SlideShare a Scribd company logo

Android Security: Defending Your Users

C
CommonsWare

from the 2013 droidcon UK conference, covering SQLCipher for Android

TechnologyEducation
1 of 25
Download to read offline
droidcon UK 2013 Android Security: Defending Your Users Copyright © 2013 CommonsWare, LLC
Your Users' Bad Guys ● ● Different Users Have Different Security Concerns Do Not Assume All Users Are the Same as You – ● ...unless you are your only user Your Users' Collective Threats = Your Threats Copyright © 2013 CommonsWare, LLC
Rest and Motion Followed By More Rest, Because Motion is Tiring ● Securing Data at Rest = Local Storage – – SharedPreferences – ● Databases Other Types of Files Securing Data in Motion = Internet (mostly) – SSL – OTR Copyright © 2013 CommonsWare, LLC
The Droid Is Not Enough ● Lock Screen? – ● Internal Storage? – ● Mechanical brute forcing Rooting Full-Disk Crypto? – Digital brute forcing Copyright © 2013 CommonsWare, LLC
Your Objectives (One Hopes) ● Cheap and Easy Security – – ● Only have so much time to budget Aiming for “low hanging fruit” Effective Security – “Using CryptoLint, we performed a study on cryptographic implementations in 11,748 Android applications. Overall we find that 10,327 programs – 88% in total – use cryptography inappropriately. The raw scale of misuse indicates a widespread misunderstanding of how to properly use cryptography in Android development.” Copyright © 2013 CommonsWare, LLC
You're Doing It Wrong ● Hardcoded Passphrases ● Manually Seeding SecureRandom – ...with a hardcoded seed ● Hardcoded Salts ● Insufficient Key Generation Iterations ● Non-Random Initialization Vectors Copyright © 2013 CommonsWare, LLC
Introducing SQLCipher ● SQLCipher – Modified version of SQLite – AES-256 encryption by default, of all data – Relatively low overhead – Cross-platform – BSD license Copyright © 2013 CommonsWare, LLC
Introducing SQLCipher ● SQLCipher Security – Customizable encryption algorithm ● Based on OpenSSL libcrypto – Individual pages encrypted, with own initialization vector – Message authentication code (MAC) per page, to detect tampering – Hashed passphrase (PBKDF2) for key ● 4,000 iterations, moving to 64,000 for 3.0 Copyright © 2013 CommonsWare, LLC
Introducing SQLCipher ● SQLCipher for Android – NDK-compiled binaries – Drop-in replacement classes for Android's SQLite classes ● ● SQLiteOpenHelper ● – SQLiteDatabase Etc. Modify your code, third-party libraries also using SQLite Copyright © 2013 CommonsWare, LLC
Integrating SQLCipher ● Step #1: Add to Project – Download ZIP file from: http://sqlcipher.net/downloads/ – Copy ZIP's assets/ into project's assets/ – Copy ZIP's libs/ into project's libs/ Copyright © 2013 CommonsWare, LLC
Integrating SQLCipher ● Step #2: Replace Import Statements – Eclipse ● ● Delete all android.database.* and android.database.sqlite.* imports Use Ctrl-Shift-O and choose the net.sqlcipher equivalents Copyright © 2013 CommonsWare, LLC
Integrating SQLCipher ● Step #2: Replace Import Statements – Outside of Eclipse ● ● Replace all occurrences of android.database with net.sqlcipher, revert back as needed Replace all occurrences of android.database.sqlite with net.sqlcipher.database Copyright © 2013 CommonsWare, LLC
Integrating SQLCipher ● Step #3: Supply Passphrases – SQLiteDatabase openOrCreateDatabase(), etc. – SQLiteOpenHelper getReadableDatabase() and getWritableDatabase() – Collect passphrase from user via your own UI Copyright © 2013 CommonsWare, LLC
Integrating SQLCipher ● Step #4: Testing – Tests should work when starting with a clean install ● ● No existing unencrypted database Step #5: Beer! – Hooray, beer! Copyright © 2013 CommonsWare, LLC
Integrating SQLCipher ● Other Integration Issues – Upgrading to encryption – Loaders ● – CWAC-LoaderEx ContentProvider ● Can work, but need to get passphrase to it before using the database (e.g., call()) Copyright © 2013 CommonsWare, LLC
Integrating SQLCipher ● About the Bloat – 4MB base – Additional ~5MB for x86 – Additional ~3MB for ARM – Why? ● Complete independent copy of SQLite ● Static library implementation of OpenSSL ● Independent copy of ICU collation ruleset Copyright © 2013 CommonsWare, LLC
Integrating SQLCipher ● Using For Other Sorts of Data – SharedPreferences ● ● – CWAC-Prefs has SharedPreferencesEx, allow storage in SQLite/SQLCipher for Android Downside: no preference screen support IOCipher ● Virtual filesystem, backed by SQLCipher for Android Copyright © 2013 CommonsWare, LLC
Passphrases ● Passphrase Entry Pain – Users do not like typing long passwords – Result = weaker quality – Option: “diceware” ● ● ● Choose ~5 words from stock list Can offer scrolling lists, auto-complete to help speed data entry Downside: more annoying for accessibility Copyright © 2013 CommonsWare, LLC
Passphrases xkcd comics reproduced under CC license from Randall Munroe, even though Hat Guy owns a $5 wrench Copyright © 2013 CommonsWare, LLC
Passphrases xkcd comics reproduced under CC license from Randall Munroe, but BYO talking horse Copyright © 2013 CommonsWare, LLC
Passphrases ● Multi-Factor Authentication – Passphrase generated in code from user-supplied pieces – Organization options ● ● Simple concatenation Concatenation with factor prefix, un-typeable divider characters Copyright © 2013 CommonsWare, LLC
Passphrases ● Multi-Factor Authentication Objectives – Longer passphrase without as much user input – Help defeat casual attacks ● Need all factors to access via your UI ● Otherwise, need to brute-force Copyright © 2013 CommonsWare, LLC
Passphrases xkcd comics reproduced under CC license from Randall Munroe. Hat Guy is not amused. Copyright © 2013 CommonsWare, LLC
Passphrases ● Multi-Factor Authentication Sources – NFC tag – QR code – Paired Bluetooth device – Wearable device app – Biometrics (e.g., fingerprint scanner) Copyright © 2013 CommonsWare, LLC
Summary ● Consider Encryption – ● ...even if you don't think you need it SQLCipher: Easiest Option for Encrypted Database – ...if you can live with the APK footprint Copyright © 2013 CommonsWare, LLC

