Successfully reported this slideshow.
Your SlideShare is downloading. ×

Is Your App Hackable for droidcon Berlin 2015

Ad

is your app
hackable?
from dexprotector.com team for droidcon berlin 2015.

Ad

hot topic🔥

Ad

is your app
hackable?
- yes.

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Check these out next

1 of 25 Ad
1 of 25 Ad
Advertisement

More Related Content

Advertisement

Is Your App Hackable for droidcon Berlin 2015

  1. 1. is your app hackable? from dexprotector.com team for droidcon berlin 2015.
  2. 2. hot topic🔥
  3. 3. is your app hackable? - yes.
  4. 4. users with root
  5. 5. the fun part how to hack apps?
  6. 6. quick check 1. unzip your app_1.2.3.apk from 2. copy some picture.png to assets 3. zip & sign it back 4. works? - yes.
  7. 7. tools u apktool https://code.google.com/p/android-apktool/ u dex2jar https://github.com/pxb1988/dex2jar u jadx https://github.com/skylot/jadx u Java Decompiler https://github.com/java-decompiler/jd-gui u Androguard https://github.com/androguard/androguard u adb
  8. 8. 11
  9. 9. the boring part how to develop more secure apps?
  10. 10. don’t trust your app u process on the backend as web developers do u move critical business logic to native code u use SSL u no plain text data u minimize data stored on the device
  11. 11. proguard is essential open source http://proguard.sourceforge.net/ u shrinks and optimizes the code u renames classes, methods, etc
  12. 12. Security and Design, http://developer.android.com/google/play/billing/billing_best_practices.html
  13. 13. Looks like you need an obfuscator…
  14. 14. protection goals u Have bytecode as hard to reverse engineer as possible. u Have strong integrity protection mechanism in order to block repackaging ability. u Have data and resources encrypted.
  15. 15. API_SECRET = "gamu".replace("g", "s") .concat("rai") + "v" + "bilit".replace("i", "o").concat("e"); use cryptography standards
  16. 16. mobile security market u u class encryption u resource encryption u hiding of API calls u integrity protection u tamper detection u clone protection u root detection u mobile application/device management u rich policy control u custom business requirements u fingerprinting u integration with fraud monitoring systems u … basic professional enterprise
  17. 17. 1. unzip your app_1.2.3.apk from 2. copy some picture.png to assets 3. zip & sign it back 4. works? quick check
  18. 18. next steps u include security into your development workflow u do not trust your own app u use cryptography standards u stay informed: books, sessions, hacker tools contacts @dexprotector dexprotector@licelus.com // And my own @kalabro marshalkina@licelus.com

×