SlideShare a Scribd company logo

Droid Hacking for the Innocent

K
kingsBSD

I which we explain how we taught Android app-reversal and analysis to inncocents who hadn't seen the shell before.

Mobile
1 of 10
Download to read offline
Droid Hacking for the Innocent Giles R. Greenway, Department of Digital Humanties @kingsBSD @SoBigData https://www.slideshare.net/kingsBSD
The Prologue: “Our Data Ourselves” Wrote “MobileMiner” Android app. Captures network sockets by scanning /proc. See “Mining Mobile Youth Cultures” and PyData London 2015 talk: http://tinyurl.com/miningmobile youthcultures https://youtu.be/hjjniizB794 This approach still works on unrooted Android N. (See NetMonitor by SECUSO Research Group.) https://github.com/SecUSo/privacy- friendly-netmonitor
The Prologue: “Our Data Ourselves” Observed apps, especially games, “phoning home” with unreasonable frequency. Decided to decompile the app, (TheLineKeepIn) found code from Umeng, Jpush and TenCent. Not really malware, just very obnoxious adware. Can non-experts be taught how to do this, and gain autonomy over their devices and data?
Can’t we just distribute Kali? Kali requires users to download the Android dev tools by themselves. Google prohibits distributing the binary. Get ADB via apt-get? -Not going to happen for novices. Even @evilsocket’s 101 tutorial is too difficult: https://www.evilsocket.net
The Droid Destruction Kit (DDK) Dockerized browser-based desktop with a set of app reversal and traffic capture tools. (Embed in VirtualBox.) Simple Zenity scripts to push/pull .apk packages. Distribute rooted ‘phones. “Press this button to Wireshark...” First used at KCL in 2015, with help from Darren Martyn and Mustafa Al- Bassam.
Don’t underestimate the value of learning. AndroidManifest.xml: “So these permissions are classed as dangerous?” “You can see which 3rd - parties are involved, but you can’t in the PlayStore?” Illustrate the general absurdity. (Press the build- number. Congratulations, you’re a ‘Droid dev!”
Reading Java is hard... ...but people will surprise you. Sometimes 2+2=4¼… (e.g. Facebook ReactJS CDN) Sometimes students teach you things.
Writing Java isn’t that hard! “Digital Ecosystems of Refugee Mobility” (http://tinyurl.com/kclderm) “The International Rescue Committee”
Things break. Thanks, Google...
@kingsBSD @SoBigData https://www.slideshare.net/kingsBSD https://github.com/kingsBSD

Recommended

FIT 1012 - Digg Presentation
FIT 1012 - Digg PresentationFIT 1012 - Digg Presentation
FIT 1012 - Digg Presentationcmnels
 
Privacy on the Series of Tubes of Things
Privacy on the Series of Tubes of ThingsPrivacy on the Series of Tubes of Things
Privacy on the Series of Tubes of ThingsEFF-Austin
 
Andersen Elementary Tech Safety 2015
Andersen Elementary Tech Safety 2015Andersen Elementary Tech Safety 2015
Andersen Elementary Tech Safety 2015Scott Burnett
 
Insect invasion Rules
Insect invasion RulesInsect invasion Rules
Insect invasion RulesKelly Ohlert
 
Pegasus Presentation Feb. 12, 2015
Pegasus Presentation Feb. 12, 2015Pegasus Presentation Feb. 12, 2015
Pegasus Presentation Feb. 12, 2015Scott Burnett
 
Feb 2014. Parenting in a cyber world
Feb 2014. Parenting in a cyber worldFeb 2014. Parenting in a cyber world
Feb 2014. Parenting in a cyber worldScott Burnett
 
IoT: Entering an Era of Perfect Information
IoT: Entering an Era of Perfect InformationIoT: Entering an Era of Perfect Information
IoT: Entering an Era of Perfect InformationChristopher Mohritz
 
Perfect Information - How IoT empowers you to know anything, anytime, anywhere
Perfect Information - How IoT empowers you to know anything, anytime, anywherePerfect Information - How IoT empowers you to know anything, anytime, anywhere
Perfect Information - How IoT empowers you to know anything, anytime, anywhere10x Nation
 

