Droidcon India 2014

Droidcon India’s fourth edition

Android App (Vulner)ability

Submitted by Subho Halder (@sunnyrockzzs) on Wednesday, 22 October 2014

videocam_off

Technical level

Intermediate

Section

Security – full talks

Status

Submitted

Vote on this proposal

Login to vote

Total votes:  +4

Objective

Most recently, a lot of established companies like Snapchat, Starbucks, Target, Home Depot, etc. have been through a PR disaster. Do you know why? Simply because some attacker out there found a flaw and could exploit it.

The fact is that nobody really thinks about mobile security or data privacy when buying a coffee at Starbucks or while playing Angry Birds. In the rare case that someone even thinks about security, consumers always believe that developers would have taken care of it. They think that the app is from a reputable company and obviously what could possibly go wrong.

This is why it is important for companies and developers to be more proactive rather than reactive when it comes to mobile application security. It is important to retain consumer trust if you want to stay in this game for long.

While there are numerous things to look for under security, I will be talking to developers who can address these issues when building apps.

Description

Gartner said on Sunday that in 2015, the majority of mobile applications - whether in the Android, iOS or Windows Phone ecosystems - will not have basic business-acceptable security protocols in place. Part of the issue with mobile app security is that employees download apps that access enterprise assets or perform business functions, but the security of the apps is not adequate to protect against attacks or meet the security requirements set out by company policy.

While there are numerous reasons behind mobile applications failing to achieve even the basic level of security, the research shows that 75 percent of mobile security breaches through 2017 will be caused by mobile application misconfigurations, “rather than the outcome of deeply technical attacks on mobile devices.”

This is why it is important for companies and developers to be more proactive rather than reactive when it comes to mobile application security. It is important to retain consumer trust if you want to stay in this game for long.

Speaker bio

Subho Halder (@sunnyrockzzs) is the CoFounder of Appknox by XYSec Labs, where he focusses on Android security research, product development and iOS App pentesting. He also enjoys giving talks and trainings on Android and iOS Exploitation in international conferences. His main expertise include Android Malware Analysis and Reversing, writing automated security tools and Android App Pentesting.

Links

Slides

http://www.slideshare.net/subho0071/has-geek-41193248

Comments

Login with Twitter or Google to leave a comment