Submit Search
Upload
Android Security: Defending Your Users
•
5 likes
•
2,583 views
C
CommonsWare
Follow
from the 2013 droidcon UK conference, covering SQLCipher for Android
Read less
Read more
Technology
Education
Report
Share
Report
Share
1 of 25
Download now
Download to read offline
Recommended
Rich Text Editing and Beyond
Rich Text Editing and Beyond
CommonsWare
Gradle and Your Android Wearable Projects
Gradle and Your Android Wearable Projects
CommonsWare
Getting Android Developers for Your Wearables
Getting Android Developers for Your Wearables
CommonsWare
When Microwatts Are Precious: Battery Tips for Wearable Apps
When Microwatts Are Precious: Battery Tips for Wearable Apps
CommonsWare
ExoPlayer for Application developers
ExoPlayer for Application developers
Hassan Abid
Android's HIDL: Treble in the HAL
Android's HIDL: Treble in the HAL
Opersys inc.
Targeting Android with Qt
Targeting Android with Qt
Espen Riskedal
Embedded Android Workshop with Oreo
Embedded Android Workshop with Oreo
Opersys inc.
Recommended
Rich Text Editing and Beyond
Rich Text Editing and Beyond
CommonsWare
Gradle and Your Android Wearable Projects
Gradle and Your Android Wearable Projects
CommonsWare
Getting Android Developers for Your Wearables
Getting Android Developers for Your Wearables
CommonsWare
When Microwatts Are Precious: Battery Tips for Wearable Apps
When Microwatts Are Precious: Battery Tips for Wearable Apps
CommonsWare
ExoPlayer for Application developers
ExoPlayer for Application developers
Hassan Abid
Android's HIDL: Treble in the HAL
Android's HIDL: Treble in the HAL
Opersys inc.
Targeting Android with Qt
Targeting Android with Qt
Espen Riskedal
Embedded Android Workshop with Oreo
Embedded Android Workshop with Oreo
Opersys inc.
Effective Spring on Kubernetes
Effective Spring on Kubernetes
Neven Cvetković
Embedded Android Workshop with Pie
Embedded Android Workshop with Pie
Opersys inc.
App integration: Strategies and Tactics
App integration: Strategies and Tactics
CommonsWare
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with Marshmallow
Opersys inc.
The unconventional devices for the video streaming in Android
The unconventional devices for the video streaming in Android
Alessandro Martellucci
Brillo / Weave Internals
Brillo / Weave Internals
Opersys inc.
Brillo/Weave Internals
Brillo/Weave Internals
Opersys inc.
Android Platform Debugging and Development
Android Platform Debugging and Development
Opersys inc.
Android Things Internals
Android Things Internals
Opersys inc.
Project Ara
Project Ara
Opersys inc.
Aosp+
Aosp+
jpuderer
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with Marshmallow
Opersys inc.
Embedded Android Workshop
Embedded Android Workshop
Opersys inc.
Embedded Android Workshop with Nougat
Embedded Android Workshop with Nougat
Opersys inc.
Developing Cross platform apps in flutter (Android, iOS, Web)
Developing Cross platform apps in flutter (Android, iOS, Web)
Priyanka Tyagi
Developing Android Platform Tools
Developing Android Platform Tools
Opersys inc.
Embedded Android Workshop with Lollipop
Embedded Android Workshop with Lollipop
Opersys inc.
Cross Platform Mobile Development using Flutter by Wei Meng Lee at Mobile foc...
Cross Platform Mobile Development using Flutter by Wei Meng Lee at Mobile foc...
DevClub_lv
Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?
Opersys inc.
Embedded Android Workshop with Nougat
Embedded Android Workshop with Nougat
Opersys inc.
Android Security
Android Security
Lars Jacobs
Android security by ravi-rai
Android security by ravi-rai
Ravi Rai
More Related Content
What's hot
Effective Spring on Kubernetes
Effective Spring on Kubernetes
Neven Cvetković
Embedded Android Workshop with Pie
Embedded Android Workshop with Pie
Opersys inc.
