Android security

1,484 views

Published on

To raise awareness on mobile security. Demonstrate how a PayPal application can be easily compromised (http://vimeo.com/28746669).

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,484
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
33
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Android security

  1. 1. Android Security Leong Hean Hong 2011-10-01 #geekcampsg
  2. 2. Who Am I? <ul><ul><li>Name: Leong Hean Hong </li></ul></ul><ul><ul><li>Project manager in Stream Media Pte. Ltd. </li></ul></ul><ul><ul><li>Working on MoVend , an mobile commerce platform for Android, WP7, BlackBerry </li></ul></ul><ul><ul><li>Member of CodeAndroid Malaysia/Singapore </li></ul></ul><ul><ul><li>Interested in software security, Android, web development </li></ul></ul><ul><li>* Looking for passionate developers to work with </li></ul>
  3. 3. Why Am I Here? <ul><ul><li>Raise awareness of Android security issues </li></ul></ul><ul><ul><li>Get developers to think about security before/during/after development </li></ul></ul>
  4. 4. Overview <ul><ul><li>Why should I be concerned? </li></ul></ul><ul><ul><li>Possible attacks </li></ul></ul><ul><ul><li>Illustration: APK reverse engineering </li></ul></ul><ul><ul><li>Demo </li></ul></ul>
  5. 5. How Are Apps Being Used? <ul><ul><li>Mobile banking (transaction info, transfer $, pay bills) </li></ul></ul><ul><ul><li>mCommerce (pay for services, purchase virtual/physical goods) </li></ul></ul><ul><ul><li>Access company resources (email, docs) </li></ul></ul><ul><ul><li>Access your data/services </li></ul></ul>
  6. 6. Possible Issues <ul><ul><li>Steal personal information </li></ul></ul><ul><ul><li>Steal money </li></ul></ul><ul><ul><li>Abuse service/system </li></ul></ul><ul><ul><li>Steal sensitive information </li></ul></ul>
  7. 7. Possible Attacks <ul><ul><li>Code modification </li></ul></ul><ul><ul><li>Social engineering </li></ul></ul><ul><ul><li>Monitor/tamper network packets </li></ul></ul><ul><ul><li>Monitor/tamper Android Intent </li></ul></ul><ul><ul><li>and much, much more </li></ul></ul>
  8. 8. Illustration: Reverse Engineering <ul><li>&quot;process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation.&quot; -  http://bit.ly/qdBNOp </li></ul><ul><li>Tool: </li></ul><ul><ul><li>android-apktool ( http://bit.ly/r2AI5R ) </li></ul></ul><ul><ul><ul><li>analyse APK, decode resource files, output smali ( http://bit.ly/pj7P47 ) code </li></ul></ul></ul><ul><ul><ul><li>generate APK from smali code + resource files </li></ul></ul></ul><ul><li>Demo Video: </li></ul><ul><ul><li>http://vimeo.com/28746669 </li></ul></ul>

×