building secure android apps

Report

Post on 06-May-2015

512 Views

Category:

Technology

2 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Building Secure Android AppsKaushal Bhavsar

Who am I?

• Kaushal Bhavsar• Founder & CEO, Pratikar Technologies• Visiting Faculty, Dept. of Computer Science, (Rollwala) – Network Security in MCA V

• Pursuing PhD from CHARUSAT– Computer Security

Know this App??

Similar Apps

Falling Down Super Guitar Solo

Super History Eraser

Photo Editor Super Ringtone Maker Chess

下坠滚球_Falldown

Falling Ball Dodge

Basics

Vulnerability

ThreatRisk

Basics - II

Attack Surface

Defense-in-depth

Least Privilege

Android Architecture

Linux Kernel

Native Libraries

Application Framework

Your Apps

Android Security Model

Application Isolation

Application Signing

Filesystem Isolation

Application Isolation

• When an app is installed, it gets a new UID.• All data stored by that application is assigned

that same UID• All resources for that app are given full

permissions for the app’s UID. • Different UIDs can not access each other’s

data.

Filesystem Isolation

• All data for the app is stored in /data/data/app_package_name

• Only UID for specific app can access it• Apps with same UIDs can access each other’s

data• Root UID can access all apps’ data!• SD Card data is not protected!• Files created using apps MUST be have

appropriate permissions

Data Security

Stored Data Mobile Data

Protecting Stored Data

Cryptography

Hashing Encryption

Symmetric Asymmetric

Protecting Mobile Data

Figure from http://technet.microsoft.com

Input Validation

Accept

Known

Good

Reject Known Bad

Command InjectionSQLiteDatabase db = dbHelper.getWriteableDatabase();

String userQuery = "SELECT lastName FROM useraccounts WHERE userID = " + request.getParameter("userID");

SQLiteStatement prepStatement = db.compileStatement(userQuery);

String userLastname = prepStatement.simpleQueryForString();

SQLiteDatabase db = dbHelper.getWriteableDatabase();

String userQuery = "SELECT lastName FROM useraccounts WHERE userID = ?";

SQLiteStatement prepStatement = db.compileStatement(userQuery);

prepStatement.bindString(1, request.getParameter("userID"));

String userLastname = prepStatement.simpleQueryForString();

Thank you!

kaushal@pratikar.com

top related

building event driven serverless apps by danilo poccia at...
Internet
ځاٱسا٭ ټډا اشچ -...
Documents
loopnet › d2 › 9qfki343asw5... · tailor your building....
Documents
ember conf 2016: building mobile apps with ember
Technology
secure cdn - secure content delivery network
Technology
bezpečnostní a funkce intelligent - cisco - global home...
Documents
certification & support program mcse • mta • server 2012...
Documents
air building apps
Documents
building reactive apps
Technology
how secure are secure interdomain routing protocols?
Documents
enterprise mobility management gdpr - security...
Documents
sap enterprise mobility sap mobile secure · 2020. 10....
Documents
building and deploying safe and secure android apps for...
Documents
couchbase mobile 102: how to add secure sync to your mobile...
Technology
building secure server
Technology
building secure it server room
Documents
building secure software - universitetet i...
Documents
developing secure software: from mobile apps to erp...
Documents
sdl tools and building secure...
Documents
building apps with hbase - data days texas march 2013
Documents