Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Android Security Tips
Search
Merab Tato Kutalia
May 15, 2019
Technology
1
38
Android Security Tips
Android Security Tips
Merab Tato Kutalia
May 15, 2019
Tweet
Share
More Decks by Merab Tato Kutalia
See All by Merab Tato Kutalia
What's new in Android 14?
tatocaster
0
150
Migrate to Gradle version catalog and convention plugins
tatocaster
3
1.8k
Make Codebases Secure with OWASP
tatocaster
0
180
Secure Coding Standards
tatocaster
0
130
ტანგო ანდროიდთან
tatocaster
0
220
Adopting Huawei Mobile Services
tatocaster
0
55
Android UI Testing & Challenges
tatocaster
1
87
Reverse & Inject - droidcon
tatocaster
3
280
mobile DevOps
tatocaster
1
110
Other Decks in Technology
See All in Technology
白金鉱業Meetup_Vol.18_AIエージェント時代のUI/UX設計
brainpadpr
1
270
AI駆動で進化する開発プロセス ~クラスメソッドでの実践と成功事例~ / aidd-in-classmethod
tomoki10
1
800
C++26アップデート 2025-03
faithandbrave
0
1.2k
バクラクの認証基盤の成長と現在地 / bakuraku-authn-platform
convto
4
880
ガバクラのAWS長期継続割引 ~次の4/1に慌てないために~
hamijay_cloud
1
580
Microsoft の SSE の現在地
skmkzyk
0
280
更新系と状態
uhyo
8
2.2k
日経電子版 for Android の技術的課題と取り組み(令和最新版)/android-20250423
nikkei_engineer_recruiting
1
610
Goの組織でバックエンドTypeScriptを採用してどうだったか / How was adopting backend TypeScript in a Golang company
kaminashi
12
9.1k
2025-04-14 Data & Analytics 井戸端会議 Multi tenant log platform with Iceberg
kamijin_fanta
0
180
製造業向けIoTソリューション提案資料.pdf
haruki_uiru
0
140
SREからゼロイチプロダクト開発へ ー越境する打席の立ち方と期待への応え方ー / Product Engineering Night #8
itkq
2
1.1k
Featured
See All Featured
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.2k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
2.9k
How GitHub (no longer) Works
holman
314
140k
Rails Girls Zürich Keynote
gr2m
94
13k
RailsConf 2023
tenderlove
30
1.1k
Code Review Best Practice
trishagee
67
18k
KATA
mclloyd
29
14k
Producing Creativity
orderedlist
PRO
344
40k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
179
53k
The Art of Programming - Codeland 2020
erikaheidi
54
13k
Stop Working from a Prison Cell
hatefulcrawdad
268
20k
Transcript
Android App Security Tips Merabi Kutalia
Tato Kutalia tatocaster tatocaster.me github.com/tatocaster twitter.com/@TatoKutalia
None
Topics • data storage • app permissions • networking •
webview(javascript) • dynamically loaded code
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17)
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable • Scoped Storage(Android Q)
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable • Scoped Storage(Android Q) • Content Providers(Sql Injection)
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable • Scoped Storage(Android Q) • Content Providers(Sql Injection) • Shared preferences + leak
app permissions • data leak caused by misused permissions
networking • HTTPS (it’s 2019!)
networking • HTTPS (it’s 2019!) • localhost! (https://twitter.com/ fs0c131y/status/1085460755313508352)
networking • HTTPS (it’s 2019!) • localhost! (https://twitter.com/ fs0c131y/status/1085460755313508352) •
GCM/FCM/SMS (Sensitive Data)
webview • setJavascriptEnabled - No!
webview • setJavascriptEnabled - No!
webview • setJavascriptEnabled - No! • webkit
dynamically loaded code • Yes you can (https://stackoverflow.com/q/ 6857807/6845290 )
Proguard/R8
Proguard • rules
Tools • Apktool • Dex2Jar • JD-GUI
Nomrebi .com
Nomrebi .com
None
Thank you
tatocaster
brainpadpr
tomoki10
faithandbrave
convto
hamijay_cloud
skmkzyk
uhyo
nikkei_engineer_recruiting
kaminashi
kamijin_fanta
haruki_uiru
itkq
keavy
eileencodes
rmw
holman
gr2m
tenderlove
trishagee
mclloyd
orderedlist
soudai
erikaheidi
hatefulcrawdad
