Upload
angelo-rueggeberg
View
88
Download
3
Tags:
Embed Size (px)
Citation preview
DisclaimerEverything shown is to be used for educational purposes only. All Information exposed in this Presentation has the goal to teach you the techniques used by hackers in order to avoid their attacks. Please make sure before analyzing Applications that you have the Approval of the Owner/Author of the Applications you are analyzing. Hacking is a crime and I am not Responsible for the way you use it!
2
4
Overview
- Overview of the Android Framework- Manifest Security- Reverse Engineering of .APK- SQL/Shared Preferences Injections- Play Store Payment Hacking
Android Framework
- Kind of UNIX sandboxing- IPC for Inter-App Communication
- Endpoints- Configuration and Security in
AndroidManifest.xml
6
Android Framework
- Each Application has its own Username and Memory Space
- One App cannot access Resources of another App*- *almost
- Android Permission Enforcement
8
Android Framework
10
Application 1
shared_prefsfiles
cachedatabase
Application 1
shared_prefsfiles
cachedatabase
Application 2
shared_prefsfiles
cachedatabase
Android Manifest
11
source https://source.android.com/devices/tech/security/overview/app-security.html
12source http://qz.com/131436/contrary-to-what-youve-heard-android-is-almost-impenetrable-to-malware/
13source http://qz.com/131436/contrary-to-what-youve-heard-android-is-almost-impenetrable-to-malware/
Conclusion about Android Security
- Android is Secure- Users are not
- Androids Security is to Protect the System- not your Data or Application
- Security can easily be Bypassed by Users- Unknown Sources- Rooting- etc….
15
Manifest Security
- All Activities, Services, Broadcasts can be exported- Default < API 17 is exported=true
- Intents to other Applications do not Require Permissions
- Manifest can always be read- Without Root
16
Secure your Manifest
- Make Sure only Desired Things are Exported
- Logic to Verify Intents and State- e.G. Logged In State
17
Reverse Engineering APKs
- APKs are just containers like .jar or .zip- Tons of Decompile Tools
- apktool- dex2jar- etc...
19
Reverse Engineering APKs
- Use Proguard- Obfuscation
- Do not handle Sensitive Stuff inside your Application Code- keep your Clients dumb
21
SQL/Shared Prefs Injection
- Do not handle Sensitive Stuff inside your Application Code- keep your Clients dumb
- Do not Persist Sensitive Data
24
Billing Services
- Do not let your Client Verify Purchases- Only Pull Ballance- Complete Checkout/Grant Process Should
be handled by your API-
27