App integration: Strategies and Tactics
App integration: Strategies and Tactics
CommonsWare
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with Marshmallow
Opersys inc.
The unconventional devices for the video streaming in Android
The unconventional devices for the video streaming in Android
Alessandro Martellucci
Brillo / Weave Internals
Brillo / Weave Internals
Opersys inc.
Brillo/Weave Internals
Brillo/Weave Internals
Opersys inc.
Android Platform Debugging and Development
Android Platform Debugging and Development
Opersys inc.
Android Things Internals
Android Things Internals
Opersys inc.
Project Ara
Project Ara
Opersys inc.
Aosp+
Aosp+
jpuderer
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with Marshmallow
Opersys inc.
Embedded Android Workshop
Embedded Android Workshop
Opersys inc.
Embedded Android Workshop with Nougat
Embedded Android Workshop with Nougat
Opersys inc.
Developing Cross platform apps in flutter (Android, iOS, Web)
Developing Cross platform apps in flutter (Android, iOS, Web)
Priyanka Tyagi
Developing Android Platform Tools
Developing Android Platform Tools
Opersys inc.
Embedded Android Workshop with Lollipop
Embedded Android Workshop with Lollipop
Opersys inc.
Cross Platform Mobile Development using Flutter by Wei Meng Lee at Mobile foc...
Cross Platform Mobile Development using Flutter by Wei Meng Lee at Mobile foc...
DevClub_lv
Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?
Opersys inc.
Embedded Android Workshop with Nougat
Embedded Android Workshop with Nougat
Opersys inc.
What's hot
(20)
Effective Spring on Kubernetes
Effective Spring on Kubernetes
Embedded Android Workshop with Pie
Embedded Android Workshop with Pie
App integration: Strategies and Tactics
App integration: Strategies and Tactics
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with Marshmallow
The unconventional devices for the video streaming in Android
The unconventional devices for the video streaming in Android
Brillo / Weave Internals
Brillo / Weave Internals
Brillo/Weave Internals
Brillo/Weave Internals
Android Platform Debugging and Development
Android Platform Debugging and Development
Android Things Internals
Android Things Internals
Project Ara
Project Ara
Aosp+
Aosp+
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with Marshmallow
Embedded Android Workshop
Embedded Android Workshop
Embedded Android Workshop with Nougat
Embedded Android Workshop with Nougat
Developing Cross platform apps in flutter (Android, iOS, Web)
Developing Cross platform apps in flutter (Android, iOS, Web)
Developing Android Platform Tools
Developing Android Platform Tools
Embedded Android Workshop with Lollipop
Embedded Android Workshop with Lollipop
Cross Platform Mobile Development using Flutter by Wei Meng Lee at Mobile foc...
Cross Platform Mobile Development using Flutter by Wei Meng Lee at Mobile foc...
Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?
Embedded Android Workshop with Nougat
Embedded Android Workshop with Nougat
Viewers also liked
Android Security
Android Security
Lars Jacobs
Android security by ravi-rai
Android security by ravi-rai
Ravi Rai
History of Android Security – from linux to jelly bean
History of Android Security – from linux to jelly bean
Jung Pil (J.P.) Choi
Google Android Security 2014 Report
Google Android Security 2014 Report
Ronen Mendezitsky
Android OS and its Features
Android OS and its Features
Harshad Lokhande
SydMobNet March 2016: Matthew Robbins - Android M Security Policies
SydMobNet March 2016: Matthew Robbins - Android M Security Policies
Alec Tucker
The 25 hour of day | Mawa3ed
The 25 hour of day | Mawa3ed
Ahmed Faris
Android Internals (This is not the droid you’re loking for...)
Android Internals (This is not the droid you’re loking for...)