Recommended

Rich Text Editing and Beyond
Rich Text Editing and BeyondRich Text Editing and Beyond
Rich Text Editing and BeyondCommonsWare
 
Gradle and Your Android Wearable Projects
Gradle and Your Android Wearable ProjectsGradle and Your Android Wearable Projects
Gradle and Your Android Wearable ProjectsCommonsWare
 
Getting Android Developers for Your Wearables
Getting Android Developers for Your WearablesGetting Android Developers for Your Wearables
Getting Android Developers for Your WearablesCommonsWare
 
When Microwatts Are Precious: Battery Tips for Wearable Apps
When Microwatts Are Precious: Battery Tips for Wearable AppsWhen Microwatts Are Precious: Battery Tips for Wearable Apps
When Microwatts Are Precious: Battery Tips for Wearable AppsCommonsWare
 
ExoPlayer for Application developers
ExoPlayer for Application developersExoPlayer for Application developers
ExoPlayer for Application developersHassan Abid
 
Android's HIDL: Treble in the HAL
Android's HIDL: Treble in the HALAndroid's HIDL: Treble in the HAL
Android's HIDL: Treble in the HALOpersys inc.
 
Targeting Android with Qt
Targeting Android with QtTargeting Android with Qt
Targeting Android with QtEspen Riskedal
 
Embedded Android Workshop with Oreo
Embedded Android Workshop with OreoEmbedded Android Workshop with Oreo
Embedded Android Workshop with OreoOpersys inc.
 

Recommended

Rich Text Editing and Beyond
Rich Text Editing and BeyondRich Text Editing and Beyond
Rich Text Editing and BeyondCommonsWare
 
Gradle and Your Android Wearable Projects
Gradle and Your Android Wearable ProjectsGradle and Your Android Wearable Projects
Gradle and Your Android Wearable ProjectsCommonsWare
 
Getting Android Developers for Your Wearables
Getting Android Developers for Your WearablesGetting Android Developers for Your Wearables
Getting Android Developers for Your WearablesCommonsWare
 
When Microwatts Are Precious: Battery Tips for Wearable Apps
When Microwatts Are Precious: Battery Tips for Wearable AppsWhen Microwatts Are Precious: Battery Tips for Wearable Apps
When Microwatts Are Precious: Battery Tips for Wearable AppsCommonsWare
 
ExoPlayer for Application developers
ExoPlayer for Application developersExoPlayer for Application developers
ExoPlayer for Application developersHassan Abid
 
Android's HIDL: Treble in the HAL
Android's HIDL: Treble in the HALAndroid's HIDL: Treble in the HAL
Android's HIDL: Treble in the HALOpersys inc.
 
Targeting Android with Qt
Targeting Android with QtTargeting Android with Qt
Targeting Android with QtEspen Riskedal
 
Embedded Android Workshop with Oreo
Embedded Android Workshop with OreoEmbedded Android Workshop with Oreo
Embedded Android Workshop with OreoOpersys inc.
 
Effective Spring on Kubernetes
Effective Spring on KubernetesEffective Spring on Kubernetes
Effective Spring on KubernetesNeven Cvetković
 
Embedded Android Workshop with Pie
Embedded Android Workshop with PieEmbedded Android Workshop with Pie
Embedded Android Workshop with PieOpersys inc.
 
App integration: Strategies and Tactics
App integration: Strategies and TacticsApp integration: Strategies and Tactics
App integration: Strategies and TacticsCommonsWare
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowOpersys inc.
 
The unconventional devices for the video streaming in Android
The unconventional devices for the video streaming in AndroidThe unconventional devices for the video streaming in Android
The unconventional devices for the video streaming in AndroidAlessandro Martellucci
 
Brillo / Weave Internals
Brillo / Weave InternalsBrillo / Weave Internals
Brillo / Weave InternalsOpersys inc.
 
Brillo/Weave Internals
Brillo/Weave InternalsBrillo/Weave Internals
Brillo/Weave InternalsOpersys inc.
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
Android Things Internals
Android Things InternalsAndroid Things Internals
Android Things InternalsOpersys inc.
 
Project Ara
Project AraProject Ara
Project AraOpersys inc.
 
