Droidcon India 2012

India's largest Android Conference

The Real Incident of Stealing a Droid App+Data in daytime

Submitted by Akash Mahajan (@makash) on Monday, 3 September 2012

Section: General Topics Technical level: Beginner Session type: Lecture

View proposal in schedule

Abstract

Attend this session if you

  • are building Android apps and worry about it being stolen for piracy etc.
  • are building Android apps and store sensitive information in the app.
  • are tasked with testing the security of your Android application
  • are interested in a real world case study of a 'secure' app mayn't be as secure as you think it is.
  • are interested in a simple checklist to secure your Android app.

Outline

This is a beginner level talk/lecture about how we managed to steal data, bypass security controls and steal the source code of an Android application which was supposed to be secure.

Technically what we managed to do isn't ground breaking, but due to a combination of reasons we were able to radically change the security of the Android app for the better.

Requirements

Mandatory

An open mind, a sense of humour.

Good To Have

  • Interest in Android security
  • Interest in developing secure Android apps
  • Interest in business models of Android apps

Speaker bio

I used to freelance as a Web Application Security Consultant. Now I run my Application Security Company with special focus on Web and Mobile applications.

I help companies become secure by helping them understand approaches to security for the platform, security best practices and most importantly spreading the message that being secure is much cheaper than being insecure.

Among other things I am the co-founder+Community Manager for "null - The Open Security Community" and OWASP Bangalore

Website | @makash | Linkedin | Slideshare

Links

Slides

http://www.slideshare.net/akashm/the-real-incident-of-stealing-a-droid-appdata

Comments

Login with Twitter or Google to leave a comment