Giacomo Bergami
Android application for gps
Android application for gps
Sutej Chakka
Смирнов Александр, Security in Android Application
Смирнов Александр, Security in Android Application
SECON
SecureDroid: An Android Security Framework Extension for Context-Aware policy...
SecureDroid: An Android Security Framework Extension for Context-Aware policy...
Giuseppe La Torre
Android security
Android security
Mobile Rtpl
Android Project report on City Tourist Location based services (Shuja ul hassan)
Android Project report on City Tourist Location based services (Shuja ul hassan)
Shuja Hassan
600.250 UI Cross Platform Development and the Android Security Model
600.250 UI Cross Platform Development and the Android Security Model
Michael Rushanan
Android audio system(audioplicy_service)
Android audio system(audioplicy_service)
fefe7270
Security threats in Android OS + App Permissions
Security threats in Android OS + App Permissions
Hariharan Ganesan
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security Threats
Sperasoft
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthinkspa
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development
Cheng-Yi Yu
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solution
Tandhy Simanjuntak
Viewers also liked
(20)
Android Security
Android Security
Android security by ravi-rai
Android security by ravi-rai
History of Android Security – from linux to jelly bean
History of Android Security – from linux to jelly bean
Google Android Security 2014 Report
Google Android Security 2014 Report
Android OS and its Features
Android OS and its Features
SydMobNet March 2016: Matthew Robbins - Android M Security Policies
SydMobNet March 2016: Matthew Robbins - Android M Security Policies
The 25 hour of day | Mawa3ed
The 25 hour of day | Mawa3ed
Android Internals (This is not the droid you’re loking for...)
Android Internals (This is not the droid you’re loking for...)
Android application for gps
Android application for gps
Смирнов Александр, Security in Android Application
Смирнов Александр, Security in Android Application
SecureDroid: An Android Security Framework Extension for Context-Aware policy...
SecureDroid: An Android Security Framework Extension for Context-Aware policy...
Android security
Android security
Android Project report on City Tourist Location based services (Shuja ul hassan)
Android Project report on City Tourist Location based services (Shuja ul hassan)
600.250 UI Cross Platform Development and the Android Security Model
600.250 UI Cross Platform Development and the Android Security Model
Android audio system(audioplicy_service)
Android audio system(audioplicy_service)
Security threats in Android OS + App Permissions
Security threats in Android OS + App Permissions
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security Threats
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solution
Similar to Android Security: Defending Your Users
Securing User Data with SQLCipher
Securing User Data with SQLCipher
CommonsWare
Android Attacks
Android Attacks
Michael Scovetta
The Ultimate Android Security Checklist (AnDevCon Boston 2014)
The Ultimate Android Security Checklist (AnDevCon Boston 2014)
Ron Munitz
The Ultimate Android Security Checklist (Mdevcon 2014)
The Ultimate Android Security Checklist (Mdevcon 2014)
Ron Munitz
X Means Y
X Means Y
CommonsWare
App Integration (Revised and Updated)
App Integration (Revised and Updated)
CommonsWare
Help Doctor, my application is an onion!
Help Doctor, my application is an onion!
Sebastián Guerrero Selma
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Codemotion
Workshop su Android Kernel Hacking
Workshop su Android Kernel Hacking
Develer S.r.l.