Aosp+
Aosp+Aosp+
Aosp+jpuderer
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowOpersys inc.
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android WorkshopOpersys inc.
 
Embedded Android Workshop with Nougat
Embedded Android Workshop with NougatEmbedded Android Workshop with Nougat
Embedded Android Workshop with NougatOpersys inc.
 
Developing Cross platform apps in flutter (Android, iOS, Web)
Developing Cross platform apps in flutter (Android, iOS, Web)Developing Cross platform apps in flutter (Android, iOS, Web)
Developing Cross platform apps in flutter (Android, iOS, Web)Priyanka Tyagi
 
Developing Android Platform Tools
Developing Android Platform ToolsDeveloping Android Platform Tools
Developing Android Platform ToolsOpersys inc.
 
Embedded Android Workshop with Lollipop
Embedded Android Workshop with LollipopEmbedded Android Workshop with Lollipop
Embedded Android Workshop with LollipopOpersys inc.
 
Cross Platform Mobile Development using Flutter by Wei Meng Lee at Mobile foc...
Cross Platform Mobile Development using Flutter by Wei Meng Lee at Mobile foc...Cross Platform Mobile Development using Flutter by Wei Meng Lee at Mobile foc...
Cross Platform Mobile Development using Flutter by Wei Meng Lee at Mobile foc...DevClub_lv
 
Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?Opersys inc.
 
Embedded Android Workshop with Nougat
Embedded Android Workshop with NougatEmbedded Android Workshop with Nougat
Embedded Android Workshop with NougatOpersys inc.
 
Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
Android security by ravi-rai
Android security by ravi-raiAndroid security by ravi-rai
Android security by ravi-raiRavi Rai
 

More Related Content

What's hot

Effective Spring on Kubernetes
Effective Spring on KubernetesEffective Spring on Kubernetes
Effective Spring on KubernetesNeven Cvetković
 
Embedded Android Workshop with Pie
Embedded Android Workshop with PieEmbedded Android Workshop with Pie
Embedded Android Workshop with PieOpersys inc.
 
App integration: Strategies and Tactics
App integration: Strategies and TacticsApp integration: Strategies and Tactics
App integration: Strategies and TacticsCommonsWare
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowOpersys inc.
 
The unconventional devices for the video streaming in Android
The unconventional devices for the video streaming in AndroidThe unconventional devices for the video streaming in Android
The unconventional devices for the video streaming in AndroidAlessandro Martellucci
 
Brillo / Weave Internals
Brillo / Weave InternalsBrillo / Weave Internals
Brillo / Weave InternalsOpersys inc.
 
Brillo/Weave Internals
Brillo/Weave InternalsBrillo/Weave Internals
Brillo/Weave InternalsOpersys inc.
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and DevelopmentOpersys inc.
 
Android Things Internals
Android Things InternalsAndroid Things Internals
Android Things InternalsOpersys inc.
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowOpersys inc.
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android WorkshopOpersys inc.
 
Embedded Android Workshop with Nougat
Embedded Android Workshop with NougatEmbedded Android Workshop with Nougat
Embedded Android Workshop with NougatOpersys inc.
 
Developing Cross platform apps in flutter (Android, iOS, Web)
Developing Cross platform apps in flutter (Android, iOS, Web)Developing Cross platform apps in flutter (Android, iOS, Web)
Developing Cross platform apps in flutter (Android, iOS, Web)Priyanka Tyagi
 
Developing Android Platform Tools
Developing Android Platform ToolsDeveloping Android Platform Tools
Developing Android Platform ToolsOpersys inc.
 
Embedded Android Workshop with Lollipop
Embedded Android Workshop with LollipopEmbedded Android Workshop with Lollipop
Embedded Android Workshop with LollipopOpersys inc.
 
Cross Platform Mobile Development using Flutter by Wei Meng Lee at Mobile foc...
Cross Platform Mobile Development using Flutter by Wei Meng Lee at Mobile foc...Cross Platform Mobile Development using Flutter by Wei Meng Lee at Mobile foc...
Cross Platform Mobile Development using Flutter by Wei Meng Lee at Mobile foc...DevClub_lv
 
Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?Opersys inc.
 
Embedded Android Workshop with Nougat
Embedded Android Workshop with NougatEmbedded Android Workshop with Nougat
Embedded Android Workshop with NougatOpersys inc.
 

What's hot (20)

Effective Spring on Kubernetes
Effective Spring on KubernetesEffective Spring on Kubernetes
Effective Spring on Kubernetes
 
Embedded Android Workshop with Pie
Embedded Android Workshop with PieEmbedded Android Workshop with Pie
Embedded Android Workshop with Pie
 
App integration: Strategies and Tactics
App integration: Strategies and TacticsApp integration: Strategies and Tactics
App integration: Strategies and Tactics
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with Marshmallow
 
The unconventional devices for the video streaming in Android
The unconventional devices for the video streaming in AndroidThe unconventional devices for the video streaming in Android
The unconventional devices for the video streaming in Android
 
Brillo / Weave Internals
Brillo / Weave InternalsBrillo / Weave Internals
Brillo / Weave Internals
 
Brillo/Weave Internals
Brillo/Weave InternalsBrillo/Weave Internals
Brillo/Weave Internals
 
Android Platform Debugging and Development
Android Platform Debugging and DevelopmentAndroid Platform Debugging and Development
Android Platform Debugging and Development
 
