Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Android Security Tips
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Merab Tato Kutalia
May 15, 2019
Technology
1
52
Android Security Tips
Android Security Tips
Merab Tato Kutalia
May 15, 2019
Tweet
Share
More Decks by Merab Tato Kutalia
See All by Merab Tato Kutalia
What's new in Android 14?
tatocaster
0
180
Migrate to Gradle version catalog and convention plugins
tatocaster
3
1.9k
Make Codebases Secure with OWASP
tatocaster
0
210
Secure Coding Standards
tatocaster
0
170
ტანგო ანდროიდთან
tatocaster
0
300
Adopting Huawei Mobile Services
tatocaster
0
76
Android UI Testing & Challenges
tatocaster
1
120
Reverse & Inject - droidcon
tatocaster
3
320
mobile DevOps
tatocaster
1
150
Other Decks in Technology
See All in Technology
Scrumは歪む — 組織設計の原理原則
dashi
0
180
OSC仙台プレ勉強会 AlmaLinuxとは
koedoyoshida
0
170
会社紹介資料 / Sansan Company Profile
sansan33
PRO
16
410k
アーキテクチャモダナイゼーションを実現する組織
satohjohn
2
920
複数クラスタ運用と検索の高度化:ビズリーチにおけるElastic活用事例 / ElasticON Tokyo2026
visional_engineering_and_design
0
160
JAWS FESTA 2025でリリースしたほぼリアルタイム文字起こし/翻訳機能の構成について
naoki8408
1
550
Sansanでの認証基盤内製化と移行
sansantech
PRO
0
490
マルチアカウント環境でSecurity Hubの運用!導入の苦労とポイント / JAWS DAYS 2026
genda
0
710
Everything Claude Code を眺める
oikon48
7
4.6k
身体を持ったパーソナルAIエージェントの 可能性を探る開発
yokomachi
1
120
AI駆動AI普及活動 ~ 社内AI活用の「何から始めれば?」をAIで突破する
oracle4engineer
PRO
1
100
わからなくて良いなら、わからなきゃだめなの?
kotaoue
1
360
Featured
See All Featured
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
0
450
Technical Leadership for Architectural Decision Making
baasie
3
290
Marketing to machines
jonoalderson
1
5k
Stop Working from a Prison Cell
hatefulcrawdad
274
21k
We Have a Design System, Now What?
morganepeng
55
8k
Reflections from 52 weeks, 52 projects
jeffersonlam
356
21k
16th Malabo Montpellier Forum Presentation
akademiya2063
PRO
0
71
How to Get Subject Matter Experts Bought In and Actively Contributing to SEO & PR Initiatives.
livdayseo
0
85
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
110
Build your cross-platform service in a week with App Engine
jlugia
234
18k
Believing is Seeing
oripsolob
1
84
The SEO Collaboration Effect
kristinabergwall1
0
390
Transcript
Android App Security Tips Merabi Kutalia
Tato Kutalia tatocaster tatocaster.me github.com/tatocaster twitter.com/@TatoKutalia
None
Topics • data storage • app permissions • networking •
webview(javascript) • dynamically loaded code
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17)
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable • Scoped Storage(Android Q)
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable • Scoped Storage(Android Q) • Content Providers(Sql Injection)
data storage • Internal Storage(MODE_WORLD_WRITABLE (deprecated in API 17) •
External Storage is globally readable • Scoped Storage(Android Q) • Content Providers(Sql Injection) • Shared preferences + leak
app permissions • data leak caused by misused permissions
networking • HTTPS (it’s 2019!)
networking • HTTPS (it’s 2019!) • localhost! (https://twitter.com/ fs0c131y/status/1085460755313508352)
networking • HTTPS (it’s 2019!) • localhost! (https://twitter.com/ fs0c131y/status/1085460755313508352) •
GCM/FCM/SMS (Sensitive Data)
webview • setJavascriptEnabled - No!
webview • setJavascriptEnabled - No!
webview • setJavascriptEnabled - No! • webkit
dynamically loaded code • Yes you can (https://stackoverflow.com/q/ 6857807/6845290 )
Proguard/R8
Proguard • rules
Tools • Apktool • Dex2Jar • JD-GUI
Nomrebi .com
Nomrebi .com
None
Thank you
SiteGround - Reliable hosting with speed, security, and support you can count on.
tatocaster
.jpg){kind=avatar}
dashi
koedoyoshida
sansan33
satohjohn
visional_engineering_and_design
naoki8408
sansantech
genda
oikon48
yokomachi
oracle4engineer
kotaoue
honzajavorek
baasie
jonoalderson
hatefulcrawdad
morganepeng
jeffersonlam
akademiya2063
livdayseo
marketingsoph
jlugia
oripsolob
kristinabergwall1
