Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Android Security Tips
Search
Merab Tato Kutalia
May 15, 2019
Technology
1
40
Android Security Tips
Android Security Tips
Merab Tato Kutalia
May 15, 2019
Tweet
Share
More Decks by Merab Tato Kutalia
See All by Merab Tato Kutalia
What's new in Android 14?
tatocaster
0
160
Migrate to Gradle version catalog and convention plugins
tatocaster
3
1.9k
Make Codebases Secure with OWASP
tatocaster
0
190
Secure Coding Standards
tatocaster
0
150
ტანგო ანდროიდთან
tatocaster
0
250
Adopting Huawei Mobile Services
tatocaster
0
58
Android UI Testing & Challenges
tatocaster
1
100
Reverse & Inject - droidcon
tatocaster
3
290
mobile DevOps
tatocaster
1
130
Other Decks in Technology
See All in Technology
サービスロボット最前線:ugoが挑むPhysical AI活用
kmatsuiugo
0
190
AIエージェント就活入門 - MCPが履歴書になる未来
eltociear
0
480
モダンな現場と従来型の組織——そこに生じる "不整合" を解消してこそチームがパフォーマンスを発揮できる / Team-oriented Organization Design 20250825
mtx2s
5
530
7月のガバクラ利用料が高かったので調べてみた
techniczna
3
360
生成AI利用プログラミング:誰でもプログラムが書けると 世の中どうなる?/opencampus202508
okana2ki
0
190
実践アプリケーション設計 ①データモデルとドメインモデル
recruitengineers
PRO
2
230
Claude Code x Androidアプリ 開発
kgmyshin
1
580
Yahoo!ニュースにおけるソフトウェア開発
lycorptech_jp
PRO
0
350
株式会社ARAV 採用案内
maqui
0
340
Devinを使ったモバイルアプリ開発 / Mobile app development with Devin
yanzm
0
190
広島発!スタートアップ開発の裏側
tsankyo
0
240
そのコンポーネント、サーバー?クライアント?App Router開発のモヤモヤを可視化する補助輪
makotot
4
440
Featured
See All Featured
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.6k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.8k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
126
53k
The World Runs on Bad Software
bkeepers
PRO
70
11k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
The Power of CSS Pseudo Elements
geoffreycrofte
77
5.9k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
183
54k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
890
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Visualization
eitanlees
147
16k
Transcript
Android App Security Tips Merabi Kutalia
Tato Kutalia tatocaster tatocaster.me github.com/tatocaster twitter.com/@TatoKutalia
None
Topics • data storage • app permissions • networking •
webview(javascript) • dynamically loaded code
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17)
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable • Scoped Storage(Android Q)
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable • Scoped Storage(Android Q) • Content Providers(Sql Injection)
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable • Scoped Storage(Android Q) • Content Providers(Sql Injection) • Shared preferences + leak
app permissions • data leak caused by misused permissions
networking • HTTPS (it’s 2019!)
networking • HTTPS (it’s 2019!) • localhost! (https://twitter.com/ fs0c131y/status/1085460755313508352)
networking • HTTPS (it’s 2019!) • localhost! (https://twitter.com/ fs0c131y/status/1085460755313508352) •
GCM/FCM/SMS (Sensitive Data)
webview • setJavascriptEnabled - No!
webview • setJavascriptEnabled - No!
webview • setJavascriptEnabled - No! • webkit
dynamically loaded code • Yes you can (https://stackoverflow.com/q/ 6857807/6845290 )
Proguard/R8
Proguard • rules
Tools • Apktool • Dex2Jar • JD-GUI
Nomrebi .com
Nomrebi .com
None
Thank you