I just hacked your app! - Marcos Placona - Codemotion Rome 2017
-
Upload
codemotion -
Category
Technology
-
view
86 -
download
1
Transcript of I just hacked your app! - Marcos Placona - Codemotion Rome 2017
![Page 1: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/1.jpg)
I just hacked your app
![Page 2: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/2.jpg)
Watch this
![Page 3: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/3.jpg)
![Page 4: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/4.jpg)
PWNED
![Page 5: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/5.jpg)
Marcos Placona@[email protected]/mplaconaandroidsecurity.info
![Page 6: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/6.jpg)
NOT
![Page 7: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/7.jpg)
![Page 8: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/8.jpg)
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum euismod ipsum et semper vestibulum. In congue, risus ac lobortis commodo, arcu elit congue nisi, et ullamcorper diam quam in est. Quisque nec lectus eget metus pharetra placerat. Quisque nisi lorem, convallis eget lobortis quis, suscipit eu sem. Sed ligula purus, lacinia quis ultrices at, sollicitudin at lacus. Duis porta hendrerit semper. Sed vitae mauris fringilla, porta turpis facilisis, facilisis risus. Integer quis lobortis velit. Vivamus ut placerat ex. Nunc est purus, pretium vitae hendrerit fringilla, molestie at tortor. Vestibulum vel purus et urna hendrerit pretium et quis nunc. Fusce sit amet neque in justo elementum rutrum ut nec metus. Fusce sollicitudin, dui vel molestie aliquam, ligula leo fringilla augue, a luctus quam sem sed tortor. Vivamus mattis nisi purus, sit amet efficitur lectus mollis nec. Etiam consectetur, nisl eu euismod posuere, justo neque vehicula ex, nec lobortis augue neque id mi. Ut aliquam odio ac turpis condimentum porttitor.
Mauris ut est eu sapien tempor congue. Proin ipsum sem, cursus quis magna eu, finibus fringilla nulla. Vestibulum viverra felis ac arcu iaculis condimentum. Aenean mattis magna non ipsum viverra accumsan. Suspendisse potenti. Nam quis dapibus ipsum. Integer at tortor ac neque semper consectetur. Donec vitae mattis felis, quis posuere ante. Curabitur ut magna urna. Suspendisse et est sed sapien fringilla
![Page 9: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/9.jpg)
risus accumsan risus, eu pretium dui dui quis quam. Aenean euismod ligula est, eu elementum dolor fringilla eu. Nulla luctus arcu et egestas ultrices. Quisque dignissim lacinia vehicula. Suspendisse vitae nisl dapibus, dapibus elit quis, efficitur ex. Donec interdum est purus, nec tempor risus sollicitudin tincidunt. Vestibulum accumsan sed libero ut tincidunt.
Interdum et malesuada fames ac ante ipsum primis in faucibus. Vestibulum vitae consectetur ex, vitae viverra felis. Sed vitae imperdiet turpis. Donec eget velit sagittis, hendrerit ante id, aliquet libero. Proin pulvinar ornare consectetur. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Proin consequat tincidunt risus et aliquam. Donec vel vulputate sem, sed ornare lorem. Curabitur a maximus urna, ut blandit tellus.
Suspendisse I haven’t nisl a ultricies semper. Cras really purus mollis vestibulum rhoncus. Sed hacked your orci, imperdiet vitae pharetra app, tincidunt laoreet lacus. Vivamus posuere nisl diam, ut efficitur mauris facilisis vehicula. Vestibulum risus velit, tincidunt a libero a, vestibulum tincidunt orci. Pellentesque in finibus est. Praesent tempus tortor ac magna iaculis, sed cursus quam venenatis. Quisque pharetra euismod auctor.
