droidconIN 2016

Android - an operating system which was initially planned for digital cameras, has become the world’s most popular mobile platform in a short period of time. Although originally designed for smartphones, it now powers tablets, TVs, and wearable devices. Android is being developed at a breathtaking pace. Each new release brings a better UI, performance improvements, and a host of new features which are typically blogged about and dissected in excruciating detail by Android enthusiasts

We use it in our daily lives for our most basic needs - from shopping and booking movie tickets to huge bank transactions. There’s a lot of development going on Android platform as well as the apps. The concentration is on making the app more user-friendly by giving it a very good UI, but not every app developer / company checks the security of the apps. When the app has huge functionalities it is difficult for one to find the bugs. Cybercriminals make use of this carelessness to make money for themselves. Creating malware and trojans to steal banking and other credentials are a few popular ways to make money. If a severe vulnerability is found, a successful exploit could be made to misuse the app. So here comes the role of Android Security.

There are various OS and platforms (both open source and proprietary) for Android app testing. Android Tamer is one such virtual platform (VM) based on Debian 8. It is completely open source and also open to users suggestions. Complete information on AndroidTamer is at https://androidtamer.com/ and any issues (or suggestions) could be reported at https://github.com/AndroidTamer/Tools_Repository/issues

FAQ :

What is the presentation all about ?
This talk will be focused on the security aspect of Android apps development. There are lot of developers who focus on the UI of apps but very few consider the security as an important aspect. The seriousness of security is not understood by everyone. This talk will atleast make you aware of the importance of Android security.

What can one learn from this ?

• Introduction to android security
• Introduction to bug hunting (& bug bounties, if lucky)
• Automated testing of apps
• Introduction to Reverse Engineering & Malware Analysis

Are there any prerequisites for the talk ?
This talk will be made as simple as possible. It is better if you know the basics of Android (both OS and app functioning).

Are proprietary softwares taking part in the talk ?
Android Tamer is completely open source and the tools present in it are almost open source. There is no proprietary software involved in this talk.

I am impressed by AndroidTamer, can I get it now ?
You could download AndroidTamer at its website https://androidtamer.com/. The latest version AndroidTamer 4 is 5.1 GB .ova file. If you cannot download such a huge file, and you already have a Debian 8 virtual (or base) machine, you could follow the steps given at https://tools.androidtamer.com/General/repo_configure/

Outline

• Introduction to Android Security
• Android Internals
• Recent Attacks on Android
• Effective way of Android app development
• Introduction to Android Tamer
• Open Source Tools for making Android secure
• Automated tools
• Demos
• Conclusion

Requirements

You could try downloading Android Tamer 4 from the website, or just meet me to get a copy of it :D

Speaker bio

Security Enthusiast interested in Android, WebApps and all electronic device security. Founder of “Hack with Github” (@HackwithGithub) https://github.com/Hack-with-Github - an initiative to spread the awareness of Open source hacking tools to everyone.

Links

• Speaker
• • Twitter: @bnchandrapal
• • Website: https://chandrapal.me
• AndroidTamer
• • Twitter: @AndroidTamer
• • Website: https://androidtamer.com/
• Previous Presentation: http://www.slideshare.net/anantshri/android-tamer-virtual-machine-for-android-security-professionals