Android Things Internals
Android Things InternalsAndroid Things Internals
Android Things Internals
 
Project Ara
Project AraProject Ara
Project Ara
 
Aosp+
Aosp+Aosp+
Aosp+
 
Embedded Android Workshop with Marshmallow
Embedded Android Workshop with MarshmallowEmbedded Android Workshop with Marshmallow
Embedded Android Workshop with Marshmallow
 
Embedded Android Workshop
Embedded Android WorkshopEmbedded Android Workshop
Embedded Android Workshop
 
Embedded Android Workshop with Nougat
Embedded Android Workshop with NougatEmbedded Android Workshop with Nougat
Embedded Android Workshop with Nougat
 
Developing Cross platform apps in flutter (Android, iOS, Web)
Developing Cross platform apps in flutter (Android, iOS, Web)Developing Cross platform apps in flutter (Android, iOS, Web)
Developing Cross platform apps in flutter (Android, iOS, Web)
 
Developing Android Platform Tools
Developing Android Platform ToolsDeveloping Android Platform Tools
Developing Android Platform Tools
 
Embedded Android Workshop with Lollipop
Embedded Android Workshop with LollipopEmbedded Android Workshop with Lollipop
Embedded Android Workshop with Lollipop
 
Cross Platform Mobile Development using Flutter by Wei Meng Lee at Mobile foc...
Cross Platform Mobile Development using Flutter by Wei Meng Lee at Mobile foc...Cross Platform Mobile Development using Flutter by Wei Meng Lee at Mobile foc...
Cross Platform Mobile Development using Flutter by Wei Meng Lee at Mobile foc...
 
Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?Android Treble: Blessing or Trouble?
Android Treble: Blessing or Trouble?
 
Embedded Android Workshop with Nougat
Embedded Android Workshop with NougatEmbedded Android Workshop with Nougat
Embedded Android Workshop with Nougat
 

Viewers also liked

Android Security
Android SecurityAndroid Security
Android SecurityLars Jacobs
 
Android security by ravi-rai
Android security by ravi-raiAndroid security by ravi-rai
Android security by ravi-raiRavi Rai
 
History of Android Security – from linux to jelly bean
History of Android Security – from linux to jelly beanHistory of Android Security – from linux to jelly bean
History of Android Security – from linux to jelly beanJung Pil (J.P.) Choi
 
Google Android Security 2014 Report
Google Android Security 2014 ReportGoogle Android Security 2014 Report
Google Android Security 2014 ReportRonen Mendezitsky
 
Android OS and its Features
Android OS and its FeaturesAndroid OS and its Features
Android OS and its FeaturesHarshad Lokhande
 
SydMobNet March 2016: Matthew Robbins - Android M Security Policies
SydMobNet March 2016: Matthew Robbins - Android M Security PoliciesSydMobNet March 2016: Matthew Robbins - Android M Security Policies
SydMobNet March 2016: Matthew Robbins - Android M Security PoliciesAlec Tucker
 
The 25 hour of day | Mawa3ed
The 25 hour of day | Mawa3edThe 25 hour of day | Mawa3ed
The 25 hour of day | Mawa3edAhmed Faris
 
Android Internals (This is not the droid you’re loking for...)
Android Internals (This is not the droid you’re loking for...)Android Internals (This is not the droid you’re loking for...)
Android Internals (This is not the droid you’re loking for...)Giacomo Bergami
 
Android application for gps
Android application for gpsAndroid application for gps
Android application for gpsSutej Chakka
 
Смирнов Александр, Security in Android Application
Смирнов Александр, Security in Android ApplicationСмирнов Александр, Security in Android Application
Смирнов Александр, Security in Android ApplicationSECON
 
SecureDroid: An Android Security Framework Extension for Context-Aware policy...
SecureDroid: An Android Security Framework Extension for Context-Aware policy...SecureDroid: An Android Security Framework Extension for Context-Aware policy...
SecureDroid: An Android Security Framework Extension for Context-Aware policy...Giuseppe La Torre
 
Android security
Android securityAndroid security
Android securityMobile Rtpl
 
Android Project report on City Tourist Location based services (Shuja ul hassan)
Android Project report on City Tourist Location based services (Shuja ul hassan)Android Project report on City Tourist Location based services (Shuja ul hassan)
Android Project report on City Tourist Location based services (Shuja ul hassan)Shuja Hassan
 
600.250 UI Cross Platform Development and the Android Security Model
600.250 UI Cross Platform Development and the Android Security Model600.250 UI Cross Platform Development and the Android Security Model
600.250 UI Cross Platform Development and the Android Security ModelMichael Rushanan
 
Android audio system(audioplicy_service)
Android audio system(audioplicy_service)Android audio system(audioplicy_service)
Android audio system(audioplicy_service)fefe7270
 
Security threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsSecurity threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsHariharan Ganesan
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft
 
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthinkspa
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development Cheng-Yi Yu
 
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionTandhy Simanjuntak
 

Viewers also liked (20)

Android Security
Android SecurityAndroid Security
Android Security
 
Android security by ravi-rai
Android security by ravi-raiAndroid security by ravi-rai
Android security by ravi-rai
 
History of Android Security – from linux to jelly bean
History of Android Security – from linux to jelly beanHistory of Android Security – from linux to jelly bean
History of Android Security – from linux to jelly bean
 