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
Ron Munitz
[Gstar 2013] Unity Security
[Gstar 2013] Unity Security
Seungmin Shin
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Ron Munitz
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Ron Munitz
Androidoverview 100405150711-phpapp01
Androidoverview 100405150711-phpapp01
Santosh Sh
Game Analytics at London Apache Druid Meetup
Game Analytics at London Apache Druid Meetup
Jelena Zanko
Looking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad Savitsky
Vlad Savitsky
Android Development: The 20,000-Foot View
Android Development: The 20,000-Foot View
CommonsWare
Developer's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web Cryptography
Kevin Hakanson
What's New in Jelly Bean
What's New in Jelly Bean
CommonsWare
Building a Modern Enterprise SOA at LinkedIn
Building a Modern Enterprise SOA at LinkedIn
Jens Pillgram-Larsen
Similar to Android Security: Defending Your Users
(20)
Securing User Data with SQLCipher
Securing User Data with SQLCipher
Android Attacks
Android Attacks
The Ultimate Android Security Checklist (AnDevCon Boston 2014)
The Ultimate Android Security Checklist (AnDevCon Boston 2014)
The Ultimate Android Security Checklist (Mdevcon 2014)
The Ultimate Android Security Checklist (Mdevcon 2014)
X Means Y
X Means Y
App Integration (Revised and Updated)
App Integration (Revised and Updated)
Help Doctor, my application is an onion!
Help Doctor, my application is an onion!
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Workshop su Android Kernel Hacking
Workshop su Android Kernel Hacking
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
[Gstar 2013] Unity Security
[Gstar 2013] Unity Security
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Androidoverview 100405150711-phpapp01
Androidoverview 100405150711-phpapp01
Game Analytics at London Apache Druid Meetup
Game Analytics at London Apache Druid Meetup
Looking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad Savitsky
Android Development: The 20,000-Foot View
Android Development: The 20,000-Foot View
Developer's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web Cryptography
What's New in Jelly Bean
What's New in Jelly Bean
Building a Modern Enterprise SOA at LinkedIn
Building a Modern Enterprise SOA at LinkedIn
More from CommonsWare
The Action Bar: Front to Back
The Action Bar: Front to Back
CommonsWare
Secondary Screen Support Using DisplayManager
Secondary Screen Support Using DisplayManager
CommonsWare
Mastering the Master Detail Pattern
Mastering the Master Detail Pattern
CommonsWare
Not Quite As Painful Threading
Not Quite As Painful Threading
CommonsWare
Maps V2... And You!
Maps V2... And You!
CommonsWare
A Deep Dive Into ViewPager
A Deep Dive Into ViewPager
CommonsWare
Second-Screen Support in Android 4.2
Second-Screen Support in Android 4.2
CommonsWare
Integrate Android Apps and Web Apps
Integrate Android Apps and Web Apps
CommonsWare
From Android to the Mobile Web
From Android to the Mobile Web
CommonsWare
The Wonderful World of Wearables
The Wonderful World of Wearables
CommonsWare
Beaming Data to Devices with NFC
Beaming Data to Devices with NFC
CommonsWare
Making Money at Mobile: 60 Business Models
Making Money at Mobile: 60 Business Models
CommonsWare
AppsWorld Keynote
AppsWorld Keynote
CommonsWare
Backwards Compatibility: Strategies and Tactics
Backwards Compatibility: Strategies and Tactics
CommonsWare
Android Hardware That's A Little Bit... Odd
Android Hardware That's A Little Bit... Odd
CommonsWare
Google TV For Fun
Google TV For Fun
CommonsWare
If I Were Starting Now
If I Were Starting Now
CommonsWare
Tuning Android Applications (Part Deux)
Tuning Android Applications (Part Deux)
CommonsWare
Tuning Android Applications (Part One)
Tuning Android Applications (Part One)
CommonsWare
Android Library Projects
Android Library Projects
CommonsWare
More from CommonsWare
(20)
The Action Bar: Front to Back
The Action Bar: Front to Back
Secondary Screen Support Using DisplayManager
Secondary Screen Support Using DisplayManager
Mastering the Master Detail Pattern
Mastering the Master Detail Pattern
Not Quite As Painful Threading
Not Quite As Painful Threading
Maps V2... And You!
Maps V2... And You!
