SlideShare a Scribd company logo

Android security

Download as PPTX, PDF
Midhun P Gopi
Midhun P Gopi
EducationTechnology
1 of 62
Android Security Presentation By, Midhun P G 8th Nov, 2013
WALK THROUGH  Android Basics     Android Security Model            Application Sandboxing Permission Model What is an Android application?     Introduction Versions Android Stack Application Components Manifest file Requesting Permissions Android more secure than IOS?? Multiple Layers of Android security Android Malwares How effective are mobile anti-viruses Android Rooting Android Market Android Application Vulnerability Scanner Toolkit Open Security issues in Android platform Top 7 Vulnerabilities Android Application Developers May Jump Into
Android Basics
There are 4 billion mobile phones among 7 billion people in the world  Android owns the crown among its competitors  The use of smartphones for financial transactions and storing private information is increasing  Losing the mobile phone is more worse than losing wallets  Securing the data residing in mobiles is of prime importance. 
Android uses a kind of UNIX sandboxing method to run its applications  Applications uses IPC mechanisms to communicate among each other  These IPC mechanisms uses concept of endpoints  All the configuration parameters and the security parameters of an application are defined in a file called AndroidManifest.xml 
ANDROID VERSIONS
ANDROID SOFTWARE STACK
Android Security Model
 Unix Sandboxing  Each application have its own user name and memory space  One app cannot access resources of other app  Android permission enforcement
Android permissions protect -- Access to sensitive APIs -- Access to content providers -- Inter- and intra-application communication
What is an Android Application…?
WHAT IS AN ANDROID APPLICATION…?  Android applications are composed of one or more application components Activities  Services  Broadcast Receivers  Content Providers  Each component performs a different role in the overall application behavior, and each one can be activated individually (even by other applications)  The manifest file must declare all components in the application and should also declare all application requirements. 
ACTIVITIES
SERVICES
BROADCAST RECEIVERS
CONTENT PROVIDERS
INTENTS & INTENT FILTERS
MANIFEST FILE
COMPONENT PERMISSION  Components can be made accessible to other applications (exported) or be made private Default is private   Converted to public when component is registered to receive an implicit intents    Components can be protected by permission
REQUESTING PERMISSIONS
Android more secure than IOS??
Eric Schmidt made a comment that Android is more secure than IOS.
The comment only prompted laughter from the crowd
 Google backed up their chairman, stating that only 0.001% of installed apps are malicious.  They provided data for it.
Multiple Layers of Android security
Android Malwares
Android Is Secure...Users Aren‘t  Google can't count malware it doesn't see  Android has defenses...to protect itself, not your data  Many of Android's defenses are bypassed with a few taps, or by users  unauthorized sources  Rooting  What else.. ? 
How effective are mobile anti-viruses…?
 No, Mobile Anti-Malware Utilities for Android are Not Perfect, or Even the Same Protection You Get on the Desktop  You can't just install a mobile security suite on your Android phone and assume you'll be safe regardless of what you do.  The real weapon you have against Android malware is common sense.
How Do You Protect Yourself…?
LEARN TO TELL IF AN ANDROID APP IS MALWARE BEFORE YOU INSTALL IT  Take a look at app store reviews  Pay attention to the permissions an app requests  Check the developer's other apps  Don't install applications from unusual or suspicious sources  Keep a close watch on SMS and data activity
ANDROID ROOTING
 Android rooting is the process of allowing users of smartphones, tablets, and other devices running the Android mobile operating system to attain privileged control (known as "root access") within Android's subsystem.
GENERAL ROOTING TERMS Root  ROM  Kernel  Flash  Brick  Bootloader  Recovery  ADB 
"Rooting" vs. "jailbreaking"
 In the tightly-controlled iOS world, technical restrictions prevent installing or booting into a modified or entirely new operating system (a "locked bootloader" prevents this)  sideloading unsigned applications onto the device  user-installed apps from having root privileges (and are run in a secure sandboxed environment)   Bypassing all these restrictions together constitute the expansive term "jailbreaking" of Apple devices
Android Market
OPEN SECURITY ISSUES IN ANDROID PLATFORM
OPEN SECURITY ISSUES    Malicious Applications  Rooting Exploits  SMS Fraud  Rapid Malware Production Dynamic Analysis  Sandbox  Real-time Monitoring  Mobile Specific Features Static Analysis  Permissions  Data Flow  Control Flow  Browser Attacks  Phishing  Click Through  Mobile Botnets  Epidemic Spread  Attacking Network Services  Tracking Uninfected Devices  User Education  Ignoring Permissions  Phishing  Improperly Rooting Devices  Alternative Markets
OTHER OPEN PROBLEMS  Hard to separate malicious code from benign  Poor Application Verification  Obfuscation  Dynamic code loading  Limited availability of tools  Repackaging  Resources for Understanding Android Security
TOP 7 VULNERABILITIES ANDROID APPLICATION DEVELOPERS JUMP INTO Unauthorized Intent Receipt  Intent Spoofing  Insecure Storage  Insecure Network Communication  SQL Injection  Over Privileged Applications  Persistent Messages: Sticky Broadcasts 
SOME SOLUTIONS… Bouncer  Taintdroid  Droidbox  Mercury Framework  Androguard  Apktool  Dex2Jar  Dexdump  … and much more … 
ANDROID APPLICATION VULNERABILITY SCANNER TOOLKIT
 Vulnerabilities in Android applications Intent Spoofing (Confused-deputy Vulnerability)  Insecure Storage (Cross-application Data Stealing Vulnerability)  Over Privileged Applications  Debuggable Applications  No tool available for finding and fixing vulnerabilities in Android applications  Sensitive user data is getting leaked due to insecure applications 
 http://securityresearch.in/index.php/mobile/androidapplication-vulnerability-scanner-toolkit
SOME TIPS TO KEEP YOUR DATA SECURE  Always use encryption (whatsapp)  Never download apps from unsolicited emails and texts (malware)  Always check apps permissions (confused-deputy attacks, malware)  Monitor your data and messages
Android security
Android security

