Your SlideShare is downloading. ×
0
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Droidcon Eastern Europe 2013 - How secure is an Android app
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Droidcon Eastern Europe 2013 - How secure is an Android app

186

Published on

Insight in how safe are the romanian banking apps you use daily. Even this is meant to be a presentation Marius will show you how you can secure your apps for curious eyes. The short presentation was …

Insight in how safe are the romanian banking apps you use daily. Even this is meant to be a presentation Marius will show you how you can secure your apps for curious eyes. The short presentation was presented at IMworld 2013 and at Droidcon 2013 was backed up with a workshop.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
186
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. How secure IS AN ANDROID app ? by MARIUS MAILAT
  • 2. Who is MARIUS ?
  • 3. Who is Marius? 1 FOUNDER of DEV COMMUNITY - ANDROIDER 2 ANDROID TRAINER - marakana, androider 3 PARTNER AND CTO - APPSELERATION 4 PARTNER AND CO-FOUNDER - APPSRISE.com
  • 4. Agenda
  • 5. Agenda 1 Last year message vs this year APPROACH 2 How safe are your daily apps ? 3 Dissect the most popular RO banking apps 4 Security guidelines for Android ? 5 How to secure your Android apps ?
  • 6. Last year message VS this year approach
  • 7. Last year message vs this year approach Last year message You are a code artist! Programming as an intellectual activity allows you to create interactive art. This year approach You are a code artist but your art is stolen ! My code art was decompiled, repacked/altered with new code and was sold as genuine art ! I love my art, I hate thieves !
  • 8. How safe are YOUR DAILY APPS ?
  • 9. How safe are your daily apps ?
  • 10. Mobile threats on ANDROID 1 AdVERTISING OVER MALWARE 2 Direct Payoff SMS 3 Destructive attacks ON SENSITIVE DATA 4 Information Scavengers 5 Premeditated Spy on location and INFO
  • 11. BU HU HU
  • 12. Dissect the most POPULAR Android banking apps
  • 13. How to SCOOP inside of an ANDROID APP ? 1 $ APKTool D BANK.Apk 2 $ Jar xvf BANK.apk classes.dex 3 $ dex2jar.sh classes.dex 4 > OPEN JD-GUI 5 TRY ALTENATIVES: DARE, DED, DEXDUMP etc
  • 14. Do we have ROMANIAN banking apps ?
  • 15. Facts : ANDROID banking apps ? Downloads Comments RattingS Url 50,000-100,000 429 3,7 http://goo.gl/oV7Pl0 10,000-50,000 749 3,8 http://goo.gl/8AVwS 10,000-50,000 210 3,6 http://goo.gl/p8BRwK 10,000-50,000 270 4,0 http://goo.gl/FDN0ox 1,000-5,000 41 3,8 http://goo.gl/8FRN5q 1,000-5,000 39 3,1 http://goo.gl/oQWbsM 1,000-5,000 22 3,6 http://goo.gl/TLuHBk 500-1,000 27 4,1 http://goo.gl/zpWLkP
  • 16. How I CALCULATE the BU HU HU score ? DB SSL PERSISTANCE PERMISSIONS SERVER WEIRD CODE - - - + +- no fragments, old STYLE CODE Almost weird - HYBRID APP, WEBVIEW WITH PRE-JAVA-CODE TOTALLY WEIRD - UNSECURE SERVER, PHP, KIND OF MIX OF WEIRD & COMPLEX + OWN WEIRD CACHE MECHANISM, no loging class READABLE XML PARSING DONE ON TABLE DANCE UGLY BUT NICE - + - - - - - - - - MANY LIBS, BUMP LIB :) , HYBRID AGAIN - - AGAIN PHONEGAP load HTML?! - - A BAD OTP BANK CORDOVA STUFF - HYBRID PSEUDO NATIVE BU HU HU SCORE 0-bad, 10-EXCELLENT
  • 17. Security guidelines For ANDROID ?
  • 18. Security GUIDELINES for ANDROID apps ? 1 ENCRYPT EVERyTHING - DB, Preferences ... 2 PASSWORD - SALT 3 SECURE SERVER COMMUNICATION 4 DO NOT TRUST THE SERVER AND THE APP ! 5 DO NOT ALLOW BACKUP
  • 19. How to secure your ANDROID APPS ?
  • 20. How TO SECURE your Android APPS Your safer code ART SECURITY & CODE guidelines GUIDELINES PROTECT YOU ? Your code ART SERIOUS PAINTING SKILLS WITH sensitve data PROTECT THE APP Protect the resources Protect the database Protect the preferences Encrypt your binary Bu huhu MAGIC via DEXJAR and CO
  • 21. Thank you Questions? MARIUS MAILAT, marius.mailat@gmail.com

×