A Deep Dive Into ViewPager
A Deep Dive Into ViewPager
Second-Screen Support in Android 4.2
Second-Screen Support in Android 4.2
Integrate Android Apps and Web Apps
Integrate Android Apps and Web Apps
From Android to the Mobile Web
From Android to the Mobile Web
The Wonderful World of Wearables
The Wonderful World of Wearables
Beaming Data to Devices with NFC
Beaming Data to Devices with NFC
Making Money at Mobile: 60 Business Models
Making Money at Mobile: 60 Business Models
AppsWorld Keynote
AppsWorld Keynote
Backwards Compatibility: Strategies and Tactics
Backwards Compatibility: Strategies and Tactics
Android Hardware That's A Little Bit... Odd
Android Hardware That's A Little Bit... Odd
Google TV For Fun
Google TV For Fun
If I Were Starting Now
If I Were Starting Now
Tuning Android Applications (Part Deux)
Tuning Android Applications (Part Deux)
Tuning Android Applications (Part One)
Tuning Android Applications (Part One)
Android Library Projects
Android Library Projects
Recently uploaded
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Scott Keck-Warren
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
RankYa
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Safe Software
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
The Digital Insurer
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Manik S Magar
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Fwdays
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Zilliz
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
comworks
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dubai Multi Commodity Centre
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Alfredo García Lavilla
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Padma Pradeep
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
Recently uploaded
(20)
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Android Security: Defending Your Users
1.
droidcon UK 2013 Android
Security: Defending Your Users Copyright © 2013 CommonsWare, LLC
2.
Your Users' Bad
Guys ● ● Different Users Have Different Security Concerns Do Not Assume All Users Are the Same as You – ● ...unless you are your only user Your Users' Collective Threats = Your Threats Copyright © 2013 CommonsWare, LLC
3.
Rest and Motion Followed
By More Rest, Because Motion is Tiring ● Securing Data at Rest = Local Storage – – SharedPreferences – ● Databases Other Types of Files Securing Data in Motion = Internet (mostly) – SSL – OTR Copyright © 2013 CommonsWare, LLC
4.
The Droid Is
Not Enough ● Lock Screen? – ● Internal Storage? – ● Mechanical brute forcing Rooting Full-Disk Crypto? – Digital brute forcing Copyright © 2013 CommonsWare, LLC
5.
Your Objectives (One
Hopes) ● Cheap and Easy Security – – ● Only have so much time to budget Aiming for “low hanging fruit” Effective Security – “Using CryptoLint, we performed a study on cryptographic implementations in 11,748 Android applications. Overall we find that 10,327 programs – 88% in total – use cryptography inappropriately. The raw scale of misuse indicates a widespread misunderstanding of how to properly use cryptography in Android development.” Copyright © 2013 CommonsWare, LLC
6.
You're Doing It
Wrong ● Hardcoded Passphrases ● Manually Seeding SecureRandom – ...with a hardcoded seed ● Hardcoded Salts ● Insufficient Key Generation Iterations ● Non-Random Initialization Vectors Copyright © 2013 CommonsWare, LLC
7.
Introducing SQLCipher ● SQLCipher – Modified version
of SQLite – AES-256 encryption by default, of all data – Relatively low overhead – Cross-platform – BSD license Copyright © 2013 CommonsWare, LLC
8.
Introducing SQLCipher ● SQLCipher Security – Customizable
encryption algorithm ● Based on OpenSSL libcrypto – Individual pages encrypted, with own initialization vector – Message authentication code (MAC) per page, to detect tampering – Hashed passphrase (PBKDF2) for key ● 4,000 iterations, moving to 64,000 for 3.0 Copyright © 2013 CommonsWare, LLC
9.
Introducing SQLCipher ● SQLCipher for
Android – NDK-compiled binaries – Drop-in replacement classes for Android's SQLite classes ● ● SQLiteOpenHelper ● – SQLiteDatabase Etc. Modify your code, third-party libraries also using SQLite Copyright © 2013 CommonsWare, LLC
10.
Integrating SQLCipher ● Step #1:
Add to Project – Download ZIP file from: http://sqlcipher.net/downloads/ – Copy ZIP's assets/ into project's assets/ – Copy ZIP's libs/ into project's libs/ Copyright © 2013 CommonsWare, LLC
11.
