Are you Repeating Mistakes made by PokemonGo Developers ?
Submitted by Abhinandan Kothari (@abhinandankothari) on Wednesday, 10 August 2016
Section: Crisp talk (15 minutes) Technical level: Beginner
It is not only Pokemon-Go developers but mostly everyone including me at Gojek made these mistakes. In this talk I will sharing my experience on how to implement 14 Layers of Security in your Android app to prevent your app from hacking/security exploits and make it harder for reverse engineering.
Intended audience: Everyone who cares about securing their android source code.
Key Takeaways: Code-snippets/Live Examples along with best practices for Do’s and Dont’s that I have used in GoJek engineering to implement these 14 layers
My Talk is outlined in two parts:
Case-Study: Problems we faced at GoBis(Go-Jek Driver App)
Step by step implementation of 14 Layers of Security covering Example and Code Snippets for each step
- Name Obfuscation
- String Encryption
- Class Obfuscation
- Code Obfuscation
- Class Encryption
- Assets Encryption
- Resource Encryption
- Removing Logging Code and Stacktraces
- Tamper Detection
- Network Layer Security
- SSL pinning
- Environmental Safeguard Checks
Abhinandan Kothari is Product Engineer at Gojek currently working on Android Ecosystem
This year he spoke at Rubyconfindia 2016, Kochi on Function Testing of Mobile Apps using Appium
last year he spoke at Deccanrubyconf 2015,Pune on Web Marries Ruby
He is also a Scholarship student at Android Nanodegree from Google and Udacity.