Conference: Nov 13-15, 2017
Workshops: Nov 16-17, 2017
Presentation: Exploring the Android APK
Duration
Level:
- Intermediate
Persona:
- Mobile Developer
Key Takeaways
- Learn about common vulnerabilities and mistakes developers make while developing Android applications.
- See first hand the vulnerabilities in a working android application.
- Hear best practices on securing Android applications.
Abstract
If you own an Android device, you’ve more than likely heard of an APK file. How easy are Android distributables to examine and extract information?
Some companies assume resources, APIs and more are private among the APK while others, aware of the risk, take part in a constant cat and mouse game of application security. A variety of tools have additionally emerged to make the extracting of contents from an APK much more difficult.
In this talk we will look at the Android package and examine how we can explore it in order to extract information while looking at some of the products and tools used by both sides.
Interview
I would say a developer. I want to really talk to the guys who are building the applications since they are making some of these mistakes.
For those that aren’t mobile developers but control a team (perhaps building the server side for a mobile team), the talk will give some insight into the mobile products at their company. Hopefully, it will prompt them to ask questions on the security of the company’s mobile apps or maybe spark the thought of what they may be exposing through their mobile applications.
A lot of companies outsource their mobile applications, so they can get a product quickly. Doing that often exposes much more than they even thought was possible from their company. So I want to show people how easy it is to figure out how these applications work and then make my own requests against their system.
A lot of people have been moving towards moving core functions into the native files of their application using the Android NDK. If you do certificate pinning and all your network talk through a native library versus sitting at the Java level, then you have a lot more flexibility to prevent people from inspecting or modifying your requests. As modifying native files is a lot more difficult than changing a dex file.
I hear so much about Cloud this, Cloud that, from upper management and they just don’t know what it means and are just throwing the words around. I guess that is not even a tech, but buzzwords are probably what I think is hurting the most.
Similar Talks
.
Tracks
Monday Nov 7
-
Architectures You've Always Wondered About
You know the names. Now learn lessons from their architectures
-
Distributed Systems War Stories
“A distributed system is one in which the failure of a computer you didn't even know existed can render your own computer unusable.” - Lamport.
-
Containers Everywhere
State of the art in Container deployment, management, scheduling
-
Art of Relevancy and Recommendations
Lessons on the adoption of practical, real-world machine learning practices. AI & Deep learning explored.
-
Next Generation Web Standards, Frameworks, and Techniques
JavaScript, HTML5, WASM, and more... innovations targetting the browser
-
Optimize You
Keeping life in balance is a challenge. Learn lifehacks, tips, & techniques for success.
Tuesday Nov 8
-
Next Generation Microservices
What will microservices look like in 3 years? What if we could start over?
-
Java: Are You Ready for This?
Real world lessons & prepping for JDK9. Reactive code in Java today, Performance/Optimization, Where Unsafe is heading, & JVM compile interface.
-
Big Data Meets the Cloud
Overviews and lessons learned from companies that have implemented their Big Data use-cases in the Cloud
-
Evolving DevOps
Lessons/stories on optimizing the deployment pipeline
-
Software Engineering Softskills
Great engineers do more than code. Learn their secrets and level up.
-
Modern CS in the Real World
Applied, practical, & real-world dive into industry adoption of modern CS ideas
Wednesday Nov 9
-
Architecting for Failure
Your system will fail. Take control before it takes you with it.
-
Stream Processing
Stream Processing, Near-Real Time Processing
-
Bare Metal Performance
Native languages, kernel bypass, tooling - make the most of your hardware
-
Culture as a Differentiator
The why and how for building successful engineering cultures
-
//TODO: Security <-- fix this
Building security from the start. Stories, lessons, and innovations advancing the field of software security.
-
UX Reimagined
Bots, virtual reality, voice, and new thought processes around design. The track explores the current art of the possible in UX and lessons from early adoption.