![Page 10: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/10.jpg)
Sue-y /s(j)uːi/ 1. To become annoyed with someone who broke your toy without permission and want to sue them for that. “Company X got all ‘sue-y’ on me when I hacked their app and showed the world"
![Page 11: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/11.jpg)
![Page 12: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/12.jpg)
![Page 13: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/13.jpg)
![Page 14: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/14.jpg)
Kuba Gretzkihttp://bit.ly/hack4beer
![Page 15: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/15.jpg)
loyalty \ˈlȯi(-ə)l-tē\
![Page 16: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/16.jpg)
loyalty
+ =
![Page 17: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/17.jpg)
loyalty
HTTP Proxy
![Page 18: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/18.jpg)
POST /users/461845f5d03e6c052a43afbc/points Accept: application/json Accept-Language: en-gb X-App-Version: 1.28.0 User-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0.1;) ... Content-Type: application/json; charset=UTF-8 Content-Length: 375 Host: api.eatapp.com Connection: Keep-Alive Accept-Encoding: gzip
{ "authentication_token":"boKUp9vBHNAJp7XbWZCK", "latitude":..., "longitude":..., "point":{ "isDoneByGesture":false, "main_beacon":{ "major":38995, "minor":12702, "uuid":"2C75E74B-41B7-49E3-BD26-CE86B2F569F8" }, "place_id":"450", "promoted_products_ids":[ {"id":"647035946536601578040000"}, {"id":"647035946536601578040000"}, {"id":"647035946536601578050000"} ] } }
![Page 19: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/19.jpg)
POST /users/461845f5d03e6c052a43afbc/points Accept: application/json Accept-Language: en-gb X-App-Version: 1.28.0 User-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0.1;) ... Content-Type: application/json; charset=UTF-8 Content-Length: 375 Host: api.eatapp.com Connection: Keep-Alive Accept-Encoding: gzip
{ "authentication_token":"boKUp9vBHNAJp7XbWZCK", "latitude":..., "longitude":..., "point":{ "isDoneByGesture":false, "main_beacon":{ "major":38995, "minor":12702, "uuid":"2C75E74B-41B7-49E3-BD26-CE86B2F569F8" }, "place_id":"450", "promoted_products_ids":[ {"id":"647035946536601578040000"}, {"id":"647035946536601578040000"}, {"id":"647035946536601578050000"} ] } }
![Page 20: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/20.jpg)
POST /users/461845f5d03e6c052a43afbc/points Accept: application/json Accept-Language: en-gb X-App-Version: 1.28.0 User-Agent: Dalvik/2.1.0 (Linux; U; Android 6.0.1;) ... Content-Type: application/json; charset=UTF-8 Content-Length: 375 Host: api.eatapp.com Connection: Keep-Alive Accept-Encoding: gzip
{ "authentication_token":"boKUp9vBHNAJp7XbWZCK", "latitude":..., "longitude":..., "point":{ "isDoneByGesture":false, "main_beacon":{ "major":38995, "minor":12702, "uuid":"2C75E74B-41B7-49E3-BD26-CE86B2F569F8" }, "place_id":"450", "promoted_products_ids":[ {"id":"647035946536601578040000"}, {"id":"647035946536601578040000"}, {"id":"647035946536601578050000"} ] } }
![Page 21: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/21.jpg)
![Page 22: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/22.jpg)
![Page 23: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/23.jpg)
![Page 24: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/24.jpg)
stop!
![Page 25: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/25.jpg)
• Encrypt all the values • Utilise security features when they exist • Certificate pinning • DO NOT TRUST THE DEVICE
![Page 26: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/26.jpg)
Encrypt all the values
dependencies { compile 'com.scottyab:aescrypt:0.0.1' }
String password = "password"; String message = "hello world"; try { String encryptedMsg = AESCrypt.encrypt(password, message); }catch (GeneralSecurityException e){ //handle error }
String password = "password"; String encryptedMsg = "2B22cS3UC5s35WBihLBo8w=="; try { String messageAfterDecrypt = AESCrypt.decrypt(password, encryptedMsg); }catch (GeneralSecurityException e){ //handle error - could be due to incorrect password or tampered encryptedMsg }
![Page 27: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/27.jpg)
Caveat: Your keys will end up in GitHub
![Page 28: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/28.jpg)
• Encrypt all the values • Utilise security features when they exist • Certificate pinning • DO NOT TRUST THE DEVICE
![Page 29: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/29.jpg)
Utilise security features when they exist
![Page 30: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/30.jpg)
• Encrypt all the values • Utilise security features when they exist • Certificate pinning • DO NOT TRUST THE DEVICE
![Page 31: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/31.jpg)
Certificate pinning
String hostname = "publicobject.com"; CertificatePinner certificatePinner = new CertificatePinner.Builder() .add(hostname, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=") .build(); OkHttpClient client = OkHttpClient.Builder() .certificatePinner(certificatePinner) .build();
Request request = new Request.Builder() .url("https://" + hostname) .build(); client.newCall(request).execute();
http://bit.ly/android-certificate-pinning
![Page 32: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/32.jpg)
Certificate pinning
String hostname = "publicobject.com"; CertificatePinner certificatePinner = new CertificatePinner.Builder() .add(hostname, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=") .build(); OkHttpClient client = OkHttpClient.Builder() .certificatePinner(certificatePinner) .build();
Request request = new Request.Builder() .url("https://" + hostname) .build(); client.newCall(request).execute();
http://bit.ly/android-certificate-pinning
![Page 33: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/33.jpg)
Certificate pinning
String hostname = "publicobject.com"; CertificatePinner certificatePinner = new CertificatePinner.Builder() .add(hostname, "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=") .build(); OkHttpClient client = OkHttpClient.Builder() .certificatePinner(certificatePinner) .build();
Request request = new Request.Builder() .url("https://" + hostname) .build(); client.newCall(request).execute();
http://bit.ly/android-certificate-pinning
![Page 34: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/34.jpg)
• Encrypt all the values • Utilise security features when they exist • Certificate pinning • DO NOT TRUST THE DEVICE
![Page 35: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/35.jpg)
Someone will decompile your app
![Page 36: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/36.jpg)
And when they do…
![Page 37: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/37.jpg)
–Every Developer
“But I need magic strings”
![Page 38: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/38.jpg)
Options
http://bit.ly/SafeKey
EncryptMake sure you encrypt or at least encode them
ServerGet your keys of a server you own
![Page 39: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/39.jpg)
Store in the NDK
http://bit.ly/NDKStorage
![Page 40: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/40.jpg)
start!
