SlideShare a Scribd company logo

Android App Security Solution

Download as PPTX, PDF
Jay Li
Jay Li

2015: The latest Android App Security Solution to protect your Android App. This solution has been tested for past 2 years in Android world and wide adopted by banks, Lottery and gaming industry.

Technology
1 of 19
Sales Contact: Jayson.Li@secneo.com or Nicole.Ban@secneo.com Dedicate to Mobile APP Security By Jayson Li 2014-11-25 www.secneo.com
About BANGCLE By Oct. 2014: 240,000 Android Apps 30,000 Mobile Developers 300,000,000 Smartphones 2010-5 series A round from IDG 2014-5 series C round from SIG  Certified Mobile Firewall Product Vendor in China  IEEE ICSG member  Member of ANVA  Certified Android App Security Vendor in China 2013-4 series B round from IDG、Redpoint
【Running Env. Security】 VMware 【App Security】 BANGCLE 【Device Security】 Symantec, MacAfee, Kaspersky
Change paid to free App Malicious App payment creation Virus injection Remove/bypass security setting App Repack Plugin illegal Ads Remove Ads Illegal App localization
Evaluation AppShield App Release App Monitor App Management Statistic/BI Before releasing security evaluation and shielding APP Distribution Management Programming Security Source Code Protection Fishing App Monitoring App Management •Data collection •Environment monitor •Security Early Warning •Message Pushing Penetration Report Code Auditing Report App Distribution Report Competitor Report Piracy Monitoring App Monitor/Early warning Assist to upload to download sites Pirated/fishing App Removing Data Security Environment Security Business Security Storage Protection Data Protection Protocol Protection Environment Monitoring
Source Code Audit (White-box) App Penetration Service (Black-Box)
 Symmetric Encryption  White-box cryptography + AES technology  USA federal government standard  IBM, Arxan, InterTrust etc
Hack Technology Current Solution on Android Platform Bangcle Defend Best Practices on Android Reverse Engineering  Code obfuscation  Code Encryption Anti Reverse Engineering  App Integrity Check Anti tampering Debugging N/A  Anti-Debugging Low level trap detection Memory monitoring and detection  Self Protection Reactivate when App is compromised Illegal Data Copy  Encrypt key can be easy found by disassemble Apk  Transparent Strong Encryption Combined with code encryption Encrypt key secured by white-box technology  Bind IMEI with Encrypt key Prevent data file being copied out
Mobile App Game Developers Black-Box Mobile Banking App Developers Cloud USA 5 – 10 Minutes No code change needed Upload App Cloud Shielding (5-10 minutes) Download App Sign Apps -> Test -> Release
V0.5 Code Obfuscation VS. JAVA Class Loader Competitors VS. JAVA VM VS. CPU VIM SO Protection Local Data Protection Unity Script Protection VS. BANGCLE
Crawlers Data Analysis Data Storage App Similarity Analysis Engine Report Generator APK 310 Download site Information App Distribution Monitor Report Web
Secured Soft Keyboard SDK Anti-Game Cheats SDK
Question 1 : What are AppShield impact to App performance and compatibility? Answer: Result from over 30,000 App and 150 different smartphones in China, USA, EU, Japan, Korea, HK, TW  Apk size increased 800k - 2000k depend on App and security levels  CPU usage increase 2% ~ 8%  Memory usage increase 4% ~ 10%  APP start up time increase 0.1s ~ 0.9s  No compatibility issue for majority brand cellphones  Support ARM, x86
Question 2 : How long it will take us to shield an App? Answer: Within 15 minutes. However, normal processing time is less than 10 minutes include virus scan service Question 3 : Can you secure Apk SO, log, audio and other resource files ? Answer: Yes. We can manually encrypt them Question 4: How can we try it? Answer: Yes. You can try a non commercial version Appshield in www.secneo.com or send your request to Jayson.li@secneo.com for a banking grade security product and service.
 You spend millions on App security but still got hacked  Your App has many users but few paying  You spend more money on security issue than paying third party professionals  Your developers spend more time on security than writing codes  Your QA spending over 15% testing time on App security  You have to give up a million-dollars game design because of game security control problem  When you choose game engines, security is the top concern  Your developers think they can defeat Hackers
THANK YOU Sales Contact: Jayson.Li@secneo.com or Nicole.Ban@secneo.com www.secneo.com

