Leong Hean Hong, a project manager at Stream Media Pte. Ltd., discusses the importance of Android security, particularly for mobile commerce and banking applications. The presentation highlights potential security issues, including personal information theft and code modification attacks, and encourages developers to prioritize security throughout the app development process. Tools like android-apktool are introduced for reverse engineering APK files to analyze vulnerabilities.

1. Android Security Leong Hean Hong 2011-10-01 #geekcampsg

2. Who Am I? Name: Leong Hean Hong Project manager in Stream Media Pte. Ltd. Working on MoVend , an mobile commerce platform for Android, WP7, BlackBerry Member of CodeAndroid Malaysia/Singapore Interested in software security, Android, web development * Looking for passionate developers to work with

3. Why Am I Here? Raise awareness of Android security issues Get developers to think about security before/during/after development

4. Overview Why should I be concerned? Possible attacks Illustration: APK reverse engineering Demo

5. How Are Apps Being Used? Mobile banking (transaction info, transfer $, pay bills) mCommerce (pay for services, purchase virtual/physical goods) Access company resources (email, docs) Access your data/services

6. Possible Issues Steal personal information Steal money Abuse service/system Steal sensitive information

7. Possible Attacks Code modification Social engineering Monitor/tamper network packets Monitor/tamper Android Intent and much, much more

8. Illustration: Reverse Engineering "process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation." - http://bit.ly/qdBNOp Tool: android-apktool ( http://bit.ly/r2AI5R ) analyse APK, decode resource files, output smali ( http://bit.ly/pj7P47 ) code generate APK from smali code + resource files Demo Video: http://vimeo.com/28746669