Android Security Internals
Submitted by Kartik Lalan (@kartiklalan) on Friday, 29 July 2016
Security implementation from OS level, extending till App level security, covering best practices for making applications. Focus on how Security has been implemented from OS side, how certain vulnerabilities are exploited and what mistakes do app developers do which can be exploited. This will be a hands-on session, which will involve introduction to OS from scratch and will cover advance topics which followers can easily grasp.
Patern of workshop will be initial introduction to new concepts, then implementing them and Small challenges will be offered so that participants can relate with real world scenario.
Intended for Android Developers, Team-Leads, Architects, Security Engineers.
Concepts like Keystore, Rooting Detection, MSF Shell code, Reverse Engineering app, ADB commands, App ID - Sandbox, Signing Apps, etc.
Hardware - Laptop running MAC/Linux/Windows + Rooted Android phone/Tablet or even emulator will work
Below link contains setups needed during workshop - supporting Windows/Macintosh host, same will be available for Linux over the Internet.
(Mandatory) Also make sure to have Android Studio with Virtual Device ready (refer- http://nestedif.com/android-environment-tools/creating-new-android-virtual-device-emulator-using-android-studio/ also enable virtualization from BIOS + download HAXM from AVD Manager https://www.youtube.com/watch?v=7ek1ZPqZEWw )
A Computer Science graduate, working on Android & Info-Security. I also write technical Blogs in leisure time - www.nestedif.com. M.Tech. in CS with Specialization in Information & Network Security. Prior to my M.Tech. I have been working as Android Developer. Currently working as Security Engineer at Security Centre of Excellence - Philips Innovation Campus. I am much interested in exploring out of box exploits.
Conduct Frequent talks and workshops on Android and Info.Sec at several places including OWASP - Null Bangalore Chapter.