The document discusses Android security. It begins with an introduction to Android as the fastest growing mobile OS with over 1.5 billion downloads per month. It then notes that while Android is easy to develop for, it is also easy to create malware for Android and target users' devices as well as their friends' data. The document goes on to cover important security terms, examples of famous Android malware, the Unix and Android security models, application installation and isolation techniques, and ways for developers to test the security of their Android apps.

1. Stay Hungry, Stay Foolish!
Stay Alert, Stay Safe!
Om Shanti

2. Aboutme.apk
A Student and a Learner!
Always! :P
Harsh Dattani GDG Baroda

3. We all know!
● Fastest Growing Mobile Operating System
● 1.5 billion downloads a month and growing
● Millions of Devices running this Operating
System
● Easy (Are you sure?) to Develop Applications
● Open Source!

4. What we Don’t know!
● It’s easy to create malware and target
Android.
● Even “seem like trusty” app can be
malicious.
● It’s not that our data, but friend’s data is also
important!

5. Important Security Terms!
● Assets
● Vulnerabilities
● Attack Vectors
● Threats
● Proactive Measures
● Counter Measures
● Patches
● Malware

6. Some Famous Android Malware
● Fake Opera Browser
● Fake Angry Bird Space
● Droid Dream Malware
● Blackmart
● Cracked Apks
● Battery Savers
● And More...!

7. Unix Security Policy
1. Process Isolation
2. Hardware Isolation
3. User Permission Model
4. R/W/X Permissions to file
5. Secure IPC

8. Application Installation

9. Android Security Policy
1. Application Isolation
2. Sandbox of Application
3. Secure Communication
4. Signing the Application
5. Permission model of Application

10. Virtualization

11. Application Isolation
● Each application has own GID/UID.
● System apps also have own GID/UID.
● Based on UNIX Security Model.

12. Permission Policy (Default)
● No app can Write other app data.
● But can Read data, with due permission
● Connect to network
● Cannot Use Peripherals
● Cannot Use System APIs to Read/Send
SMS, Call..
● Cannot Load App on System Start

13. Darwin’s Theory!

14. Dalvik → ART

15. 1.0 → 6.0

16. Less Secure → More Less Secure

17. Some Steps!
1. Select popular application.
2. Reverse Engineer it.
a. Dex2jar
b. Apktool
c. Smali/Baksmali and many more..
3. Inject malicious code.
4. Distribute the app. (With new Certi)

18. Root?

19. But it’s not Free!

20. Dangers of Root!
● Isolation is gone!
● We have unknown code (Custom ROM)
● Permission Exploits
● Privacy! (Major)

21. Exploitation Frameworks
● AFE
● Santoku
● MSFvemon
● Androguard
● APKTool
● Dex2Jar

22. Security Checklist?

23. JQuery?