Recommended

Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Ajin Abraham
 
API Abuse - The Anatomy of An Attack
API Abuse - The Anatomy of An AttackAPI Abuse - The Anatomy of An Attack
API Abuse - The Anatomy of An Attack
Nordic APIs
 
Mobile application security
Mobile application securityMobile application security
Mobile application securityShubhneet Goel
 
Mobile_app_security
Mobile_app_securityMobile_app_security
Mobile_app_securityHassan El Hadary
 
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
Ajin Abraham
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
Ajin Abraham
 
Penetrating Android Aapplications
Penetrating Android AapplicationsPenetrating Android Aapplications
Penetrating Android Aapplications
Roshan Thomas
 
Mobile App Security Testing -2
Mobile App Security Testing -2Mobile App Security Testing -2
Mobile App Security Testing -2Krisshhna Daasaarii
 

Recommended

Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Ajin Abraham
 
API Abuse - The Anatomy of An Attack
API Abuse - The Anatomy of An AttackAPI Abuse - The Anatomy of An Attack
API Abuse - The Anatomy of An Attack
Nordic APIs
 
Mobile application security
Mobile application securityMobile application security
Mobile application securityShubhneet Goel
 
Mobile_app_security
Mobile_app_securityMobile_app_security
Mobile_app_securityHassan El Hadary
 
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
Ajin Abraham
 
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSFAppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
AppSec EU 2016: Automated Mobile Application Security Assessment with MobSF
Ajin Abraham
 
Penetrating Android Aapplications
Penetrating Android AapplicationsPenetrating Android Aapplications
Penetrating Android Aapplications
Roshan Thomas
 
Mobile App Security Testing -2
Mobile App Security Testing -2Mobile App Security Testing -2
Mobile App Security Testing -2Krisshhna Daasaarii
 
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Ajin Abraham
 
Mobile Apps Security Testing -3
Mobile Apps Security Testing -3Mobile Apps Security Testing -3
Mobile Apps Security Testing -3Krisshhna Daasaarii
 
Secure Android Apps- nVisium Security
Secure Android Apps- nVisium SecuritySecure Android Apps- nVisium Security
Secure Android Apps- nVisium Security
Jack Mannino
 
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixReducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at Netflix
SBWebinars
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
Security testing in mobile applications
Security testing in mobile applicationsSecurity testing in mobile applications
Security testing in mobile applications
Jose Manuel Ortega Candel
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Idexcel Technologies
 
Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.
VodqaBLR
 
The curious case of mobile app security.pptx
The curious case of mobile app security.pptxThe curious case of mobile app security.pptx
The curious case of mobile app security.pptx
Ankit Giri
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
Cláudio André
 
SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101
Wade Malone
 
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposedStephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
NoNameCon
 
API Security with Postman and Qualys
API Security with Postman and QualysAPI Security with Postman and Qualys
API Security with Postman and Qualys
Postman
 
Bangcle en-game
Bangcle en-gameBangcle en-game
Bangcle en-gameJay Li
 
Qark DefCon 23
Qark DefCon 23Qark DefCon 23
Qark DefCon 23
☠Tony Trummer☠
 
Andriod Pentesting and Malware Analysis
Andriod Pentesting and Malware AnalysisAndriod Pentesting and Malware Analysis
Andriod Pentesting and Malware Analysis
n|u - The Open Security Community
 
Apteligent - Choosing the Right SDKs to Optimize App Performance
Apteligent - Choosing the Right SDKs to Optimize App PerformanceApteligent - Choosing the Right SDKs to Optimize App Performance
Apteligent - Choosing the Right SDKs to Optimize App Performance
Apteligent
 
