Securing User & Android Data
Submitted by srinivas kodali (@iotakodali) on Sunday, 19 October 2014
Section: Security – full talks Technical level: Intermediate
Lot of existing apps do not use any form of security measures while storing user/app data & also while consuming APIs over the network. The main objective is to help developers gaurd their apps against penetration attacks and securing their proprietary data.
The talk will focus on the following aspects.
1) Reverse Engineering and Code Obfuscation
2) Securing Disk Storage (Offline Data/Keys)
3) Secure Communication over HTTPS (Secure API)
4) Demos of various attacks (Penetration Testing)
If the backbone of your application is proprietary data and you value user privacy, this talk is for you.
Security is a major issue for users & android applications, which most developers ignore it in the start and it comes back haunting you.
The talk will focus on few major android security bugs and exploits which a developer must know to secure an application. The focus will be on disk encryption,root access and then shift to secure communications for your APIs. I will end the talk showing some demos of how day to day apps are not secure enough. I will focus on why you need to store data securly in SharedPrefs, sqlite and also use https everywhere.
Additionally I will also talk on how one can secure the app and kill a particular version when your security is compromised.
Securing android OS is not in the scope of the talk. The talk is about knowing the issues and making your application secure.
You cannot steal data that does not exist. But for the rest there are security hacks.
I am Srinivas Kodali, a polygot programmer working on transportation applications for past 2 years. I try to solve civic issues using technology. I am part of the open-access movement in India and try to make public data available for research. I am a speaker in meetups on opendata and urban tranport.
I am working with the chaloBEST project to help improve public transport. For me android is the best way of information dissemination to solve civic issues and engage communities. I see a lot of security issues with sensitive data specially in Govt. and multicrore company applications in my line of work.