Your SlideShare is downloading. ×
0
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Avoiding the Pandora Pitfall
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Avoiding the Pandora Pitfall

1,319

Published on

Avoiding the Pandora Pitfall: Secure Coding Practices for Android Application Privacy

Avoiding the Pandora Pitfall: Secure Coding Practices for Android Application Privacy

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,319
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Avoiding the Pandora Pitfall Tyler Shields Secure Coding Practices for Veracode Research Android Application Privacy November 3, 2011
  • 2. Mobile Security Privacy Landscape Implications START END 1 2 3 4 Case Studies Q&A
  • 3. Risk - noun `riskThe possibility of loss or injury
  • 4. PC Sensitive Data Financial data Corporate data Computing power Email Call L Contact List ogs! Photos … ages! MMS! Vi deo ImSMS!
  • 5. Mobile Mitigations Patch methodology Process isolation Reasonable permission model Some disk encryption Code signatures … DEP! irus!Anti-V
  • 6. 10.9 billion mobile apps downloaded in2010, according to IDC Expected to rise to 76.9 billion apps by 2014
  • 7. Part 1: Malicious Code Activity monitoring and data retrieval Unauthorized dialing, SMS, and payments Unauthorized network connectivity (exfiltration or command & control) UI impersonation System modification (rootkit, APN proxy config) Logic or time bomb
  • 8. Part 2: Code VulnerabilitiesSensitive data leakage (inadvertent or side channel)Unsafe sensitive data storageUnsafe sensitive data transmissionHardcoded password/keys
  • 9. Case Study: Hardcoded Passwords
  • 10. eys! passw ord or k edHardcod g?!! cut – Debuggin La zy short E!! ! – Get ALL FRE O wn one ! !
  • 11. Case Study: Unsafe Data Transmission
  • 12. Goo gle Tran Cale smi ndar tted ! ! in c appoint on! lear m ebook applicati text ent datOff icial Fac rything e xcept ! a ed eveT ransmitt in clear text! d passwor ! es, privat e messag Photos, , etc! wall posts ! bled! Web- SSL Ena E ven with
  • 13. !Or better yet… er!!! ert che cking all togeth Just disable c WILD! As Seen In The
  • 14. Case Study: Unsafe Data Writes
  • 15. Imp rope r Da ta S Acc ! toraPaym ount ge! ents Nu , Se mbers, cur Bil Code ity Acc l s! ess WOR !WOR LD_ LD_ READAB WRI L TEA E! ! BLE! !
  • 16. Impr oper Data Stor SQLi ! age! te3 D ataba ! se! Cont ac Chat t List! Logs ! WOR !WOR LD_REA LD_W DA RIT BLE! EABL ! E! !
  • 17. Case Study: Data Exfiltration
  • 18. WSJ Breaks Story on Pandora Investigation “Federal prosecutors in New Jersey are investigating whether numerous smartphone applications illegally obtained or transmitted information about their users without proper disclosures”
  • 19. ! m execution No progra ! urce! bin ary or so Full c overage of ! y! of bu g discover Wi der range ! a ! by ru ntime dat N ot limitedSta tic -- JD-GUI! Ana -- Veracode Engine! lysi s !
  • 20. JD-Gui Analysis
  • 21. AdMob Location Requests
  • 22. AdMob AndroidID Request
  • 23. Medialets Location Request
  • 24. Medialets AndroidID Requests
  • 25. SecureStudies getDeviceID Request
  • 26. Android Manifest PermissionsACCESS_CHECKIN_PROPERTIES DIAGNOSTIC READ_SYNC_STATSACCESS_COARSE_LOCATION DISABLE_KEYGUARD REBOOTACCESS_FINE_LOCATION DUMP RECEIVE_BOOT_COMPLETEDACCESS_LOCATION_EXTRA_COMMANDS EXPAND_STATUS_BAR RECEIVE_MMSACCESS_MOCK_LOCATION FACTORY_TEST RECEIVE_SMSACCESS_NETWORK_STATE FLASHLIGHT RECEIVE_WAP_PUSHACCESS_SURFACE_FLINGER FORCE_BACK RECORD_AUDIOACCESS_WIFI_STATE GET_ACCOUNTS REORDER_TASKSACCOUNT_MANAGER GET_PACKAGE_SIZE RESTART_PACKAGESAUTHENTICATE_ACCOUNTS GET_TASKS SEND_SMSBATTERY_STATS GLOBAL_SEARCH SET_ACTIVITY_WATCHERBIND_APPWIDGET HARDWARE_TEST SET_ALARMBIND_DEVICE_ADMIN INJECT_EVENTS SET_ALWAYS_FINISHBIND_INPUT_METHOD INSTALL_LOCATION_PROVIDER SET_ANIMATION_SCALEBIND_REMOTEVIEWS INSTALL_PACKAGES SET_DEBUG_APPBIND_WALLPAPER INTERNAL_SYSTEM_WINDOW SET_ORIENTATIONBLUETOOTH INTERNET SET_PREFERRED_APPLICATIONSBLUETOOTH_ADMIN KILL_BACKGROUND_PROCESSES SET_PROCESS_LIMITBRICK MANAGE_ACCOUNTS