Android security
-
Upload
hean-hong-leong -
Category
Technology
-
view
1.228 -
download
3
description
Transcript of Android security
Android Security
Leong Hean Hong2011-10-01
#geekcampsg
Who Am I?
• Name: Leong Hean Hong• Project manager in Stream Media Pte. Ltd.• Working on MoVend, an mobile commerce platform for
Android, WP7, BlackBerry• Member of CodeAndroid Malaysia/Singapore• Interested in software security, Android, web development
* Looking for passionate developers to work with
Why Am I Here?
• Raise awareness of Android security issues• Get developers to think about security before/during/after
development
Overview
• Why should I be concerned?• Possible attacks• Illustration: APK reverse engineering• Demo
How Are Apps Being Used?
• Mobile banking (transaction info, transfer $, pay bills)• mCommerce (pay for services, purchase virtual/physical
goods)• Access company resources (email, docs)• Access your data/services
Possible Issues
• Steal personal information• Steal money• Abuse service/system• Steal sensitive information
Possible Attacks
• Code modification• Social engineering• Monitor/tamper network packets• Monitor/tamper Android Intent• and much, much more
Illustration: Reverse Engineering
"process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation." - http://bit.ly/qdBNOp
Tool:• android-apktool (http://bit.ly/r2AI5R)
o analyse APK, decode resource files, output smali (http://bit.ly/pj7P47) code
o generate APK from smali code + resource filesDemo Video:• http://vimeo.com/28746669