Recommended

Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
Android security
Android securityAndroid security
Android securityMobile Rtpl
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 
Android Security
Android SecurityAndroid Security
Android SecuritySuminda Gunawardhana
 
OWASP Top 10 for Mobile
OWASP Top 10 for MobileOWASP Top 10 for Mobile
OWASP Top 10 for MobileAppvigil - Mobile App Security Scanner
 
mobile application security
mobile application securitymobile application security
mobile application security-jyothish kumar sirigidi
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityIshan Girdhar
 

Recommended

Android Security
Android SecurityAndroid Security
Android SecurityArqum Ahmad
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
Android security
Android securityAndroid security
Android securityMobile Rtpl
 
Understanding android security model
Understanding android security modelUnderstanding android security model
Understanding android security modelPragati Rai
 
Android Security
Android SecurityAndroid Security
Android SecuritySuminda Gunawardhana
 
OWASP Top 10 for Mobile
OWASP Top 10 for MobileOWASP Top 10 for Mobile
OWASP Top 10 for MobileAppvigil - Mobile App Security Scanner
 
mobile application security
mobile application securitymobile application security
mobile application security-jyothish kumar sirigidi
 
Mobile Application Security
Mobile Application SecurityMobile Application Security
Mobile Application SecurityIshan Girdhar
 
Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
Mobile security
Mobile securityMobile security
Mobile securitypriyanka pandey
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modellingn|u - The Open Security Community
 
Scanning web vulnerabilities
Scanning web vulnerabilitiesScanning web vulnerabilities
Scanning web vulnerabilitiesMohit Dholakiya
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 
Android Hacking
Android HackingAndroid Hacking
Android Hackingantitree
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamMohammed Adam
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Ajin Abraham
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityMarketingArrowECS_CZ
 
