Your SlideShare is downloading. ×
0
Building secure android apps
Building secure android apps
Building secure android apps
Building secure android apps
Building secure android apps
Building secure android apps
Building secure android apps
Building secure android apps
Building secure android apps
Building secure android apps
Building secure android apps
Building secure android apps
Building secure android apps
Building secure android apps
Building secure android apps
Building secure android apps
Building secure android apps
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Building secure android apps

527

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
527
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Building Secure Android Apps Kaushal Bhavsar
  • 2. Who am I?• Kaushal Bhavsar• Founder & CEO, Pratikar Technologies• Visiting Faculty, Dept. of Computer Science, (Rollwala) – Network Security in MCA V• Pursuing PhD from CHARUSAT – Computer Security
  • 3. Know this App??
  • 4. Similar Apps Super Guitar Super HistoryFalling Down Solo Eraser Super RingtonePhoto Editor Chess Maker Falling Ball 下坠滚球 Dodge _Falldown
  • 5. Basics VulnerabilityRisk Threat
  • 6. Basics - II Attack Defense-in-Surface depth Least Privilege
  • 7. Android Architecture Your AppsApplication Framework Native Libraries Linux Kernel
  • 8. Android Security Model Application Isolation Application Signing Filesystem Isolation
  • 9. Application Isolation• When an app is installed, it gets a new UID.• All data stored by that application is assigned that same UID• All resources for that app are given full permissions for the app’s UID.• Different UIDs can not access each other’s data.
  • 10. Filesystem Isolation• All data for the app is stored in /data/data/app_package_name• Only UID for specific app can access it• Apps with same UIDs can access each other’s data• Root UID can access all apps’ data!• SD Card data is not protected!• Files created using apps MUST be have appropriate permissions
  • 11. Data SecurityStored Data Mobile Data
  • 12. Protecting Stored Data CryptographyHashing Encryption Symmetric Asymmetric
  • 13. Protecting Mobile Data Figure from http://technet.microsoft.com
  • 14. Input Validation Accept RejectKnown Good Known Bad
  • 15. Command InjectionSQLiteDatabase db = dbHelper.getWriteableDatabase();String userQuery = "SELECT lastName FROMuseraccounts WHERE userID = " + request.getParameter("userID");SQLiteStatement prepStatement =db.compileStatement(userQuery);String userLastname =prepStatement.simpleQueryForString();
  • 16. SQLiteDatabase db = dbHelper.getWriteableDatabase();String userQuery = "SELECT lastName FROMuseraccounts WHERE userID = ?";SQLiteStatement prepStatement =db.compileStatement(userQuery);prepStatement.bindString(1,request.getParameter("userID"));String userLastname =prepStatement.simpleQueryForString();
  • 17. Thank you!kaushal@pratikar.com

×