SET_TIMEBROADCAST_PACKAGE_REMOVED MANAGE_APP_TOKENS SET_TIME_ZONEBROADCAST_SMS MASTER_CLEAR SET_WALLPAPERBROADCAST_STICKY MODIFY_AUDIO_SETTINGS SET_WALLPAPER_HINTSBROADCAST_WAP_PUSH MODIFY_PHONE_STATE SIGNAL_PERSISTENT_PROCESSESCALL_PHONE MOUNT_FORMAT_FILESYSTEMS STATUS_BARCALL_PRIVILEGED MOUNT_UNMOUNT_FILESYSTEMS SUBSCRIBED_FEEDS_READCAMERA NFC SUBSCRIBED_FEEDS_WRITECHANGE_COMPONENT_ENABLED_STATE PERSISTENT_ACTIVITY SYSTEM_ALERT_WINDOWCHANGE_CONFIGURATION PROCESS_OUTGOING_CALLS UPDATE_DEVICE_STATSCHANGE_NETWORK_STATE READ_CALENDAR USE_CREDENTIALSCHANGE_WIFI_MULTICAST_STATE READ_CONTACTS USE_SIPCHANGE_WIFI_STATE READ_FRAME_BUFFER VIBRATECLEAR_APP_CACHE READ_HISTORY_BOOKMARKS WAKE_LOCKCLEAR_APP_USER_DATA READ_INPUT_STATE WRITE_APN_SETTINGSCONTROL_LOCATION_UPDATES READ_LOGS WRITE_CALENDARDELETE_CACHE_FILES READ_PHONE_STATE WRITE_CONTACTSDELETE_PACKAGES READ_SMS WRITE_EXTERNAL_STORAGEDEVICE_POWER READ_SYNC_SETTINGS WRITE_GSERVICES WRITE_HISTORY_BOOKMARKS WRITE_SECURE_SETTINGS WRITE_SETTINGS WRITE_SMS WRITE_SYNC_SETTINGS
  • 27. Phone Calls Read Phone State and Identity System Tools Modify Global System Settings Prevent Device From Sleeping Permissions ! Bluetooth Administration Change Wi-Fi State Change Network Connectivity Automatically Start at Boot Network Communication Full Internet Access Create Bluetooth Connections View Network State View Wi-Fi State Your Personal Information Read Contact Data Add or Modify Calendar Events and Send Email To Guestshttps://market.android.com/details?id=com.pandora.android&feature=search_result – 4/25/2011
  • 28. Just a bit deeper…Google purchases AdMob for$750 million dollars. Closed May, 2010
  • 29. ESPN, CBS Interactive, Geico, Starbucks… 100,000 – 500,000 installations Permissions: • FINE (GPS) LOCATION • COARSE (NETWORK-BASED) LOCATION • FULL INTERNET ACCESS 5,000,000 – 10,000,000 installation Permissions: • RECORD AUDIO • CHANGE YOUR AUDIO SETTINGS • FINE (GPS) LOCATION • COARSE (NETWORK-BASED) LOCATION • FULL INTERNET ACCESS • MODIFY/DELETE USB STORAGE CONTENTS MODIFY/DELETE SD CARD CONTENTS • PREVENT DEVICE FROM SLEEPINGPermissions retrieved from official Android Marketplace on 4/25/2011
  • 30. CBS News Advertising Networks
  • 31. TV.com Advertising Networks
  • 32. One week later...1. http://www.rollingstone.com/culture/blogs/gear-up/pandora-responds-to- claims-that-its-online-service-violates-user-privacy-20110415
  • 33. Privacy?
  • 34. Here are Some Numbers… Permissions Requeste d! 24% GPS information (11,929)! 8% Read Contacts (3,6 26)! 53,000 - # Of 4% Send SMS (1,693)! Applications 3% Receive SMS (1262 )! 2%Record Audio (1100 Analyzed! )! 2% Read SMS (832)! ! 1% Process Outgoing! ~48,000 Android 3 Average Numb er of Calls (323)! Market! Permissions .5% Use Credentials (2 48)! ~5,000 3rd Party Requested! Markets! ! 117 Most Reque sted for Single Application!
  • 35. And Even More Numbers…Total Third Party Libraries: ~83,000!!Top Shared Libraries "! 38% com.admob (18,426 apps )! 8% org.apache ( 3,684 apps )! 6% com.google.android ( 2,838 apps )! 6% com.google.ads ( 2,779 apps )! 6% com.flurry ( 2,762 apps )! 4% com.mobclix ( 2,055 apps )! 4% com.millennialmedia ( 1,758 apps)! 4% com.facebook ( 1,707 apps)!
  • 36. Code Reuse Most Code Is! !Outsourcing Reused! Outsourced! 3rd Party Libraries (with source)! 3rd Party Libraries (binary format)!Third Party Libraries ! Nobody really knows what their code does!!
  • 37. Risk Transference! ! Your code! Your libraries! Outsourced code! 3rd party libraries! Purchased code! COTS code! ! ! Contract your vendors to do the same!I’ll Accept that Risk!Pass it on over..
  • 38. Tyler Shields @txstshields@veracode.comtxs@donkeyonawaffle.org Summary Case Studies! ape! ! L andsc rity No Hardcoded Passwords! On ile Secu ly T P Mob ! atio ns ! ! ake rivacy! pplic k! Wh l e A Encrypt Data In Transit! at Y Mobi High Ris Be H one ! ou Nee Ar e ! st W d! ! ! bile Code Secure Data At Rest! Use ith You iou s Mo Flaws! rs! r! M alic Co ding ! Be W ! M obile a Analyze Security of ALL Code! Tran ry of R sfe (Includes Code Reuse)! renc isk e !

×