Why 'positive security' is a software security game changer
Why 'positive security' is a software security game changerWhy 'positive security' is a software security game changer
Why 'positive security' is a software security game changer
Jaap Karan Singh
 
Mobile application security Guidelines
Mobile application security GuidelinesMobile application security Guidelines
Mobile application security Guidelines
Entersoft Security
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Alan Kan
 
Student 1
Student 1Student 1
Student 1
alvaro100500
 
Irregular verbs.
Irregular verbs.Irregular verbs.
Irregular verbs.
Juan Diego Betanzos Valencia
 

More Related Content

What's hot

Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Ajin Abraham
 
Secure Android Apps- nVisium Security
Secure Android Apps- nVisium SecuritySecure Android Apps- nVisium Security
Secure Android Apps- nVisium Security
Jack Mannino
 
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixReducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at Netflix
SBWebinars
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityCygnet Infotech
 
Security testing in mobile applications
Security testing in mobile applicationsSecurity testing in mobile applications
Security testing in mobile applications
Jose Manuel Ortega Candel
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Idexcel Technologies
 
Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.
VodqaBLR
 
The curious case of mobile app security.pptx
The curious case of mobile app security.pptxThe curious case of mobile app security.pptx
The curious case of mobile app security.pptx
Ankit Giri
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
Cláudio André
 
SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101
Wade Malone
 
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposedStephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
NoNameCon
 
API Security with Postman and Qualys
API Security with Postman and QualysAPI Security with Postman and Qualys
API Security with Postman and Qualys
Postman
 
Bangcle en-game
Bangcle en-gameBangcle en-game
Bangcle en-gameJay Li
 
Qark DefCon 23
Qark DefCon 23Qark DefCon 23
Qark DefCon 23
☠Tony Trummer☠
 
Andriod Pentesting and Malware Analysis
Andriod Pentesting and Malware AnalysisAndriod Pentesting and Malware Analysis
Andriod Pentesting and Malware Analysis
n|u - The Open Security Community
 
Apteligent - Choosing the Right SDKs to Optimize App Performance
Apteligent - Choosing the Right SDKs to Optimize App PerformanceApteligent - Choosing the Right SDKs to Optimize App Performance
Apteligent - Choosing the Right SDKs to Optimize App Performance
Apteligent
 
Why 'positive security' is a software security game changer
Why 'positive security' is a software security game changerWhy 'positive security' is a software security game changer
Why 'positive security' is a software security game changer
Jaap Karan Singh
 
Mobile application security Guidelines
Mobile application security GuidelinesMobile application security Guidelines
Mobile application security Guidelines
Entersoft Security
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Alan Kan
 

What's hot (20)

Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
 
Mobile Apps Security Testing -3
Mobile Apps Security Testing -3Mobile Apps Security Testing -3
Mobile Apps Security Testing -3
 
Secure Android Apps- nVisium Security
Secure Android Apps- nVisium SecuritySecure Android Apps- nVisium Security
Secure Android Apps- nVisium Security
 
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixReducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at Netflix
 
Challenges in Testing Mobile App Security
Challenges in Testing Mobile App SecurityChallenges in Testing Mobile App Security
Challenges in Testing Mobile App Security
 
Security testing in mobile applications
Security testing in mobile applicationsSecurity testing in mobile applications
Security testing in mobile applications
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
 
Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.Dynamic Security Analysis & Static Security Analysis for Android Apps.
Dynamic Security Analysis & Static Security Analysis for Android Apps.
 