Google Android Security 2014 Report
Google Android Security 2014 ReportGoogle Android Security 2014 Report
Google Android Security 2014 Report
 
Android OS and its Features
Android OS and its FeaturesAndroid OS and its Features
Android OS and its Features
 
SydMobNet March 2016: Matthew Robbins - Android M Security Policies
SydMobNet March 2016: Matthew Robbins - Android M Security PoliciesSydMobNet March 2016: Matthew Robbins - Android M Security Policies
SydMobNet March 2016: Matthew Robbins - Android M Security Policies
 
The 25 hour of day | Mawa3ed
The 25 hour of day | Mawa3edThe 25 hour of day | Mawa3ed
The 25 hour of day | Mawa3ed
 
Android Internals (This is not the droid you’re loking for...)
Android Internals (This is not the droid you’re loking for...)Android Internals (This is not the droid you’re loking for...)
Android Internals (This is not the droid you’re loking for...)
 
Android application for gps
Android application for gpsAndroid application for gps
Android application for gps
 
Смирнов Александр, Security in Android Application
Смирнов Александр, Security in Android ApplicationСмирнов Александр, Security in Android Application
Смирнов Александр, Security in Android Application
 
SecureDroid: An Android Security Framework Extension for Context-Aware policy...
SecureDroid: An Android Security Framework Extension for Context-Aware policy...SecureDroid: An Android Security Framework Extension for Context-Aware policy...
SecureDroid: An Android Security Framework Extension for Context-Aware policy...
 
Android security
Android securityAndroid security
Android security
 
Android Project report on City Tourist Location based services (Shuja ul hassan)
Android Project report on City Tourist Location based services (Shuja ul hassan)Android Project report on City Tourist Location based services (Shuja ul hassan)
Android Project report on City Tourist Location based services (Shuja ul hassan)
 
600.250 UI Cross Platform Development and the Android Security Model
600.250 UI Cross Platform Development and the Android Security Model600.250 UI Cross Platform Development and the Android Security Model
600.250 UI Cross Platform Development and the Android Security Model
 
Android audio system(audioplicy_service)
Android audio system(audioplicy_service)Android audio system(audioplicy_service)
Android audio system(audioplicy_service)
 
Security threats in Android OS + App Permissions
Security threats in Android OS + App PermissionsSecurity threats in Android OS + App Permissions
Security threats in Android OS + App Permissions
 
Sperasoft talks: Android Security Threats
Sperasoft talks: Android Security ThreatsSperasoft talks: Android Security Threats
Sperasoft talks: Android Security Threats
 
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
Consulthink @ GDG Meets U - L'Aquila2014 - Codelab: Android Security -Il ke...
 
2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development 2015.04.24 Updated > Android Security Development - Part 1: App Development
2015.04.24 Updated > Android Security Development - Part 1: App Development
 
Permission in Android Security: Threats and solution
Permission in Android Security: Threats and solutionPermission in Android Security: Threats and solution
Permission in Android Security: Threats and solution
 

Similar to Android Security: Defending Your Users

Securing User Data with SQLCipher
Securing User Data with SQLCipherSecuring User Data with SQLCipher
Securing User Data with SQLCipherCommonsWare
 
The Ultimate Android Security Checklist (AnDevCon Boston 2014)
The Ultimate Android Security Checklist (AnDevCon Boston 2014)The Ultimate Android Security Checklist (AnDevCon Boston 2014)
The Ultimate Android Security Checklist (AnDevCon Boston 2014)Ron Munitz
 
The Ultimate Android Security Checklist (Mdevcon 2014)
The Ultimate Android Security Checklist (Mdevcon 2014)The Ultimate Android Security Checklist (Mdevcon 2014)
The Ultimate Android Security Checklist (Mdevcon 2014)Ron Munitz
 
App Integration (Revised and Updated)
App Integration (Revised and Updated)App Integration (Revised and Updated)
App Integration (Revised and Updated)CommonsWare
 
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015Codemotion
 
Workshop su Android Kernel Hacking
Workshop su Android Kernel HackingWorkshop su Android Kernel Hacking
Workshop su Android Kernel HackingDeveler S.r.l.
 
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)Ron Munitz
 
[Gstar 2013] Unity Security
[Gstar 2013] Unity Security[Gstar 2013] Unity Security
[Gstar 2013] Unity SecuritySeungmin Shin
 
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)Ron Munitz
 
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Ron Munitz
 
Androidoverview 100405150711-phpapp01
Androidoverview 100405150711-phpapp01Androidoverview 100405150711-phpapp01
Androidoverview 100405150711-phpapp01Santosh Sh
 
Game Analytics at London Apache Druid Meetup
Game Analytics at London Apache Druid MeetupGame Analytics at London Apache Druid Meetup
Game Analytics at London Apache Druid MeetupJelena Zanko
 
Looking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad SavitskyLooking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad SavitskyVlad Savitsky
 
Android Development: The 20,000-Foot View
Android Development: The 20,000-Foot ViewAndroid Development: The 20,000-Foot View
Android Development: The 20,000-Foot ViewCommonsWare
 
Developer's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web CryptographyDeveloper's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web CryptographyKevin Hakanson
 
What's New in Jelly Bean
What's New in Jelly BeanWhat's New in Jelly Bean
What's New in Jelly BeanCommonsWare
 
