Droidcon India 2014

Indian firms are reallly proud of their mobile apps, yet they dont realize how easy it is to reverse engineer one especially when you dont bother about the security. Indian app ecosystem is highly vulnerable to attacks and these firms dont have any intrusion detection measures.

Developers dont bother about security, product managers only care of the UI. This talk is about the blame game and real world loopholes in mobile applications. Security doesnt come into play unless you are being forced to make your app secure from your competitors & not hackers.

This is a generic talk on the current state of app ecosystem.

Outline

The talk will focus on the real life security blunders our so called Android Developers incorporate into their applications. The following topics will be focused on.

How consultants to the Indian Govt. make shitty Govt. apps at 1000% profit without the ad money. How individual developers point their APIs directly to vulnerable Govt. endpoints without realising their apps will break when they shut them out. How multi-crore startups fail to address user security and become a leaky pipe full of information. How sensitive proprietary information is available at no cost for competitors to develop apps.

I will not name any specific firm, except the industry and the consequences of your actions.

Speaker bio

I am Srinivas Kodali, a polygot programmer working on transportation applications for past 2 years. I try to solve civic issues using technology. I am part of the open-access movement in India and try to make public data available for research. I am a speaker in meetups on opendata and urban tranport.

I am working with the chaloBEST project to help improve public transport. For me android is the best way of information dissemination to solve civic issues and engage communities. I see a lot of security issues with sensitive data specially in Govt. and multicrore company applications in my line of work.