The curious case of mobile app security.pptx
The curious case of mobile app security.pptxThe curious case of mobile app security.pptx
The curious case of mobile app security.pptx
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
SPI Dynamics web application security 101
SPI Dynamics web application security 101 SPI Dynamics web application security 101
SPI Dynamics web application security 101
 
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposedStephanie Vanroelen - Mobile Anti-Virus apps exposed
Stephanie Vanroelen - Mobile Anti-Virus apps exposed
 
API Security with Postman and Qualys
API Security with Postman and QualysAPI Security with Postman and Qualys
API Security with Postman and Qualys
 
Bangcle en-game
Bangcle en-gameBangcle en-game
Bangcle en-game
 
Qark DefCon 23
Qark DefCon 23Qark DefCon 23
Qark DefCon 23
 
Andriod Pentesting and Malware Analysis
Andriod Pentesting and Malware AnalysisAndriod Pentesting and Malware Analysis
Andriod Pentesting and Malware Analysis
 
Apteligent - Choosing the Right SDKs to Optimize App Performance
Apteligent - Choosing the Right SDKs to Optimize App PerformanceApteligent - Choosing the Right SDKs to Optimize App Performance
Apteligent - Choosing the Right SDKs to Optimize App Performance
 
Why 'positive security' is a software security game changer
Why 'positive security' is a software security game changerWhy 'positive security' is a software security game changer
Why 'positive security' is a software security game changer
 
Mobile application security Guidelines
Mobile application security GuidelinesMobile application security Guidelines
Mobile application security Guidelines
 
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...Discovering the Value of Verifying Web Application Security Using IBM Rationa...
Discovering the Value of Verifying Web Application Security Using IBM Rationa...
 

Viewers also liked

Student 1
Student 1Student 1
Student 1
alvaro100500
 
Irregular verbs.
Irregular verbs.Irregular verbs.
Irregular verbs.
Juan Diego Betanzos Valencia
 
How cocoapods can enhance your iOS development - Amir Hayek, Toluna
How cocoapods can enhance your iOS development - Amir Hayek, TolunaHow cocoapods can enhance your iOS development - Amir Hayek, Toluna
How cocoapods can enhance your iOS development - Amir Hayek, Toluna
Codemotion Tel Aviv
 
Stars Wars - A Business Analysis Report on the Amaya Online Poker Crisis
Stars Wars - A Business Analysis Report on the Amaya Online Poker CrisisStars Wars - A Business Analysis Report on the Amaya Online Poker Crisis
Stars Wars - A Business Analysis Report on the Amaya Online Poker CrisisLuke Slisz
 
Шоколадная дорога
Шоколадная дорогаШоколадная дорога
Шоколадная дорогаgexarvest
 
Comercialització de Cosmètics als EEUU
Comercialització de Cosmètics als EEUUComercialització de Cosmètics als EEUU
Comercialització de Cosmètics als EEUU
Beauty Cluster Barcelona
 
Digipak making process
Digipak making processDigipak making process
Digipak making process
danielaab17
 
South America Digital Media Marketing 2014- Key Trends & Statistics
South America Digital Media Marketing 2014- Key Trends & Statistics South America Digital Media Marketing 2014- Key Trends & Statistics
South America Digital Media Marketing 2014- Key Trends & Statistics
RAD365 Media Inc
 
Abhilasha Kaushik - HR Executive
Abhilasha Kaushik - HR Executive Abhilasha Kaushik - HR Executive
Abhilasha Kaushik - HR Executive ABHILASHA KAUSHIK
 
Chessboard Puzzles Part 4 - Other Surfaces and Variations
Chessboard Puzzles Part 4 - Other Surfaces and VariationsChessboard Puzzles Part 4 - Other Surfaces and Variations
Chessboard Puzzles Part 4 - Other Surfaces and VariationsDan Freeman
 

Viewers also liked (14)

Student 1
Student 1Student 1
Student 1
 
Irregular verbs.
Irregular verbs.Irregular verbs.
Irregular verbs.
 