Building a Modern Enterprise SOA at LinkedIn
Building a Modern Enterprise SOA at LinkedInBuilding a Modern Enterprise SOA at LinkedIn
Building a Modern Enterprise SOA at LinkedInJens Pillgram-Larsen
 

Similar to Android Security: Defending Your Users (20)

Securing User Data with SQLCipher
Securing User Data with SQLCipherSecuring User Data with SQLCipher
Securing User Data with SQLCipher
 
Android Attacks
Android AttacksAndroid Attacks
Android Attacks
 
The Ultimate Android Security Checklist (AnDevCon Boston 2014)
The Ultimate Android Security Checklist (AnDevCon Boston 2014)The Ultimate Android Security Checklist (AnDevCon Boston 2014)
The Ultimate Android Security Checklist (AnDevCon Boston 2014)
 
The Ultimate Android Security Checklist (Mdevcon 2014)
The Ultimate Android Security Checklist (Mdevcon 2014)The Ultimate Android Security Checklist (Mdevcon 2014)
The Ultimate Android Security Checklist (Mdevcon 2014)
 
X Means Y
X Means YX Means Y
X Means Y
 
App Integration (Revised and Updated)
App Integration (Revised and Updated)App Integration (Revised and Updated)
App Integration (Revised and Updated)
 
Help Doctor, my application is an onion!
Help Doctor, my application is an onion!Help Doctor, my application is an onion!
Help Doctor, my application is an onion!
 
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
 
Workshop su Android Kernel Hacking
Workshop su Android Kernel HackingWorkshop su Android Kernel Hacking
Workshop su Android Kernel Hacking
 
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
The Ultimate Android Security Checklist (Codemotion Tel-Aviv, 2014)
 
[Gstar 2013] Unity Security
[Gstar 2013] Unity Security[Gstar 2013] Unity Security
[Gstar 2013] Unity Security
 
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
Building android for the Cloud: Android as a Server (AnDevConBoston 2014)
 
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
Building Android for the Cloud: Android as a Server (Mobile World Congress 2014)
 
Androidoverview 100405150711-phpapp01
Androidoverview 100405150711-phpapp01Androidoverview 100405150711-phpapp01
Androidoverview 100405150711-phpapp01
 
Game Analytics at London Apache Druid Meetup
Game Analytics at London Apache Druid MeetupGame Analytics at London Apache Druid Meetup
Game Analytics at London Apache Druid Meetup
 
Looking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad SavitskyLooking for Vulnerable Code. Vlad Savitsky
Looking for Vulnerable Code. Vlad Savitsky
 
Android Development: The 20,000-Foot View
Android Development: The 20,000-Foot ViewAndroid Development: The 20,000-Foot View
Android Development: The 20,000-Foot View
 
Developer's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web CryptographyDeveloper's Guide to JavaScript and Web Cryptography
Developer's Guide to JavaScript and Web Cryptography
 
What's New in Jelly Bean
What's New in Jelly BeanWhat's New in Jelly Bean
What's New in Jelly Bean
 
Building a Modern Enterprise SOA at LinkedIn
Building a Modern Enterprise SOA at LinkedInBuilding a Modern Enterprise SOA at LinkedIn
Building a Modern Enterprise SOA at LinkedIn
 

More from CommonsWare

The Action Bar: Front to Back
The Action Bar: Front to BackThe Action Bar: Front to Back
The Action Bar: Front to BackCommonsWare
 
Secondary Screen Support Using DisplayManager
Secondary Screen Support Using DisplayManagerSecondary Screen Support Using DisplayManager
Secondary Screen Support Using DisplayManagerCommonsWare
 
Mastering the Master Detail Pattern
Mastering the Master Detail PatternMastering the Master Detail Pattern
Mastering the Master Detail PatternCommonsWare
 
Not Quite As Painful Threading
Not Quite As Painful ThreadingNot Quite As Painful Threading
Not Quite As Painful ThreadingCommonsWare
 
Maps V2... And You!
Maps V2... And You!Maps V2... And You!
Maps V2... And You!CommonsWare
 
A Deep Dive Into ViewPager
A Deep Dive Into ViewPagerA Deep Dive Into ViewPager
A Deep Dive Into ViewPagerCommonsWare
 
Second-Screen Support in Android 4.2
Second-Screen Support in Android 4.2Second-Screen Support in Android 4.2
Second-Screen Support in Android 4.2CommonsWare
 
Integrate Android Apps and Web Apps
Integrate Android Apps and Web AppsIntegrate Android Apps and Web Apps
Integrate Android Apps and Web AppsCommonsWare
 
From Android to the Mobile Web
From Android to the Mobile WebFrom Android to the Mobile Web
From Android to the Mobile WebCommonsWare
 
The Wonderful World of Wearables
The Wonderful World of WearablesThe Wonderful World of Wearables
The Wonderful World of WearablesCommonsWare
 
Beaming Data to Devices with NFC
Beaming Data to Devices with NFCBeaming Data to Devices with NFC
Beaming Data to Devices with NFCCommonsWare
 
Making Money at Mobile: 60 Business Models
Making Money at Mobile: 60 Business ModelsMaking Money at Mobile: 60 Business Models
Making Money at Mobile: 60 Business ModelsCommonsWare
 
AppsWorld Keynote
AppsWorld KeynoteAppsWorld Keynote
AppsWorld KeynoteCommonsWare
 