![Page 41: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/41.jpg)
• Add tampering detection • Check your app’s signature • Check for rooted device • Check for emulator • Check if the app is debuggable
![Page 42: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/42.jpg)
Tampering detection
// myPackageName should decode at runtime to "com.yourpackagename" // google should decode at runtime to "com.android.vending"; // amazon should decode at runtime to "com.amazon.venezia";
public boolean isHacked(Context context, String myPackageName, String google, String amazon) { //Crooks renamed your app? if (context.getPackageName().compareTo(myPackageName != 0) return true; // BOOM!
//Rogues relocated your app? String installer = context.getPackageManager().getInstallerPackageName(myPackageName);
if (installer == null) return true; // BOOM!
if (installer.compareTo(google) != 0 && installer.compareTo(amazon) != 0) return true; // BOOM!
return false; }
http://bit.ly/android-tampering-detection
![Page 43: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/43.jpg)
Tampering detection
// myPackageName should decode at runtime to "com.yourpackagename" // google should decode at runtime to "com.android.vending"; // amazon should decode at runtime to "com.amazon.venezia";
public boolean isHacked(Context context, String myPackageName, String google, String amazon) { //Crooks renamed your app? if (context.getPackageName().compareTo(myPackageName != 0) return true; // BOOM!
//Rogues relocated your app? String installer = context.getPackageManager().getInstallerPackageName(myPackageName);
if (installer == null) return true; // BOOM!
if (installer.compareTo(google) != 0 && installer.compareTo(amazon) != 0) return true; // BOOM!
return false; }
http://bit.ly/android-tampering-detection
![Page 44: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/44.jpg)
• Add tampering detection • Check your app’s signature • Check for rooted device • Check for emulator • Check if the app is debuggable
![Page 45: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/45.jpg)
private static final int VALID = 0; private static final int INVALID = 1; private static final String APP_SIGNATURE = "1038C0E34658923C4192E61B16846"; public static int checkAppSignature(Context context) { try { PackageInfo packageInfo = context.getPackageManager() .getPackageInfo(context.getPackageName(), PackageManager.GET_SIGNATURES);
for (Signature signature : packageInfo.signatures) { byte[] signatureBytes = signature.toByteArray(); MessageDigest md = MessageDigest.getInstance("SHA"); md.update(signature.toByteArray()); //compare signatures if (SIGNATURE.equals(APP_SIGNATURE)){ return VALID; }; } } catch (Exception e) { //assumes an issue in checking signature., but we let the caller decide on what to do. } return INVALID; }
Check your app’s signature
http://bit.ly/AndroidTampering
![Page 46: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/46.jpg)
• Add tampering detection • Check your app’s signature • Check for rooted device • Check for emulator • Check if the app is debuggable
![Page 47: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/47.jpg)
private static boolean canExecuteCommand(String command) { try { int exitValue = Runtime.getRuntime().exec(command).waitFor(); if (exitValue != 0) return false; else return true; } catch (Exception e) { return false; } }
Check for rooted device
![Page 48: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/48.jpg)
• Add tampering detection • Check your app’s signature • Check for rooted device • Check for emulator • Check if the app is debuggable
![Page 49: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/49.jpg)
Build.FINGERPRINT.startsWith("generic")
Check for emulator
![Page 50: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/50.jpg)
• Add tampering detection • Check your app’s signature • Check for rooted device • Check for emulator • Check if the app is debuggable
![Page 51: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/51.jpg)
public static boolean isDebuggable(Context context){ return (context.getApplicationInfo().flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0;
}
Check if the app is debuggable
![Page 52: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/52.jpg)
Debuggable app
![Page 53: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/53.jpg)
![Page 54: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/54.jpg)
Things to look at
• Protect your apps with tools like ProGuard and DexGuard.
• Look at the SafetyNet API by Google
• Implement Network Security Configuration
http://bit.ly/SafeKey
![Page 55: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/55.jpg)
ProGuard DexGuard• Installed by default • Name Obfuscation • Code Optimisation • Removal of Redundant Code • FREE
• Class Encryption • Call Hiding through Reflection • String Encryption • Certificate Checks • Debug Detection • Emulator Detection • Root Detection • Tamper Detection • Costs $$$
![Page 56: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/56.jpg)
Things to look at
• Protect your apps with tools like ProGuard and DexGuard.
• Look at the SafetyNet API by Google
• Implement Network Security Configuration
http://bit.ly/SafeKey
![Page 57: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/57.jpg)
SafetyNet API by Google
![Page 58: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/58.jpg)
Things to look at
• Protect your apps with tools like ProGuard and DexGuard.
• Look at the SafetyNet API by Google
• Implement Network Security Configuration
http://bit.ly/SafeKey
![Page 59: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/59.jpg)
Network Security Configuration
![Page 60: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/60.jpg)
![Page 61: I just hacked your app! - Marcos Placona - Codemotion Rome 2017](https://reader034.fdocuments.in/reader034/viewer/2022050714/58e4a1c61a28aba3458b61f7/html5/thumbnails/61.jpg)