Introduction to Android development - Presentation
Introduction to Android development - PresentationIntroduction to Android development - Presentation
Introduction to Android development - PresentationAtul Panjwani
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android SecurityAsanka Dilruk
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Hacking Android OS
Hacking Android OSHacking Android OS
Hacking Android OSJimmy Software
 
OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017TecsyntSolutions
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting Sina Manavi
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Mobile security part 1(Android Apps Pentesting)- Romansh yadav
Mobile security part 1(Android Apps Pentesting)- Romansh yadavMobile security part 1(Android Apps Pentesting)- Romansh yadav
Mobile security part 1(Android Apps Pentesting)- Romansh yadavRomansh Yadav
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityNowSecure
 
Android PPT Presentation 2018
Android PPT Presentation 2018Android PPT Presentation 2018
Android PPT Presentation 2018Rao Purna
 
Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android SecurityMarakana Inc.
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on androidRavishankar Kumar
 

More Related Content

What's hot

Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration TestingSubho Halder
 
Scanning web vulnerabilities
Scanning web vulnerabilitiesScanning web vulnerabilities
Scanning web vulnerabilitiesMohit Dholakiya
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 
Android Hacking
Android HackingAndroid Hacking
Android Hackingantitree
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamMohammed Adam
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Ajin Abraham
 
Introduction to Android development - Presentation
Introduction to Android development - PresentationIntroduction to Android development - Presentation
Introduction to Android development - PresentationAtul Panjwani
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android SecurityAsanka Dilruk
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017TecsyntSolutions
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting Sina Manavi
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Mobile security part 1(Android Apps Pentesting)- Romansh yadav
Mobile security part 1(Android Apps Pentesting)- Romansh yadavMobile security part 1(Android Apps Pentesting)- Romansh yadav
Mobile security part 1(Android Apps Pentesting)- Romansh yadavRomansh Yadav
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityNowSecure
 
Android PPT Presentation 2018
Android PPT Presentation 2018Android PPT Presentation 2018
Android PPT Presentation 2018Rao Purna
 

What's hot (20)

Android Security & Penetration Testing
Android Security & Penetration TestingAndroid Security & Penetration Testing
Android Security & Penetration Testing
 
Mobile security
Mobile securityMobile security
Mobile security
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
 
Scanning web vulnerabilities
Scanning web vulnerabilitiesScanning web vulnerabilities
Scanning web vulnerabilities
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
Android Hacking
Android HackingAndroid Hacking
Android Hacking
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed Adam
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
Introduction to Android development - Presentation
Introduction to Android development - PresentationIntroduction to Android development - Presentation
Introduction to Android development - Presentation
 
Understanding Android Security
Understanding Android SecurityUnderstanding Android Security
Understanding Android Security
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Hacking Android OS
Hacking Android OSHacking Android OS
Hacking Android OS
 
OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
Mobile security part 1(Android Apps Pentesting)- Romansh yadav
Mobile security part 1(Android Apps Pentesting)- Romansh yadavMobile security part 1(Android Apps Pentesting)- Romansh yadav
Mobile security part 1(Android Apps Pentesting)- Romansh yadav
 
The fundamentals of Android and iOS app security
The fundamentals of Android and iOS app securityThe fundamentals of Android and iOS app security
The fundamentals of Android and iOS app security
 
Android PPT Presentation 2018
Android PPT Presentation 2018Android PPT Presentation 2018
Android PPT Presentation 2018
 

Viewers also liked

Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android SecurityMarakana Inc.
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on androidRavishankar Kumar
 
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionTandhy Simanjuntak
 
Android Security - Common Security Pitfalls in Android Applications
Android Security - Common Security Pitfalls in Android ApplicationsAndroid Security - Common Security Pitfalls in Android Applications
Android Security - Common Security Pitfalls in Android ApplicationsBlrDroid
 
Presentation on Android operating system
Presentation on Android operating systemPresentation on Android operating system
Presentation on Android operating systemSalma Begum
 
