Zarafa SummerCamp 2012 - Android Workshop

841 views

Published on

Published in: Art & Photos, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
841
On SlideShare
0
From Embeds
0
Number of Embeds
48
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • ZSC speakers / speakersonly
  • 2:We’ll be installing an app outside of Google Play (because we’re building it from source!); don’t forget to restore the setting after the workshop
  • Sindsdien allerlei apps – van lollig tot onmogelijkRepudo – speelse app – KLM wereldweken, uniek nummer van Anouk, gratis Android telefoonSmart calls – Voorbeeld van het onmogelijkeSlechte Dekking – Spierballen van Android
  • *) although most rooting methods install Superuser, an app that shows a permission prompt when a `su` command executes
  • David Poll (Parse.com): “Logcat is not a safe place to put sensitive data, but it's easy to mistakenly assume that only developers will see this.”
  • Audience: test any app that uses Facebook to log in (i.e. Facebook app)
  • Copy the link, don’t visit it!Don’t forget it’s ‘https’Don’t forget the ‘.git’ at the endMind the capitalization
  • Zarafa SummerCamp 2012 - Android Workshop

    1. 1. Freek Kauffmann Paul Lammertsma WorkshopBuild an app that revealssecurity holes on Android
    2. 2. Before we start1. Connect to the open wireless network2. Android setting: allow non-market applications3. Download AIDE from Google Play
    3. 3. APPS!
    4. 4. Android• What are the security principles of Android? – POSIX based (Linux) – User IDs and File Access – Permissions – Application signing (identifies developer) – Sandboxing (application isolation)
    5. 5. Android• Implications of rooting your device? – You can modify the Operating System – You can replace all applications – Access all application data – Grant/revoke permissions – Send data to and from the phone• Others (malicious software?) can do the same!*
    6. 6. Android• Facebook SDK exploit (April, David Poll) – Logcat – Let’s hack this!
    7. 7. We’ll make an app that…• Steals Facebook login from bonafide apps – Draw Something Free – Hootsuite – Facebook Marketplace (Oodle) – Soundhound – LauncherPro – Sleepy Jack – Airport City, Diamonds Blaze and others by Game Insight
    8. 8. githubhttps://github.com/pflammertsma/FacebookThief.git
    9. 9. https://github.com/pflammertsma/FacebookThief.git continues on next slide…
    10. 10. Facebook Thief Tap to enable the background service
    11. 11. Freek Kauffmann Paul Lammertsmafreek.kauffmann@itq.nl paul@pixplicity.com

    ×