How cocoapods can enhance your iOS development - Amir Hayek, Toluna
How cocoapods can enhance your iOS development - Amir Hayek, TolunaHow cocoapods can enhance your iOS development - Amir Hayek, Toluna
How cocoapods can enhance your iOS development - Amir Hayek, Toluna
 
Stars Wars - A Business Analysis Report on the Amaya Online Poker Crisis
Stars Wars - A Business Analysis Report on the Amaya Online Poker CrisisStars Wars - A Business Analysis Report on the Amaya Online Poker Crisis
Stars Wars - A Business Analysis Report on the Amaya Online Poker Crisis
 
Шоколадная дорога
Шоколадная дорогаШоколадная дорога
Шоколадная дорога
 
Comercialització de Cosmètics als EEUU
Comercialització de Cosmètics als EEUUComercialització de Cosmètics als EEUU
Comercialització de Cosmètics als EEUU
 
SLIDESHARE
SLIDESHARESLIDESHARE
SLIDESHARE
 
FFBL 26-11-14
FFBL 26-11-14FFBL 26-11-14
FFBL 26-11-14
 
Digipak making process
Digipak making processDigipak making process
Digipak making process
 
South America Digital Media Marketing 2014- Key Trends & Statistics
South America Digital Media Marketing 2014- Key Trends & Statistics South America Digital Media Marketing 2014- Key Trends & Statistics
South America Digital Media Marketing 2014- Key Trends & Statistics
 
Resume PM
Resume PMResume PM
Resume PM
 
C.V (1)
C.V (1)C.V (1)
C.V (1)
 
Abhilasha Kaushik - HR Executive
Abhilasha Kaushik - HR Executive Abhilasha Kaushik - HR Executive
Abhilasha Kaushik - HR Executive
 
Chessboard Puzzles Part 4 - Other Surfaces and Variations
Chessboard Puzzles Part 4 - Other Surfaces and VariationsChessboard Puzzles Part 4 - Other Surfaces and Variations
Chessboard Puzzles Part 4 - Other Surfaces and Variations
 

Similar to Android App Security Solution

Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest Version
Subho Halder
 
Android security - an enterprise perspective
Android security - an enterprise perspectiveAndroid security - an enterprise perspective
Android security - an enterprise perspective
Pietro F. Maggi
 
Android App Development - Factors to be Considered Before Outsourcing
Android App Development - Factors to be Considered Before OutsourcingAndroid App Development - Factors to be Considered Before Outsourcing
Android App Development - Factors to be Considered Before Outsourcing
Sara Suarez
 
OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017
TecsyntSolutions
 
Web Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowWeb Application Security - Everything You Should Know
Web Application Security - Everything You Should Know
Narola Infotech
 
Introduction to Secure Coding Checker
Introduction to Secure Coding Checker Introduction to Secure Coding Checker
Introduction to Secure Coding Checker
Yoshinori Iwano
 
2018 android-security-udacity-morrison chang
2018 android-security-udacity-morrison chang2018 android-security-udacity-morrison chang
2018 android-security-udacity-morrison chang
mjchang
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
Subho Halder
 
Top Practices You Need To Develop Secure Mobile Apps.
Top Practices You Need To Develop Secure Mobile Apps.Top Practices You Need To Develop Secure Mobile Apps.
Top Practices You Need To Develop Secure Mobile Apps.
Techugo
 
Tips of Mobile Application Security
Tips of Mobile Application SecurityTips of Mobile Application Security
Tips of Mobile Application Security
Marie Weaver
 
Tips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdfTips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdf
FuGenx Technologies
 
Appaloosa & AppDome: deploy & protect mobile applications
Appaloosa & AppDome: deploy & protect mobile applicationsAppaloosa & AppDome: deploy & protect mobile applications
Appaloosa & AppDome: deploy & protect mobile applications
Julien Ott
 
How to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdfHow to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdf
venkatprasadvadla1
 
Appknox Enterprise Offerings
Appknox Enterprise OfferingsAppknox Enterprise Offerings
Appknox Enterprise Offerings
Appknox
 