Integrating SQLCipher ● Step #2:
Replace Import Statements – Eclipse ● ● Delete all android.database.* and android.database.sqlite.* imports Use Ctrl-Shift-O and choose the net.sqlcipher equivalents Copyright © 2013 CommonsWare, LLC
12.
Integrating SQLCipher ● Step #2:
Replace Import Statements – Outside of Eclipse ● ● Replace all occurrences of android.database with net.sqlcipher, revert back as needed Replace all occurrences of android.database.sqlite with net.sqlcipher.database Copyright © 2013 CommonsWare, LLC
13.
Integrating SQLCipher ● Step #3:
Supply Passphrases – SQLiteDatabase openOrCreateDatabase(), etc. – SQLiteOpenHelper getReadableDatabase() and getWritableDatabase() – Collect passphrase from user via your own UI Copyright © 2013 CommonsWare, LLC
14.
Integrating SQLCipher ● Step #4:
Testing – Tests should work when starting with a clean install ● ● No existing unencrypted database Step #5: Beer! – Hooray, beer! Copyright © 2013 CommonsWare, LLC
15.
Integrating SQLCipher ● Other Integration
Issues – Upgrading to encryption – Loaders ● – CWAC-LoaderEx ContentProvider ● Can work, but need to get passphrase to it before using the database (e.g., call()) Copyright © 2013 CommonsWare, LLC
16.
Integrating SQLCipher ● About the
Bloat – 4MB base – Additional ~5MB for x86 – Additional ~3MB for ARM – Why? ● Complete independent copy of SQLite ● Static library implementation of OpenSSL ● Independent copy of ICU collation ruleset Copyright © 2013 CommonsWare, LLC
17.
Integrating SQLCipher ● Using For
Other Sorts of Data – SharedPreferences ● ● – CWAC-Prefs has SharedPreferencesEx, allow storage in SQLite/SQLCipher for Android Downside: no preference screen support IOCipher ● Virtual filesystem, backed by SQLCipher for Android Copyright © 2013 CommonsWare, LLC
18.
Passphrases ● Passphrase Entry Pain – Users
do not like typing long passwords – Result = weaker quality – Option: “diceware” ● ● ● Choose ~5 words from stock list Can offer scrolling lists, auto-complete to help speed data entry Downside: more annoying for accessibility Copyright © 2013 CommonsWare, LLC
19.
Passphrases xkcd comics reproduced
under CC license from Randall Munroe, even though Hat Guy owns a $5 wrench Copyright © 2013 CommonsWare, LLC
20.
Passphrases xkcd comics reproduced
under CC license from Randall Munroe, but BYO talking horse Copyright © 2013 CommonsWare, LLC
21.
Passphrases ● Multi-Factor Authentication – Passphrase generated
in code from user-supplied pieces – Organization options ● ● Simple concatenation Concatenation with factor prefix, un-typeable divider characters Copyright © 2013 CommonsWare, LLC
22.
Passphrases ● Multi-Factor Authentication Objectives – Longer
passphrase without as much user input – Help defeat casual attacks ● Need all factors to access via your UI ● Otherwise, need to brute-force Copyright © 2013 CommonsWare, LLC
23.
Passphrases xkcd comics reproduced
under CC license from Randall Munroe. Hat Guy is not amused. Copyright © 2013 CommonsWare, LLC
24.
Passphrases ● Multi-Factor Authentication Sources – NFC
tag – QR code – Paired Bluetooth device – Wearable device app – Biometrics (e.g., fingerprint scanner) Copyright © 2013 CommonsWare, LLC
25.
Summary ● Consider Encryption – ● ...even if
you don't think you need it SQLCipher: Easiest Option for Encrypted Database – ...if you can live with the APK footprint Copyright © 2013 CommonsWare, LLC
Download now