Android Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android ApplicationsAndroid Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android Applicationsh4oxer
 
Android security model
Android security modelAndroid security model
Android security modelrrand1
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depthSander Alberink
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security WorkshopOWASP
 
Security threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsSecurity threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsHariharan Ganesan
 
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...Cheng-Yi Yu
 
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthinkspa
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development Cheng-Yi Yu
 
Testing Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionTesting Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionJose Manuel Ortega Candel
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Developmenthackstuff
 

Viewers also liked (19)

Deep Dive Into Android Security
Deep Dive Into Android SecurityDeep Dive Into Android Security
Deep Dive Into Android Security
 
Analysis and research of system security based on android
Analysis and research of system security based on androidAnalysis and research of system security based on android
Analysis and research of system security based on android
 
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solution
 
Android sandbox
Android sandboxAndroid sandbox
Android sandbox
 
Brief Tour about Android Security
Brief Tour about Android SecurityBrief Tour about Android Security
Brief Tour about Android Security
 
Android Security - Common Security Pitfalls in Android Applications
Android Security - Common Security Pitfalls in Android ApplicationsAndroid Security - Common Security Pitfalls in Android Applications
Android Security - Common Security Pitfalls in Android Applications
 
Presentation on Android operating system
Presentation on Android operating systemPresentation on Android operating system
Presentation on Android operating system
 
Android ppt
Android ppt Android ppt
Android ppt
 
Android Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android ApplicationsAndroid Security Overview and Safe Practices for Web-Based Android Applications
Android Security Overview and Safe Practices for Web-Based Android Applications
 
Android security model
Android security modelAndroid security model
Android security model
 
Android security in depth
Android security in depthAndroid security in depth
Android security in depth
 
Android system security
Android system securityAndroid system security
Android system security
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop
 
Security threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsSecurity threats in Android OS + App Permissions
Security threats in Android OS + App Permissions
 
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
Android Security Development - Part 2: Malicious Android App Dynamic Analyzi...
 
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development
 
Testing Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam editionTesting Android Security Codemotion Amsterdam edition
Testing Android Security Codemotion Amsterdam edition
 
Android Security Development
Android Security DevelopmentAndroid Security Development
Android Security Development
 

Similar to Android security

Secure Android Apps- nVisium Security
Secure Android Apps- nVisium SecuritySecure Android Apps- nVisium Security
Secure Android Apps- nVisium SecurityJack Mannino
 
Android open-source operating System for mobile devices
Android open-source operating System for mobile devicesAndroid open-source operating System for mobile devices
Android open-source operating System for mobile devicesIOSR Journals
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecuritySubho Halder
 
Security models of modern mobile systems
Security models of modern mobile systemsSecurity models of modern mobile systems
Security models of modern mobile systemsDivya Raval
 
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSBETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSPurna Bhat
 
Mobile security
Mobile securityMobile security
Mobile securityStefaan
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSubho Halder
 
Malicious android-applications-risks-exploitation 33578
Malicious android-applications-risks-exploitation 33578Malicious android-applications-risks-exploitation 33578
Malicious android-applications-risks-exploitation 33578skowshik
 
Research in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacksResearch in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacksJPINFOTECH JAYAPRAKASH
 
Comparing Security- iOS vs Android.pdf
Comparing Security- iOS vs Android.pdfComparing Security- iOS vs Android.pdf
Comparing Security- iOS vs Android.pdfTechugo
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISijitcs
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applicationsGTestClub
 
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Subho Halder
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistJignesh Solanki
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationLumension
 

Similar to Android security (20)

Secure Android Apps- nVisium Security
Secure Android Apps- nVisium SecuritySecure Android Apps- nVisium Security
Secure Android Apps- nVisium Security
 
Android open-source operating System for mobile devices
Android open-source operating System for mobile devicesAndroid open-source operating System for mobile devices
Android open-source operating System for mobile devices
 