六合彩香港-六合彩
六合彩香港-六合彩六合彩香港-六合彩
六合彩香港-六合彩
baoyin
 
7 Steps to Boosting Your App Security in 2022
7 Steps to Boosting Your App Security in 20227 Steps to Boosting Your App Security in 2022
7 Steps to Boosting Your App Security in 2022
Cerebrum Infotech
 
How Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile DevicesHow Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile Devices
Skycure
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
lior mazor
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
Alan Kan
 
apidays LIVE Singapore 2021 - Why verifying user identity Is not enough In 20...
apidays LIVE Singapore 2021 - Why verifying user identity Is not enough In 20...apidays LIVE Singapore 2021 - Why verifying user identity Is not enough In 20...
apidays LIVE Singapore 2021 - Why verifying user identity Is not enough In 20...
apidays
 

Similar to Android App Security Solution (20)

Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest Version
 
Android security - an enterprise perspective
Android security - an enterprise perspectiveAndroid security - an enterprise perspective
Android security - an enterprise perspective
 
Android App Development - Factors to be Considered Before Outsourcing
Android App Development - Factors to be Considered Before OutsourcingAndroid App Development - Factors to be Considered Before Outsourcing
Android App Development - Factors to be Considered Before Outsourcing
 
OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017
 
Web Application Security - Everything You Should Know
Web Application Security - Everything You Should KnowWeb Application Security - Everything You Should Know
Web Application Security - Everything You Should Know
 
Introduction to Secure Coding Checker
Introduction to Secure Coding Checker Introduction to Secure Coding Checker
Introduction to Secure Coding Checker
 
2018 android-security-udacity-morrison chang
2018 android-security-udacity-morrison chang2018 android-security-udacity-morrison chang
2018 android-security-udacity-morrison chang
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
 
Top Practices You Need To Develop Secure Mobile Apps.
Top Practices You Need To Develop Secure Mobile Apps.Top Practices You Need To Develop Secure Mobile Apps.
Top Practices You Need To Develop Secure Mobile Apps.
 
Tips of Mobile Application Security
Tips of Mobile Application SecurityTips of Mobile Application Security
Tips of Mobile Application Security
 
Tips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdfTips To Protect Your Mobile App from Hackers.pdf
Tips To Protect Your Mobile App from Hackers.pdf
 
Appaloosa & AppDome: deploy & protect mobile applications
Appaloosa & AppDome: deploy & protect mobile applicationsAppaloosa & AppDome: deploy & protect mobile applications
Appaloosa & AppDome: deploy & protect mobile applications
 
How to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdfHow to Build Secure Mobile Apps.pdf
How to Build Secure Mobile Apps.pdf
 
Appknox Enterprise Offerings
Appknox Enterprise OfferingsAppknox Enterprise Offerings
Appknox Enterprise Offerings
 
六合彩香港-六合彩
六合彩香港-六合彩六合彩香港-六合彩
六合彩香港-六合彩
 
7 Steps to Boosting Your App Security in 2022
7 Steps to Boosting Your App Security in 20227 Steps to Boosting Your App Security in 2022
7 Steps to Boosting Your App Security in 2022
 
How Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile DevicesHow Healthcare CISOs Can Secure Mobile Devices
How Healthcare CISOs Can Secure Mobile Devices
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
 
apidays LIVE Singapore 2021 - Why verifying user identity Is not enough In 20...
apidays LIVE Singapore 2021 - Why verifying user identity Is not enough In 20...apidays LIVE Singapore 2021 - Why verifying user identity Is not enough In 20...
apidays LIVE Singapore 2021 - Why verifying user identity Is not enough In 20...
 