Recommended

FIT 1012 - Digg Presentation
FIT 1012 - Digg PresentationFIT 1012 - Digg Presentation
FIT 1012 - Digg Presentationcmnels
 
Privacy on the Series of Tubes of Things
Privacy on the Series of Tubes of ThingsPrivacy on the Series of Tubes of Things
Privacy on the Series of Tubes of ThingsEFF-Austin
 
Andersen Elementary Tech Safety 2015
Andersen Elementary Tech Safety 2015Andersen Elementary Tech Safety 2015
Andersen Elementary Tech Safety 2015Scott Burnett
 
Insect invasion Rules
Insect invasion RulesInsect invasion Rules
Insect invasion RulesKelly Ohlert
 
Pegasus Presentation Feb. 12, 2015
Pegasus Presentation Feb. 12, 2015Pegasus Presentation Feb. 12, 2015
Pegasus Presentation Feb. 12, 2015Scott Burnett
 
Feb 2014. Parenting in a cyber world
Feb 2014. Parenting in a cyber worldFeb 2014. Parenting in a cyber world
Feb 2014. Parenting in a cyber worldScott Burnett
 
IoT: Entering an Era of Perfect Information
IoT: Entering an Era of Perfect InformationIoT: Entering an Era of Perfect Information
IoT: Entering an Era of Perfect InformationChristopher Mohritz
 
Perfect Information - How IoT empowers you to know anything, anytime, anywhere
Perfect Information - How IoT empowers you to know anything, anytime, anywherePerfect Information - How IoT empowers you to know anything, anytime, anywhere
Perfect Information - How IoT empowers you to know anything, anytime, anywhere10x Nation
 
Intro to Android, IOT, Hacking & Web Designinng
Intro to Android, IOT, Hacking & Web DesigninngIntro to Android, IOT, Hacking & Web Designinng
Intro to Android, IOT, Hacking & Web DesigninngI am Cipher
 
Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)
Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)
Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)Giles Greenway
 
Service Design Days 2017 - Keynote Jon Rogers (University of Dundee)
Service Design Days 2017 - Keynote Jon Rogers (University of Dundee)Service Design Days 2017 - Keynote Jon Rogers (University of Dundee)
Service Design Days 2017 - Keynote Jon Rogers (University of Dundee)SERVICE DESIGN DAYS
 
MobileMiner and NervousNet
MobileMiner and NervousNetMobileMiner and NervousNet
MobileMiner and NervousNetkingsBSD
 
Android forensics
Android forensicsAndroid forensics
Android forensicsInfosys
 
From Reversing to Exploitation
From Reversing to ExploitationFrom Reversing to Exploitation
From Reversing to ExploitationSatria Ady Pradana
 
From Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceFrom Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceSatria Ady Pradana
 
Sss14green Iotic Labs
Sss14green Iotic LabsSss14green Iotic Labs
Sss14green Iotic LabsJustin Hayward
 
Digital Footprint in our world
Digital Footprint in our worldDigital Footprint in our world
Digital Footprint in our worldJustino Lourenço
 
Secure Open Telephony Network Presentation at Hope 9
Secure Open Telephony Network Presentation at Hope 9Secure Open Telephony Network Presentation at Hope 9
Secure Open Telephony Network Presentation at Hope 9Mark Belinsky
 
Digital footprint@wse march13
Digital footprint@wse march13Digital footprint@wse march13
Digital footprint@wse march13Justino Lourenço
 
Smartphone Reporting Done Smarter
Smartphone Reporting Done SmarterSmartphone Reporting Done Smarter
Smartphone Reporting Done SmarterVictor Hernandez
 
Abusing mobilegames
Abusing mobilegamesAbusing mobilegames
Abusing mobilegamesナム-Nam Nguyễn
 
What's Your Digital IQ? Business Tech Trends & Applications by @PYMLIVE
What's Your Digital IQ? Business Tech Trends & Applications by @PYMLIVEWhat's Your Digital IQ? Business Tech Trends & Applications by @PYMLIVE
What's Your Digital IQ? Business Tech Trends & Applications by @PYMLIVEKristi Casey Sanders, CMP, CMM, DES, HMCC
 
