Just like any other software system, Android has its own list of security problems.
It is a race between hackers and Android platform developers. Some of the most eligible security professionals are handling the security of Android platform, but what about the application you are going to release to millions of users via Play store? Can a user “trust” your app?
If you think about it, the user of your application can be a malicious hacker who can decompile your application, get hold of your secret keys, abuse application permissions, read secret data from phone and cause havoc for a normal user.
As a whole, any system supports a flexible degree of collaboration between applications, where dependencies can be simple or complex.
These dependencies can be exploited through quirks and tricks to get data, passwords, and eventually own your application.
Let us think about it…
Can an innocuous looking permission enable a hacker to read loads of private data from your phone and indirectly from your app?
Can locally saved data be accessed and used by the hacker against you.
In this talk, we would demonstrate how neglecting Android security model enables hackers to abuse your application and give him/her an opportunity to tear apart your reputation.
We would also talk about how a developer can “secure” their applications using Android secure coding guidelines.
By the end of the session, we shall get a deeper understanding of permission model and securely implementing Android components which can prevent leak of sensitive data.
