droidconIN 2016

It is not only Pokemon-Go developers but mostly everyone including me at Gojek made these mistakes. In this talk I will sharing my experience on how to implement 14 Layers of Security in your Android app to prevent your app from hacking/security exploits and make it harder for reverse engineering.

Intended audience:
Everyone who cares about securing their android source code.

Key Takeaways:
Code-snippets/Live Examples along with best practices for Do’s and Dont’s that I have used in GoJek engineering to implement these 14 layers

Outline

My Talk is outlined in two parts:
Story

Case-Study: PokemonGo

Case-Study: Problems we faced at GoBis(Go-Jek Driver App)

** Step by step implementation of 14 Layers of Security covering Example and Code Snippets for each step**

1. Name Obfuscation
2. String Encryption
3. Class Obfuscation
4. Reflection
5. Code Obfuscation
6. Class Encryption
7. Assets Encryption
8. Resource Encryption
9. Removing Logging Code and Stacktraces
10. Tamper Detection
11. Network Layer Security
12. SSL pinning
13. GRPC
14. Environmental Safeguard Checks

Speaker bio

Abhinandan Kothari is Product Engineer at Gojek currently working on Android Ecosystem
This year he spoke at Rubyconfindia 2016, Kochi on Function Testing of Mobile Apps using Appium
and
last year he spoke at Deccanrubyconf 2015,Pune on Web Marries Ruby
He is also a Scholarship student at Android Nanodegree from Google and Udacity.

Slides

https://speakerdeck.com/abhinandan/droidconin-16