What smartphones can teach futurists
What smartphones can teach futuristsWhat smartphones can teach futurists
What smartphones can teach futuristsDavid Wood
 
What Smartphones Can Teach Futurists
What Smartphones Can Teach FuturistsWhat Smartphones Can Teach Futurists
What Smartphones Can Teach FuturistsCynthia G. Wagner
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing BotBellaj Badr
 
Women security application
Women security applicationWomen security application
Women security applicationAkshay Surve
 
DeepFake_Seminar.pptx
DeepFake_Seminar.pptxDeepFake_Seminar.pptx
DeepFake_Seminar.pptxsandeshsb
 
ThingsConAMS 2017 - Mirko Ross - Internet of Shit Fails
ThingsConAMS 2017 - Mirko Ross - Internet of Shit FailsThingsConAMS 2017 - Mirko Ross - Internet of Shit Fails
ThingsConAMS 2017 - Mirko Ross - Internet of Shit FailsThingsConAMS
 
Crowds and Clouds
Crowds and CloudsCrowds and Clouds
Crowds and CloudskingsBSD
 
Toward a Mobile Data Commons
Toward a Mobile Data CommonsToward a Mobile Data Commons
Toward a Mobile Data CommonskingsBSD
 

More Related Content

Similar to Droid Hacking for the Innocent

Intro to Android, IOT, Hacking & Web Designinng
Intro to Android, IOT, Hacking & Web DesigninngIntro to Android, IOT, Hacking & Web Designinng
Intro to Android, IOT, Hacking & Web DesigninngI am Cipher
 
Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)
Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)
Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)Giles Greenway
 
Service Design Days 2017 - Keynote Jon Rogers (University of Dundee)
Service Design Days 2017 - Keynote Jon Rogers (University of Dundee)Service Design Days 2017 - Keynote Jon Rogers (University of Dundee)
Service Design Days 2017 - Keynote Jon Rogers (University of Dundee)SERVICE DESIGN DAYS
 
MobileMiner and NervousNet
MobileMiner and NervousNetMobileMiner and NervousNet
MobileMiner and NervousNetkingsBSD
 
Android forensics
Android forensicsAndroid forensics
Android forensicsInfosys
 
From Reversing to Exploitation
From Reversing to ExploitationFrom Reversing to Exploitation
From Reversing to ExploitationSatria Ady Pradana
 
From Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceFrom Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceSatria Ady Pradana
 
Digital Footprint in our world
Digital Footprint in our worldDigital Footprint in our world
Digital Footprint in our worldJustino Lourenço
 
Secure Open Telephony Network Presentation at Hope 9
Secure Open Telephony Network Presentation at Hope 9Secure Open Telephony Network Presentation at Hope 9
Secure Open Telephony Network Presentation at Hope 9Mark Belinsky
 
Digital footprint@wse march13
Digital footprint@wse march13Digital footprint@wse march13
Digital footprint@wse march13Justino Lourenço
 
Smartphone Reporting Done Smarter
Smartphone Reporting Done SmarterSmartphone Reporting Done Smarter
Smartphone Reporting Done SmarterVictor Hernandez
 
What smartphones can teach futurists
What smartphones can teach futuristsWhat smartphones can teach futurists
What smartphones can teach futuristsDavid Wood
 
What Smartphones Can Teach Futurists
What Smartphones Can Teach FuturistsWhat Smartphones Can Teach Futurists
What Smartphones Can Teach FuturistsCynthia G. Wagner
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing BotBellaj Badr
 
Women security application
Women security applicationWomen security application
Women security applicationAkshay Surve
 
DeepFake_Seminar.pptx
DeepFake_Seminar.pptxDeepFake_Seminar.pptx
DeepFake_Seminar.pptxsandeshsb
 
ThingsConAMS 2017 - Mirko Ross - Internet of Shit Fails
ThingsConAMS 2017 - Mirko Ross - Internet of Shit FailsThingsConAMS 2017 - Mirko Ross - Internet of Shit Fails
ThingsConAMS 2017 - Mirko Ross - Internet of Shit FailsThingsConAMS
 

