droidconIN 2016

The sixth edition of droidconIN

Are you Repeating Mistakes made by PokemonGo Developers ?

Submitted by Abhinandan Kothari (@abhinandankothari) on Wednesday, 10 August 2016

videocam_off

Technical level

Beginner

Section

Crisp talk (15 minutes)

Status

Submitted

Vote on this proposal

Login to vote

Total votes:  +10

Abstract

It is not only Pokemon-Go developers but mostly everyone including me at Gojek made these mistakes. In this talk I will sharing my experience on how to implement 14 Layers of Security in your Android app to prevent your app from hacking/security exploits and make it harder for reverse engineering.

Intended audience: Everyone who cares about securing their android source code.

Key Takeaways: Code-snippets/Live Examples along with best practices for Do’s and Dont’s that I have used in GoJek engineering to implement these 14 layers

Outline

My Talk is outlined in two parts:
Story

Case-Study: PokemonGo

Case-Study: Problems we faced at GoBis(Go-Jek Driver App)

Step by step implementation of 14 Layers of Security covering Example and Code Snippets for each step

  1. Name Obfuscation
  2. String Encryption
  3. Class Obfuscation
  4. Reflection
  5. Code Obfuscation
  6. Class Encryption
  7. Assets Encryption
  8. Resource Encryption
  9. Removing Logging Code and Stacktraces
  10. Tamper Detection
  11. Network Layer Security
  12. SSL pinning
  13. GRPC
  14. Environmental Safeguard Checks

Speaker bio

Abhinandan Kothari is Product Engineer at Gojek currently working on Android Ecosystem
This year he spoke at Rubyconfindia 2016, Kochi on Function Testing of Mobile Apps using Appium
and
last year he spoke at Deccanrubyconf 2015,Pune on Web Marries Ruby
He is also a Scholarship student at Android Nanodegree from Google and Udacity.

Slides

https://speakerdeck.com/abhinandan/droidconin-16

Comments

Login with Twitter or Google to leave a comment