Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Is Your App Hackable for droidcon Berlin 2015

1,797 views

Published on

http://de.droidcon.com/session/your-app-hackable
https://dexprotector.com/

Published in: Software
  • Nice !! Download 100 % Free Ebooks, PPts, Study Notes, Novels, etc @ https://www.ThesisScientist.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hello! Get Your Professional Job-Winning Resume Here - Check our website! https://vk.cc/818RFv
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Is Your App Hackable for droidcon Berlin 2015

  1. 1. is your app hackable? from dexprotector.com team for droidcon berlin 2015.
  2. 2. hot topic🔥
  3. 3. is your app hackable? - yes.
  4. 4. users with root
  5. 5. the fun part how to hack apps?
  6. 6. quick check 1. unzip your app_1.2.3.apk from 2. copy some picture.png to assets 3. zip & sign it back 4. works? - yes.
  7. 7. tools u apktool https://code.google.com/p/android-apktool/ u dex2jar https://github.com/pxb1988/dex2jar u jadx https://github.com/skylot/jadx u Java Decompiler https://github.com/java-decompiler/jd-gui u Androguard https://github.com/androguard/androguard u adb
  8. 8. 11
  9. 9. the boring part how to develop more secure apps?
  10. 10. don’t trust your app u process on the backend as web developers do u move critical business logic to native code u use SSL u no plain text data u minimize data stored on the device
  11. 11. proguard is essential open source http://proguard.sourceforge.net/ u shrinks and optimizes the code u renames classes, methods, etc
  12. 12. Security and Design, http://developer.android.com/google/play/billing/billing_best_practices.html
  13. 13. Looks like you need an obfuscator…
  14. 14. protection goals u Have bytecode as hard to reverse engineer as possible. u Have strong integrity protection mechanism in order to block repackaging ability. u Have data and resources encrypted.
  15. 15. API_SECRET = "gamu".replace("g", "s") .concat("rai") + "v" + "bilit".replace("i", "o").concat("e"); use cryptography standards
  16. 16. mobile security market u u class encryption u resource encryption u hiding of API calls u integrity protection u tamper detection u clone protection u root detection u mobile application/device management u rich policy control u custom business requirements u fingerprinting u integration with fraud monitoring systems u … basic professional enterprise
  17. 17. 1. unzip your app_1.2.3.apk from 2. copy some picture.png to assets 3. zip & sign it back 4. works? quick check
  18. 18. next steps u include security into your development workflow u do not trust your own app u use cryptography standards u stay informed: books, sessions, hacker tools contacts @dexprotector dexprotector@licelus.com // And my own @kalabro marshalkina@licelus.com

×