4. スマートデバイスの成長
• Nearly 1 Billion Smart Connected Devices Shipped in
2011 with Shipments Expected to Double by 2016,
According to IDC
Source: IDC http://www.idc.com/getdoc.jsp?containerId=prUS23398412
6. OWASPモバイルセキュリティプロジェクト
• OWASP Mobile Security Project
https://www.owasp.org/index.php/OWASP_Mobile_Security_Project
“The OWASP Mobile Security Project is a centralized resource intended to
give developers and security teams the resources they need to build and
maintain secure mobile applications.”
15. 7.
ユーザデータの収集と使用に対する承諾の
収集.保存への注意
• 個人データを使用に関するプライパシーポリシーを作成し、特に承諾の
判断を行うときにユーザが確認できるようにする。
• アプリケーションがPIIを収集していないか確認する。
• PIIの送信に対する承諾記録をユーザが確認できるようにする。
例:
- 不必要なパーミッションの要求(Android)
- PII Transfer
ケーススタディ:
- LinkedIn、カレログ、Angry Bird、the Movie、Path、etc.
- What They Know by WSJ
http://blogs.wsj.com/wtk-mobile/
- Unauthorized iPhone And iPad Apps Leak Private Data Less Often Than
Approved Ones
http://www.forbes.com/sites/andygreenberg/2012/02/14/unauthorized-
iphone-and-ipad-apps-leak-private-data-less-often-than-approved-ones/
19. リファレンス
• OWASP Mobile Security Project
https://www.owasp.org/index.php/OWASP_Mobile_Security_Project
• iOS Developer Library Secure Coding Guide
http://developer.apple.com/library/ios/#DOCUMENTATION/Security/Conceptual/
SecureCodingGuide/Introduction.html
https://developer.apple.com/library/mac/documentation/security/conceptual/
SecureCodingGuide/SecureCodingGuide.pdf
• iOS Security released by Apple on May 2012
http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf
• Iphone data protection tools
http://code.google.com/p/iphone-dataprotection/
• class-dump-z
http://code.google.com/p/networkpx/wiki/class_dump_z
• Cycript
http://www.cycript.org/
• Hacking and Securing iOS Applications by Jonathan Zdziarski
• iOS Hacker's Handbook by Charlie Miller, Dino DaiZovi, and others
• Smart Phone Security: How (Not) To Summon The Devil
http://crypto.hyperlink.cz/files/rosa_scforum12_v1.pdf
• Seven Ways to Hang Yourself with Google Android
http://crypto.hyperlink.cz/files/rosa_scforum12_v1.pdf
• Android Developers Designing for Security
http://developer.android.com/guide/practices/security.html
19