Backwards Compatibility: Strategies and Tactics
Backwards Compatibility: Strategies and TacticsBackwards Compatibility: Strategies and Tactics
Backwards Compatibility: Strategies and TacticsCommonsWare
 
Android Hardware That's A Little Bit... Odd
Android Hardware That's A Little Bit... OddAndroid Hardware That's A Little Bit... Odd
Android Hardware That's A Little Bit... OddCommonsWare
 
Google TV For Fun
Google TV For FunGoogle TV For Fun
Google TV For FunCommonsWare
 
If I Were Starting Now
If I Were Starting NowIf I Were Starting Now
If I Were Starting NowCommonsWare
 
Tuning Android Applications (Part Deux)
Tuning Android Applications (Part Deux)Tuning Android Applications (Part Deux)
Tuning Android Applications (Part Deux)CommonsWare
 
Tuning Android Applications (Part One)
Tuning Android Applications (Part One)Tuning Android Applications (Part One)
Tuning Android Applications (Part One)CommonsWare
 
Android Library Projects
Android Library ProjectsAndroid Library Projects
Android Library ProjectsCommonsWare
 

More from CommonsWare (20)

The Action Bar: Front to Back
The Action Bar: Front to BackThe Action Bar: Front to Back
The Action Bar: Front to Back
 
Secondary Screen Support Using DisplayManager
Secondary Screen Support Using DisplayManagerSecondary Screen Support Using DisplayManager
Secondary Screen Support Using DisplayManager
 
Mastering the Master Detail Pattern
Mastering the Master Detail PatternMastering the Master Detail Pattern
Mastering the Master Detail Pattern
 
Not Quite As Painful Threading
Not Quite As Painful ThreadingNot Quite As Painful Threading
Not Quite As Painful Threading
 
Maps V2... And You!
Maps V2... And You!Maps V2... And You!
Maps V2... And You!
 
A Deep Dive Into ViewPager
A Deep Dive Into ViewPagerA Deep Dive Into ViewPager
A Deep Dive Into ViewPager
 
Second-Screen Support in Android 4.2
Second-Screen Support in Android 4.2Second-Screen Support in Android 4.2
Second-Screen Support in Android 4.2
 
Integrate Android Apps and Web Apps
Integrate Android Apps and Web AppsIntegrate Android Apps and Web Apps
Integrate Android Apps and Web Apps
 
From Android to the Mobile Web
From Android to the Mobile WebFrom Android to the Mobile Web
From Android to the Mobile Web
 
The Wonderful World of Wearables
The Wonderful World of WearablesThe Wonderful World of Wearables
The Wonderful World of Wearables
 
Beaming Data to Devices with NFC
Beaming Data to Devices with NFCBeaming Data to Devices with NFC
Beaming Data to Devices with NFC
 
Making Money at Mobile: 60 Business Models
Making Money at Mobile: 60 Business ModelsMaking Money at Mobile: 60 Business Models
Making Money at Mobile: 60 Business Models
 
AppsWorld Keynote
AppsWorld KeynoteAppsWorld Keynote
AppsWorld Keynote
 
Backwards Compatibility: Strategies and Tactics
Backwards Compatibility: Strategies and TacticsBackwards Compatibility: Strategies and Tactics
Backwards Compatibility: Strategies and Tactics
 
Android Hardware That's A Little Bit... Odd
Android Hardware That's A Little Bit... OddAndroid Hardware That's A Little Bit... Odd
Android Hardware That's A Little Bit... Odd
 
Google TV For Fun
Google TV For FunGoogle TV For Fun
Google TV For Fun
 
If I Were Starting Now
If I Were Starting NowIf I Were Starting Now
If I Were Starting Now
 
Tuning Android Applications (Part Deux)
Tuning Android Applications (Part Deux)Tuning Android Applications (Part Deux)
Tuning Android Applications (Part Deux)
 
Tuning Android Applications (Part One)
Tuning Android Applications (Part One)Tuning Android Applications (Part One)
Tuning Android Applications (Part One)
 
Android Library Projects
Android Library ProjectsAndroid Library Projects
Android Library Projects
 

Recently uploaded

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Recently uploaded (20)