Similar to Droid Hacking for the Innocent (20)

Intro to Android, IOT, Hacking & Web Designinng
Intro to Android, IOT, Hacking & Web DesigninngIntro to Android, IOT, Hacking & Web Designinng
Intro to Android, IOT, Hacking & Web Designinng
 
Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)
Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)
Our Data, Ourselves: The Data Democracy Deficit (EMF CAmp 2014)
 
Service Design Days 2017 - Keynote Jon Rogers (University of Dundee)
Service Design Days 2017 - Keynote Jon Rogers (University of Dundee)Service Design Days 2017 - Keynote Jon Rogers (University of Dundee)
Service Design Days 2017 - Keynote Jon Rogers (University of Dundee)
 
MobileMiner and NervousNet
MobileMiner and NervousNetMobileMiner and NervousNet
MobileMiner and NervousNet
 
Android forensics
Android forensicsAndroid forensics
Android forensics
 
From Reversing to Exploitation
From Reversing to ExploitationFrom Reversing to Exploitation
From Reversing to Exploitation
 
From Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in EssenceFrom Reversing to Exploitation: Android Application Security in Essence
From Reversing to Exploitation: Android Application Security in Essence
 
Sss14green Iotic Labs
Sss14green Iotic LabsSss14green Iotic Labs
Sss14green Iotic Labs
 
Digital Footprint in our world
Digital Footprint in our worldDigital Footprint in our world
Digital Footprint in our world
 
Secure Open Telephony Network Presentation at Hope 9
Secure Open Telephony Network Presentation at Hope 9Secure Open Telephony Network Presentation at Hope 9
Secure Open Telephony Network Presentation at Hope 9
 
Digital footprint@wse march13
Digital footprint@wse march13Digital footprint@wse march13
Digital footprint@wse march13
 
Smartphone Reporting Done Smarter
Smartphone Reporting Done SmarterSmartphone Reporting Done Smarter
Smartphone Reporting Done Smarter
 
Abusing mobilegames
Abusing mobilegamesAbusing mobilegames
Abusing mobilegames
 
What's Your Digital IQ? Business Tech Trends & Applications by @PYMLIVE
What's Your Digital IQ? Business Tech Trends & Applications by @PYMLIVEWhat's Your Digital IQ? Business Tech Trends & Applications by @PYMLIVE
What's Your Digital IQ? Business Tech Trends & Applications by @PYMLIVE
 
What smartphones can teach futurists
What smartphones can teach futuristsWhat smartphones can teach futurists
What smartphones can teach futurists
 
What Smartphones Can Teach Futurists
What Smartphones Can Teach FuturistsWhat Smartphones Can Teach Futurists
What Smartphones Can Teach Futurists
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing Bot
 
Women security application
Women security applicationWomen security application
Women security application
 
DeepFake_Seminar.pptx
DeepFake_Seminar.pptxDeepFake_Seminar.pptx
DeepFake_Seminar.pptx
 
ThingsConAMS 2017 - Mirko Ross - Internet of Shit Fails
ThingsConAMS 2017 - Mirko Ross - Internet of Shit FailsThingsConAMS 2017 - Mirko Ross - Internet of Shit Fails
ThingsConAMS 2017 - Mirko Ross - Internet of Shit Fails
 

More from kingsBSD

Crowds and Clouds
Crowds and CloudsCrowds and Clouds
Crowds and CloudskingsBSD
 
Toward a Mobile Data Commons
Toward a Mobile Data CommonsToward a Mobile Data Commons
Toward a Mobile Data CommonskingsBSD
 
Our Data Ourselves, Pydata 2015
Our Data Ourselves, Pydata 2015Our Data Ourselves, Pydata 2015
Our Data Ourselves, Pydata 2015kingsBSD
 
Research on Online Digital Cultures — Community Extraction from Twitter Netwo...
Research on Online Digital Cultures — Community Extraction from Twitter Netwo...Research on Online Digital Cultures — Community Extraction from Twitter Netwo...
Research on Online Digital Cultures — Community Extraction from Twitter Netwo...kingsBSD
 