Recently uploaded

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
CatarinaPereira64715
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 

Recently uploaded (20)

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 

Android App Security Solution

  • 1. Sales Contact: Jayson.Li@secneo.com or Nicole.Ban@secneo.com Dedicate to Mobile APP Security By Jayson Li 2014-11-25 www.secneo.com
  • 2. About BANGCLE By Oct. 2014: 240,000 Android Apps 30,000 Mobile Developers 300,000,000 Smartphones 2010-5 series A round from IDG 2014-5 series C round from SIG  Certified Mobile Firewall Product Vendor in China  IEEE ICSG member  Member of ANVA  Certified Android App Security Vendor in China 2013-4 series B round from IDG、Redpoint
  • 3. 【Running Env. Security】 VMware 【App Security】 BANGCLE 【Device Security】 Symantec, MacAfee, Kaspersky
  • 4. Change paid to free App Malicious App payment creation Virus injection Remove/bypass security setting App Repack Plugin illegal Ads Remove Ads Illegal App localization
  • 5. Evaluation AppShield App Release App Monitor App Management Statistic/BI Before releasing security evaluation and shielding APP Distribution Management Programming Security Source Code Protection Fishing App Monitoring App Management •Data collection •Environment monitor •Security Early Warning •Message Pushing Penetration Report Code Auditing Report App Distribution Report Competitor Report Piracy Monitoring App Monitor/Early warning Assist to upload to download sites Pirated/fishing App Removing Data Security Environment Security Business Security Storage Protection Data Protection Protocol Protection Environment Monitoring
  • 6. Source Code Audit (White-box) App Penetration Service (Black-Box)
  • 7.  Symmetric Encryption  White-box cryptography + AES technology  USA federal government standard  IBM, Arxan, InterTrust etc
  • 8. Hack Technology Current Solution on Android Platform Bangcle Defend Best Practices on Android Reverse Engineering  Code obfuscation  Code Encryption Anti Reverse Engineering  App Integrity Check Anti tampering Debugging N/A  Anti-Debugging Low level trap detection Memory monitoring and detection  Self Protection Reactivate when App is compromised Illegal Data Copy  Encrypt key can be easy found by disassemble Apk  Transparent Strong Encryption Combined with code encryption Encrypt key secured by white-box technology  Bind IMEI with Encrypt key Prevent data file being copied out
  • 9.
  • 10. Mobile App Game Developers Black-Box Mobile Banking App Developers Cloud USA 5 – 10 Minutes No code change needed Upload App Cloud Shielding (5-10 minutes) Download App Sign Apps -> Test -> Release
  • 11. V0.5 Code Obfuscation VS. JAVA Class Loader Competitors VS. JAVA VM VS. CPU VIM SO Protection Local Data Protection Unity Script Protection VS. BANGCLE
  • 12. Crawlers Data Analysis Data Storage App Similarity Analysis Engine Report Generator APK 310 Download site Information App Distribution Monitor Report Web
  • 13. Secured Soft Keyboard SDK Anti-Game Cheats SDK
  • 14.
  • 15.
  • 16. Question 1 : What are AppShield impact to App performance and compatibility? Answer: Result from over 30,000 App and 150 different smartphones in China, USA, EU, Japan, Korea, HK, TW  Apk size increased 800k - 2000k depend on App and security levels  CPU usage increase 2% ~ 8%  Memory usage increase 4% ~ 10%  APP start up time increase 0.1s ~ 0.9s  No compatibility issue for majority brand cellphones  Support ARM, x86
  • 17. Question 2 : How long it will take us to shield an App? Answer: Within 15 minutes. However, normal processing time is less than 10 minutes include virus scan service Question 3 : Can you secure Apk SO, log, audio and other resource files ? Answer: Yes. We can manually encrypt them Question 4: How can we try it? Answer: Yes. You can try a non commercial version Appshield in www.secneo.com or send your request to Jayson.li@secneo.com for a banking grade security product and service.
  • 18.  You spend millions on App security but still got hacked  Your App has many users but few paying  You spend more money on security issue than paying third party professionals  Your developers spend more time on security than writing codes  Your QA spending over 15% testing time on App security  You have to give up a million-dollars game design because of game security control problem  When you choose game engines, security is the top concern  Your developers think they can defeat Hackers
  • 19. THANK YOU Sales Contact: Jayson.Li@secneo.com or Nicole.Ban@secneo.com www.secneo.com