Android Security Leong Hean Hong 2011-10-01 #geekcampsg
Who Am I? Name: Leong Hean Hong Project manager in Stream Media Pte. Ltd. Working on  MoVend , an mobile commerce platform for Android, WP7, BlackBerry Member of CodeAndroid Malaysia/Singapore Interested in software security, Android, web development * Looking for  passionate  developers to work with
Why Am I Here? Raise awareness of Android security issues Get developers to think about security  before/during/after  development
Overview Why should I be concerned? Possible attacks Illustration: APK reverse engineering Demo
How Are Apps Being Used? Mobile banking (transaction info, transfer $, pay bills) mCommerce (pay for services, purchase virtual/physical goods) Access company resources (email, docs) Access your data/services
Possible Issues Steal personal information Steal money Abuse service/system Steal sensitive information
Possible Attacks Code modification Social engineering Monitor/tamper network packets Monitor/tamper Android Intent and much, much more
Illustration: Reverse Engineering "process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation." -  http://bit.ly/qdBNOp Tool: android-apktool ( http://bit.ly/r2AI5R ) analyse APK, decode resource files, output smali ( http://bit.ly/pj7P47 ) code generate APK from smali code + resource files Demo Video: http://vimeo.com/28746669

Android security

  • 1.
    Android Security LeongHean Hong 2011-10-01 #geekcampsg
  • 2.
    Who Am I?Name: Leong Hean Hong Project manager in Stream Media Pte. Ltd. Working on MoVend , an mobile commerce platform for Android, WP7, BlackBerry Member of CodeAndroid Malaysia/Singapore Interested in software security, Android, web development * Looking for passionate developers to work with
  • 3.
    Why Am IHere? Raise awareness of Android security issues Get developers to think about security before/during/after development
  • 4.
    Overview Why shouldI be concerned? Possible attacks Illustration: APK reverse engineering Demo
  • 5.
    How Are AppsBeing Used? Mobile banking (transaction info, transfer $, pay bills) mCommerce (pay for services, purchase virtual/physical goods) Access company resources (email, docs) Access your data/services
  • 6.
    Possible Issues Stealpersonal information Steal money Abuse service/system Steal sensitive information
  • 7.
    Possible Attacks Codemodification Social engineering Monitor/tamper network packets Monitor/tamper Android Intent and much, much more
  • 8.
    Illustration: Reverse Engineering"process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation." -  http://bit.ly/qdBNOp Tool: android-apktool ( http://bit.ly/r2AI5R ) analyse APK, decode resource files, output smali ( http://bit.ly/pj7P47 ) code generate APK from smali code + resource files Demo Video: http://vimeo.com/28746669