Unicom Conference - Mobile Application Security
Unicom Conference - Mobile Application SecurityUnicom Conference - Mobile Application Security
Unicom Conference - Mobile Application Security
 
OS-Project-Report-Team-8
OS-Project-Report-Team-8OS-Project-Report-Team-8
OS-Project-Report-Team-8
 
Security models of modern mobile systems
Security models of modern mobile systemsSecurity models of modern mobile systems
Security models of modern mobile systems
 
BETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoSBETTER- Threat Whitepaper- PoS
BETTER- Threat Whitepaper- PoS
 
Android security
Android securityAndroid security
Android security
 
Android security
Android securityAndroid security
Android security
 
Ios vs android
Ios vs androidIos vs android
Ios vs android
 
Mobile security
Mobile securityMobile security
Mobile security
 
Securing Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest VersionSecuring Mobile Apps - Appfest Version
Securing Mobile Apps - Appfest Version
 
Malicious android-applications-risks-exploitation 33578
Malicious android-applications-risks-exploitation 33578Malicious android-applications-risks-exploitation 33578
Malicious android-applications-risks-exploitation 33578
 
Research in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacksResearch in progress defending android smartphones from malware attacks
Research in progress defending android smartphones from malware attacks
 
Comparing Security- iOS vs Android.pdf
Comparing Security- iOS vs Android.pdfComparing Security- iOS vs Android.pdf
Comparing Security- iOS vs Android.pdf
 
Untitled 1
Untitled 1Untitled 1
Untitled 1
 
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSISANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
ANDROID UNTRUSTED DETECTION WITH PERMISSION BASED SCORING ANALYSIS
 
Security testing of mobile applications
Security testing of mobile applicationsSecurity testing of mobile applications
Security testing of mobile applications
 
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
 
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate InformationTop 10 Things to Secure on iOS and Android to Protect Corporate Information
Top 10 Things to Secure on iOS and Android to Protect Corporate Information
 

Recently uploaded

Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 

Recently uploaded (20)

Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 

Android security

  • 2. WALK THROUGH  Android Basics     Android Security Model            Application Sandboxing Permission Model What is an Android application?     Introduction Versions Android Stack Application Components Manifest file Requesting Permissions Android more secure than IOS?? Multiple Layers of Android security Android Malwares How effective are mobile anti-viruses Android Rooting Android Market Android Application Vulnerability Scanner Toolkit Open Security issues in Android platform Top 7 Vulnerabilities Android Application Developers May Jump Into
  • 4. There are 4 billion mobile phones among 7 billion people in the world  Android owns the crown among its competitors  The use of smartphones for financial transactions and storing private information is increasing  Losing the mobile phone is more worse than losing wallets  Securing the data residing in mobiles is of prime importance. 
  • 5. Android uses a kind of UNIX sandboxing method to run its applications  Applications uses IPC mechanisms to communicate among each other  These IPC mechanisms uses concept of endpoints  All the configuration parameters and the security parameters of an application are defined in a file called AndroidManifest.xml 
  • 9.  Unix Sandboxing  Each application have its own user name and memory space  One app cannot access resources of other app  Android permission enforcement
  • 10.
  • 11.
  • 12. Android permissions protect -- Access to sensitive APIs -- Access to content providers -- Inter- and intra-application communication
  • 13. What is an Android Application…?
  • 14. WHAT IS AN ANDROID APPLICATION…?  Android applications are composed of one or more application components Activities  Services  Broadcast Receivers  Content Providers  Each component performs a different role in the overall application behavior, and each one can be activated individually (even by other applications)  The manifest file must declare all components in the application and should also declare all application requirements. 
  • 15.
  • 20. INTENTS & INTENT FILTERS
  • 22. COMPONENT PERMISSION  Components can be made accessible to other applications (exported) or be made private Default is private   Converted to public when component is registered to receive an implicit intents    Components can be protected by permission
  • 24. Android more secure than IOS??
  • 25.
  • 26. Eric Schmidt made a comment that Android is more secure than IOS.
  • 27. The comment only prompted laughter from the crowd
  • 28.  Google backed up their chairman, stating that only 0.001% of installed apps are malicious.  They provided data for it.
  • 29. Multiple Layers of Android security
  • 30.
  • 31.
  • 33.
  • 34. Android Is Secure...Users Aren‘t  Google can't count malware it doesn't see  Android has defenses...to protect itself, not your data  Many of Android's defenses are bypassed with a few taps, or by users  unauthorized sources  Rooting  What else.. ? 
  • 35. How effective are mobile anti-viruses…?
  • 36.  No, Mobile Anti-Malware Utilities for Android are Not Perfect, or Even the Same Protection You Get on the Desktop  You can't just install a mobile security suite on your Android phone and assume you'll be safe regardless of what you do.  The real weapon you have against Android malware is common sense.
  • 37. How Do You Protect Yourself…?
  • 38. LEARN TO TELL IF AN ANDROID APP IS MALWARE BEFORE YOU INSTALL IT  Take a look at app store reviews  Pay attention to the permissions an app requests  Check the developer's other apps  Don't install applications from unusual or suspicious sources  Keep a close watch on SMS and data activity
  • 40.  Android rooting is the process of allowing users of smartphones, tablets, and other devices running the Android mobile operating system to attain privileged control (known as "root access") within Android's subsystem.
  • 41. GENERAL ROOTING TERMS Root  ROM  Kernel  Flash  Brick  Bootloader  Recovery  ADB 
  • 43.  In the tightly-controlled iOS world, technical restrictions prevent installing or booting into a modified or entirely new operating system (a "locked bootloader" prevents this)  sideloading unsigned applications onto the device  user-installed apps from having root privileges (and are run in a secure sandboxed environment)   Bypassing all these restrictions together constitute the expansive term "jailbreaking" of Apple devices
  • 45. OPEN SECURITY ISSUES IN ANDROID PLATFORM
  • 46. OPEN SECURITY ISSUES    Malicious Applications  Rooting Exploits  SMS Fraud  Rapid Malware Production Dynamic Analysis  Sandbox  Real-time Monitoring  Mobile Specific Features Static Analysis  Permissions  Data Flow  Control Flow  Browser Attacks  Phishing  Click Through  Mobile Botnets  Epidemic Spread  Attacking Network Services  Tracking Uninfected Devices  User Education  Ignoring Permissions  Phishing  Improperly Rooting Devices  Alternative Markets
  • 47. OTHER OPEN PROBLEMS  Hard to separate malicious code from benign  Poor Application Verification  Obfuscation  Dynamic code loading  Limited availability of tools  Repackaging  Resources for Understanding Android Security
  • 48. TOP 7 VULNERABILITIES ANDROID APPLICATION DEVELOPERS JUMP INTO Unauthorized Intent Receipt  Intent Spoofing  Insecure Storage  Insecure Network Communication  SQL Injection  Over Privileged Applications  Persistent Messages: Sticky Broadcasts 
  • 49. SOME SOLUTIONS… Bouncer  Taintdroid  Droidbox  Mercury Framework  Androguard  Apktool  Dex2Jar  Dexdump  … and much more … 
  • 51.  Vulnerabilities in Android applications Intent Spoofing (Confused-deputy Vulnerability)  Insecure Storage (Cross-application Data Stealing Vulnerability)  Over Privileged Applications  Debuggable Applications  No tool available for finding and fixing vulnerabilities in Android applications  Sensitive user data is getting leaked due to insecure applications 
  • 52.
  • 53.
  • 54.
  • 55.
  • 56.
  • 57.
  • 58.
  • 60. SOME TIPS TO KEEP YOUR DATA SECURE  Always use encryption (whatsapp)  Never download apps from unsolicited emails and texts (malware)  Always check apps permissions (confused-deputy attacks, malware)  Monitor your data and messages