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

Android Security: Defending Your Users

  • 1. droidcon UK 2013 Android Security: Defending Your Users Copyright © 2013 CommonsWare, LLC
  • 2. Your Users' Bad Guys ● ● Different Users Have Different Security Concerns Do Not Assume All Users Are the Same as You – ● ...unless you are your only user Your Users' Collective Threats = Your Threats Copyright © 2013 CommonsWare, LLC
  • 3. Rest and Motion Followed By More Rest, Because Motion is Tiring ● Securing Data at Rest = Local Storage – – SharedPreferences – ● Databases Other Types of Files Securing Data in Motion = Internet (mostly) – SSL – OTR Copyright © 2013 CommonsWare, LLC
  • 4. The Droid Is Not Enough ● Lock Screen? – ● Internal Storage? – ● Mechanical brute forcing Rooting Full-Disk Crypto? – Digital brute forcing Copyright © 2013 CommonsWare, LLC
  • 5. Your Objectives (One Hopes) ● Cheap and Easy Security – – ● Only have so much time to budget Aiming for “low hanging fruit” Effective Security – “Using CryptoLint, we performed a study on cryptographic implementations in 11,748 Android applications. Overall we find that 10,327 programs – 88% in total – use cryptography inappropriately. The raw scale of misuse indicates a widespread misunderstanding of how to properly use cryptography in Android development.” Copyright © 2013 CommonsWare, LLC
  • 6. You're Doing It Wrong ● Hardcoded Passphrases ● Manually Seeding SecureRandom – ...with a hardcoded seed ● Hardcoded Salts ● Insufficient Key Generation Iterations ● Non-Random Initialization Vectors Copyright © 2013 CommonsWare, LLC
  • 7. Introducing SQLCipher ● SQLCipher – Modified version of SQLite – AES-256 encryption by default, of all data – Relatively low overhead – Cross-platform – BSD license Copyright © 2013 CommonsWare, LLC
  • 8. Introducing SQLCipher ● SQLCipher Security – Customizable encryption algorithm ● Based on OpenSSL libcrypto – Individual pages encrypted, with own initialization vector – Message authentication code (MAC) per page, to detect tampering – Hashed passphrase (PBKDF2) for key ● 4,000 iterations, moving to 64,000 for 3.0 Copyright © 2013 CommonsWare, LLC
  • 9. Introducing SQLCipher ● SQLCipher for Android – NDK-compiled binaries – Drop-in replacement classes for Android's SQLite classes ● ● SQLiteOpenHelper ● – SQLiteDatabase Etc. Modify your code, third-party libraries also using SQLite Copyright © 2013 CommonsWare, LLC
  • 10. Integrating SQLCipher ● Step #1: Add to Project – Download ZIP file from: http://sqlcipher.net/downloads/ – Copy ZIP's assets/ into project's assets/ – Copy ZIP's libs/ into project's libs/ Copyright © 2013 CommonsWare, LLC
  • 11. Integrating SQLCipher ● Step #2: Replace Import Statements – Eclipse ● ● Delete all android.database.* and android.database.sqlite.* imports Use Ctrl-Shift-O and choose the net.sqlcipher equivalents Copyright © 2013 CommonsWare, LLC
  • 12. Integrating SQLCipher ● Step #2: Replace Import Statements – Outside of Eclipse ● ● Replace all occurrences of android.database with net.sqlcipher, revert back as needed Replace all occurrences of android.database.sqlite with net.sqlcipher.database Copyright © 2013 CommonsWare, LLC
  • 13. Integrating SQLCipher ● Step #3: Supply Passphrases – SQLiteDatabase openOrCreateDatabase(), etc. – SQLiteOpenHelper getReadableDatabase() and getWritableDatabase() – Collect passphrase from user via your own UI Copyright © 2013 CommonsWare, LLC
  • 14. Integrating SQLCipher ● Step #4: Testing – Tests should work when starting with a clean install ● ● No existing unencrypted database Step #5: Beer! – Hooray, beer! Copyright © 2013 CommonsWare, LLC
  • 15. Integrating SQLCipher ● Other Integration Issues – Upgrading to encryption – Loaders ● – CWAC-LoaderEx ContentProvider ● Can work, but need to get passphrase to it before using the database (e.g., call()) Copyright © 2013 CommonsWare, LLC
  • 16. Integrating SQLCipher ● About the Bloat – 4MB base – Additional ~5MB for x86 – Additional ~3MB for ARM – Why? ● Complete independent copy of SQLite ● Static library implementation of OpenSSL ● Independent copy of ICU collation ruleset Copyright © 2013 CommonsWare, LLC
  • 17. Integrating SQLCipher ● Using For Other Sorts of Data – SharedPreferences ● ● – CWAC-Prefs has SharedPreferencesEx, allow storage in SQLite/SQLCipher for Android Downside: no preference screen support IOCipher ● Virtual filesystem, backed by SQLCipher for Android Copyright © 2013 CommonsWare, LLC
  • 18. Passphrases ● Passphrase Entry Pain – Users do not like typing long passwords – Result = weaker quality – Option: “diceware” ● ● ● Choose ~5 words from stock list Can offer scrolling lists, auto-complete to help speed data entry Downside: more annoying for accessibility Copyright © 2013 CommonsWare, LLC
  • 19. Passphrases xkcd comics reproduced under CC license from Randall Munroe, even though Hat Guy owns a $5 wrench Copyright © 2013 CommonsWare, LLC
  • 20. Passphrases xkcd comics reproduced under CC license from Randall Munroe, but BYO talking horse Copyright © 2013 CommonsWare, LLC
  • 21. Passphrases ● Multi-Factor Authentication – Passphrase generated in code from user-supplied pieces – Organization options ● ● Simple concatenation Concatenation with factor prefix, un-typeable divider characters Copyright © 2013 CommonsWare, LLC
  • 22. Passphrases ● Multi-Factor Authentication Objectives – Longer passphrase without as much user input – Help defeat casual attacks ● Need all factors to access via your UI ● Otherwise, need to brute-force Copyright © 2013 CommonsWare, LLC
  • 23. Passphrases xkcd comics reproduced under CC license from Randall Munroe. Hat Guy is not amused. Copyright © 2013 CommonsWare, LLC
  • 24. Passphrases ● Multi-Factor Authentication Sources – NFC tag – QR code – Paired Bluetooth device – Wearable device app – Biometrics (e.g., fingerprint scanner) Copyright © 2013 CommonsWare, LLC
  • 25. Summary ● Consider Encryption – ● ...even if you don't think you need it SQLCipher: Easiest Option for Encrypted Database – ...if you can live with the APK footprint Copyright © 2013 CommonsWare, LLC