Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Network_Security_in_Android.pdf
Search
ValentineRutto
November 16, 2019
Programming
77
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Network_Security_in_Android.pdf
ValentineRutto
November 16, 2019
More Decks by ValentineRutto
See All by ValentineRutto
Kickstarting your tech career
valentinerutto
1
61
The D in SOLID Principles
valentinerutto
0
240
Consuming Rest Api with retrofit in Android
valentinerutto
0
250
Exposing Network Result Status in MVVM
valentinerutto
0
110
Complex ui animation with Motion layout
valentinerutto
0
120
Tech Opportunities
valentinerutto
1
110
Android paging library
valentinerutto
0
280
Android Room persistence library
valentinerutto
0
180
UI/UX FOR MOBILE
valentinerutto
0
280
Other Decks in Programming
See All in Programming
LLMによるContent Moderationの本番運用の裏側と品質担保への挑戦
suikabar
3
830
Semantic Version 単位で戦略を柔軟に変えて、パッケージアップデートを自動化する
daitasu
1
340
なぜ関数型プログラミングで「型」と「証明」が語られるのか #fp_matsuri
kajitack
3
640
エンジニアと一緒にテストコードの設計と実装を改善した話
mototakatsu
0
250
1B+ /day規模のログを管理する技術
broadleaf
0
130
関数型プログラミングのメリットって何だろう?
wanko_it
0
150
SREの積み重ねがAI駆動開発のガードレールになった ― 7つの実践/SRE Guardrails The 7
tomoyakitaura
7
2.9k
初めてのKubernetes 本番運用でハマった話
oku053
0
120
フィードバックで育てるAI開発
kotaminato
1
110
【やさしく解説 設計編 #0】DDDのコード、読めるのに分からない人へ
panda728
PRO
2
230
TAKTでAI駆動開発の品質を設計する
j5ik2o
7
1.7k
Creating Composable Callables in Contemporary C++
rollbear
0
190
Featured
See All Featured
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
techseoconnect
PRO
0
200
HDC tutorial
michielstock
2
730
Between Models and Reality
mayunak
4
360
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
35
3.5k
The Limits of Empathy - UXLibs8
cassininazir
1
400
End of SEO as We Know It (SMX Advanced Version)
ipullrank
3
4.3k
Abbi's Birthday
coloredviolet
3
8.5k
svc-hook: hooking system calls on ARM64 by binary rewriting
retrage
2
330
YesSQL, Process and Tooling at Scale
rocio
174
15k
Side Projects
sachag
455
43k
Optimising Largest Contentful Paint
csswizardry
37
3.8k
Rails Girls Zürich Keynote
gr2m
96
14k
Transcript
Network Security in Android
None
KOKO is mainstreaming liquid bio-ethanol cooking fuel as a fast,
safe and affordable alternative to dirty cooking fuels such as charcoal https://kokonetworks.com
Protecting your app from reverse engineering and man in the
middle attacks
SSL certificate pinning Obfuscation with proguard
SSL Certificate pinning Why SSL Certificate pinning? to prevent man
in the middle attack What is SSL? -Secure Socket Layer - its a protocol that has always been used to encrypt and secure transmitted data between server and client (website and browser).
SSL Certificate pinning What is ssl certificate pinning? is ensuring
that any client SSL request first validates that the server’s certificate exactly matches the bundle’s certificate previously stored in the application.
SSL Certificate pinning
SSL Certificate pinning What steps do we need? • Obtaining
a certificate for the desired host (preferably the whole certificate chain). • Pin the certificate to an instance of DefaultHttpClient
SSL Certificate pinning Get certificate public key from ssllabs This
is the hashed public key of the certificate
SSL Certificate pinning
SSL Certificate pinning
SSL Certificate pinning - Failure
Obfuscation What? -is a process of creating source code in
a form that is hard for human to understand. Why? To prevent reverse engineering To reduce your app size
1. Configure your gradle file (app/gradle) 2. Use default android
proguard rules or create your own 3. Edt your rules Obfuscation Steps
Obfuscated Code
Non-obfuscated code
Resources Proguard android ssl pinning practical proguard rules
Demo….!!!!!! Demo github link
Thank you !!