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
328
21k
Designing on Purpose - Digital PM Summit 2013
jponch
115
6.9k
Building Your Own Lightsaber
phodgson
102
6.1k
Gamification - CAS2011
davidbonilla
80
5k
Designing for Performance
lara
604
68k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k

Transcript

  1. Stay Hungry, Stay Foolish! Stay Alert, Stay Safe! Om Shanti

  2. Aboutme.apk A Student and a Learner! Always! :P Harsh Dattani

    GDG Baroda

  3. We all know! • Fastest Growing Mobile Operating System •

    1.5 billion downloads a month and growing • Millions of Devices running this Operating System • Easy (Are you sure?) to Develop Applications • Open Source!

  4. What we Don’t know! • It’s easy to create malware

    and target Android. • Even “seem like trusty” app can be malicious. • It’s not that our data, but friend’s data is also important!

  5. Important Security Terms! • Assets • Vulnerabilities • Attack Vectors

    • Threats • Proactive Measures • Counter Measures • Patches • Malware

  6. Some Famous Android Malware • Fake Opera Browser • Fake

    Angry Bird Space • Droid Dream Malware • Blackmart • Cracked Apks • Battery Savers • And More...!

  7. Unix Security Policy 1. Process Isolation 2. Hardware Isolation 3.

    User Permission Model 4. R/W/X Permissions to file 5. Secure IPC

  8. Application Installation

  9. Android Security Policy 1. Application Isolation 2. Sandbox of Application

    3. Secure Communication 4. Signing the Application 5. Permission model of Application

  10. Virtualization

  11. Application Isolation • Each application has own GID/UID. • System

    apps also have own GID/UID. • Based on UNIX Security Model.

  12. Permission Policy (Default) • No app can Write other app

    data. • But can Read data, with due permission • Connect to network • Cannot Use Peripherals • Cannot Use System APIs to Read/Send SMS, Call.. • Cannot Load App on System Start

  13. Darwin’s Theory!

  14. Dalvik → ART

  15. 1.0 → 6.0

  16. Less Secure → More Less Secure

  17. Some Steps! 1. Select popular application. 2. Reverse Engineer it.

    a. Dex2jar b. Apktool c. Smali/Baksmali and many more.. 3. Inject malicious code. 4. Distribute the app. (With new Certi)

  18. Root?

  19. But it’s not Free!

  20. Dangers of Root! • Isolation is gone! • We have

    unknown code (Custom ROM) • Permission Exploits • Privacy! (Major)

  21. Exploitation Frameworks • AFE • Santoku • MSFvemon • Androguard

    • APKTool • Dex2Jar

  22. Security Checklist?

  23. JQuery?