Mobile Miner Installation
Mobile Miner InstallationMobile Miner Installation
Mobile Miner InstallationkingsBSD
 
Twitter Community Extraction by Markov Clustering
Twitter Community Extraction by Markov ClusteringTwitter Community Extraction by Markov Clustering
Twitter Community Extraction by Markov ClusteringkingsBSD
 

More from kingsBSD (6)

Crowds and Clouds
Crowds and CloudsCrowds and Clouds
Crowds and Clouds
 
Toward a Mobile Data Commons
Toward a Mobile Data CommonsToward a Mobile Data Commons
Toward a Mobile Data Commons
 
Our Data Ourselves, Pydata 2015
Our Data Ourselves, Pydata 2015Our Data Ourselves, Pydata 2015
Our Data Ourselves, Pydata 2015
 
Research on Online Digital Cultures — Community Extraction from Twitter Netwo...
Research on Online Digital Cultures — Community Extraction from Twitter Netwo...Research on Online Digital Cultures — Community Extraction from Twitter Netwo...
Research on Online Digital Cultures — Community Extraction from Twitter Netwo...
 
Mobile Miner Installation
Mobile Miner InstallationMobile Miner Installation
Mobile Miner Installation
 
Twitter Community Extraction by Markov Clustering
Twitter Community Extraction by Markov ClusteringTwitter Community Extraction by Markov Clustering
Twitter Community Extraction by Markov Clustering
 

Recently uploaded

CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceanilsa9823
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRnishacall1
 
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPsychicRuben LoveSpells
 
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Pooja Nehwal
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceanilsa9823
 
9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7Pooja Nehwal
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 

Recently uploaded (7)

CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
 
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
 
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
 
9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7
 
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
 

Droid Hacking for the Innocent

  • 1. Droid Hacking for the Innocent Giles R. Greenway, Department of Digital Humanties @kingsBSD @SoBigData https://www.slideshare.net/kingsBSD
  • 2. The Prologue: “Our Data Ourselves” Wrote “MobileMiner” Android app. Captures network sockets by scanning /proc. See “Mining Mobile Youth Cultures” and PyData London 2015 talk: http://tinyurl.com/miningmobile youthcultures https://youtu.be/hjjniizB794 This approach still works on unrooted Android N. (See NetMonitor by SECUSO Research Group.) https://github.com/SecUSo/privacy- friendly-netmonitor
  • 3. The Prologue: “Our Data Ourselves” Observed apps, especially games, “phoning home” with unreasonable frequency. Decided to decompile the app, (TheLineKeepIn) found code from Umeng, Jpush and TenCent. Not really malware, just very obnoxious adware. Can non-experts be taught how to do this, and gain autonomy over their devices and data?
  • 4. Can’t we just distribute Kali? Kali requires users to download the Android dev tools by themselves. Google prohibits distributing the binary. Get ADB via apt-get? -Not going to happen for novices. Even @evilsocket’s 101 tutorial is too difficult: https://www.evilsocket.net
  • 5. The Droid Destruction Kit (DDK) Dockerized browser-based desktop with a set of app reversal and traffic capture tools. (Embed in VirtualBox.) Simple Zenity scripts to push/pull .apk packages. Distribute rooted ‘phones. “Press this button to Wireshark...” First used at KCL in 2015, with help from Darren Martyn and Mustafa Al- Bassam.
  • 6. Don’t underestimate the value of learning. AndroidManifest.xml: “So these permissions are classed as dangerous?” “You can see which 3rd - parties are involved, but you can’t in the PlayStore?” Illustrate the general absurdity. (Press the build- number. Congratulations, you’re a ‘Droid dev!”
  • 7. Reading Java is hard... ...but people will surprise you. Sometimes 2+2=4¼… (e.g. Facebook ReactJS CDN) Sometimes students teach you things.
  • 8. Writing Java isn’t that hard! “Digital Ecosystems of Refugee Mobility” (http://tinyurl.com/kclderm) “The International Rescue Committee”