droidconIN 2016

The sixth edition of droidconIN

Abhinandan Kothari


Are you Repeating Mistakes made by PokemonGo Developers ?

Submitted Aug 10, 2016

It is not only Pokemon-Go developers but mostly everyone including me at Gojek made these mistakes. In this talk I will sharing my experience on how to implement 14 Layers of Security in your Android app to prevent your app from hacking/security exploits and make it harder for reverse engineering.

Intended audience:
Everyone who cares about securing their android source code.

Key Takeaways:
Code-snippets/Live Examples along with best practices for Do’s and Dont’s that I have used in GoJek engineering to implement these 14 layers


My Talk is outlined in two parts:

Case-Study: PokemonGo

Case-Study: Problems we faced at GoBis(Go-Jek Driver App)

** Step by step implementation of 14 Layers of Security covering Example and Code Snippets for each step**

  1. Name Obfuscation
  2. String Encryption
  3. Class Obfuscation
  4. Reflection
  5. Code Obfuscation
  6. Class Encryption
  7. Assets Encryption
  8. Resource Encryption
  9. Removing Logging Code and Stacktraces
  10. Tamper Detection
  11. Network Layer Security
  12. SSL pinning
  13. GRPC
  14. Environmental Safeguard Checks

Speaker bio

Abhinandan Kothari is Product Engineer at Gojek currently working on Android Ecosystem
This year he spoke at Rubyconfindia 2016, Kochi on Function Testing of Mobile Apps using Appium
last year he spoke at Deccanrubyconf 2015,Pune on Web Marries Ruby
He is also a Scholarship student at Android Nanodegree from Google and Udacity.




{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

droidconIN is an annual conference on Android, part of the worldwide series of events. more