All Your Code Belongs To Us Dismantling Android Secrets With CodeInspect. Steven Arzt Secure Software Engineering Group Steven Arzt 1
|
|
- Rudolf Elliott
- 8 years ago
- Views:
Transcription
1 All Your Code Belongs To Us Dismantling Android Secrets With CodeInspect Steven Arzt Secure Software Engineering Group Steven Arzt 1
2 Secure Software Engineering Group Steven Arzt 2
3 All Your Code Belongs To Us Dismantling Android Secrets With CodeInspect Secure Software Engineering Group Steven Arzt 3
4 #whoami 3rd year PhD student at TU Darmstadt Researcher in the Secure Software Engineering Group Group lead: Eric Bodden Main interests: Static code analysis Smartphone security Maintainer of Soot and FlowDroid sseblog.ec-spride.de Secure Software Engineering Group Steven Arzt 4
5 Secure Software Engineering Group Steven Arzt 5
6 Android Distribution Process Developer Source code Create, modify Debug, inspect, understand User Binary code Run the app Secure Software Engineering Group Steven Arzt 6
7 Is this really true? HOW EASY IS IT TO DISMANTLE YOUR APP? Secure Software Engineering Group Steven Arzt 7
8 Android App Piracy How to secure my app against piracy I am developing an android app and I am planning to publish it (paid app). I have heard that it is very easy to pirate Android apps (much easier than iphone). I was wondering from your experience or what you know, how can increase the security of my app? I know that I can never get it 100% secured but I want to make it harder for people to pirate it or distribute it illegaly Any ideas, experiences, comments you can share? That will be greatly appreciated Source: stackoverflow.com Secure Software Engineering Group Steven Arzt 8
9 Android App Piracy Android Still Has A Massive Piracy Problem Ustwo Games, the developer behind the wildly popular mobile game Monument Valley, revealed in a series of tweets that only 5% of all Android installs of its game were paid for. In 2012, Gamasutra reported that piracy for a game called Shadowgun reached 90% on Android; a year later, developer Butterscotch Shenanigans reported that 95% of the 34,091 Android installs of its first game were unofficial. Source: uk.businessinsider.com Secure Software Engineering Group Steven Arzt 9
10 Android App Piracy Piracy On Android: How Bad Is It Really? In other words, Android users want things for free and are clever enough to know how to get those things for free. While there are a few steps that can be taken to make the cracking process less convenient, a determined pirate will be able to break through any kind of app protection if given enough time. Source: makeuseof.com Secure Software Engineering Group Steven Arzt 10
11 CodeInspect A new Binary Analysis Framework for Android and Java Bytecode Secure Software Engineering Group Steven Arzt 11
12 Android Distribution Process Developer Source code Create, modify Debug, inspect, understand User Binary code Create, modify Debug, inspect, understand Secure Software Engineering Group Steven Arzt 12
13 Why? vs Secure Software Engineering Group Steven Arzt 13
14 Android Distribution Process Fraudster Investigator Secure Software Engineering Group Steven Arzt 14
15 CodeInspect A new Binary Analysis Framework for Android and Java Bytecode Debug. Understand. Manipulate. without the source code Secure Software Engineering Group Steven Arzt 15
16 CodeInspect Secure Software Engineering Group Steven Arzt 16
17 CodeInspect Packages and Classes Jimple Code Manifest File Assets Secure Software Engineering Group Steven Arzt 17
18 Code Outline Jimple Code Secure Software Engineering Group Steven Arzt 18
19 Jimple Code Code Outline Syntax Errors Logcat Output Search Results Looks and feels just like Eclipse! Secure Software Engineering Group Steven Arzt 19
20 Stack Trace Variables Jimple Code Code Outline Logcat Console Secure Software Engineering Group Steven Arzt 20
21 CodeInspect Based on Eclipse RCP Work as you would on source code in Eclipse Navigate through the code Add, change, and remove code Inject arbitrary Java code Start and debug your app Inspect and change runtime values Secure Software Engineering Group Steven Arzt 21
22 How does it work? ARCHITECTURE Secure Software Engineering Group Steven Arzt 22
23 CodeInspect Architecture Secure Software Engineering Group Steven Arzt 23
24 CodeInspect Architecture Input / Output.dex.java.jimple.class.apk Callgraphs Control flow graphs Algorithms for compiler construction Code manipulation Code synthesis Secure Software Engineering Group Steven Arzt 24
25 The Jimple IR Between Dalvik / Java bytecode and Java source code Jimple: Java, but simple Originally optimized for static analyses Jimple Secure Software Engineering Group Steven Arzt 25
26 The Jimple IR public void foo() { byte[] $arrbyte; java.io.fileoutputstream $FileOutputStream; Method Declaration Variable Declarations specialinvoke this.<android.app.service: void oncreate()>(); $File = new java.io.file; specialinvoke $File.<java.io.File: void <init>(java.lang.string)>("/sdcard/test.apk"); specialinvoke $FileOutputStream.<java.io.FileOutputStream: void <init>(java.io.file)>($file); $arrbyte = newarray (byte)[1024]; $int = virtualinvoke $InputStream.<java.io.InputStream: int read(byte[])>($arrbyte); Implementation Secure Software Engineering Group Steven Arzt 26
27 Secure Software Engineering Group Steven Arzt 27
28 Secure Software Engineering Group Steven Arzt 28
29 Secure Software Engineering Group Steven Arzt 29
30 CodeInspect in Action CASE STUDIES Secure Software Engineering Group Steven Arzt 30
31 CodeInspect Malware analysis Debug malware Find backend credentials Remove anti-analysis checks > infected phones Secure Software Engineering Group Steven Arzt 31
32 The BadAccents Malware Secure Software Engineering Group Steven Arzt 32
33 CodeInspect in Action LIVE DEMO Secure Software Engineering Group Steven Arzt 33
34 CodeInspect Software development Inspect libraries Look for security vulnerabilities Understand exceptions and problems See what happens under the hood Secure Software Engineering Group Steven Arzt 34
35 CodeInspect Don t be evil Remove license checks Reverse-engineer competitor apps Steal intellectual property Copyright laws apply! Secure Software Engineering Group Steven Arzt 35
36 What does this all mean? CONSEQUENCES FOR DEVELOPERS Secure Software Engineering Group Steven Arzt 36
37 Consequences for Developers All apps are open-source Never hide secrets inside the app code Backend credentials Encryption keys Piggybacking malware is simple Cracking apps is simple Secure Software Engineering Group Steven Arzt 37
38 Consequences for Developers Backend-as-a-Service study Will be presented at Blackhat Europe in Amsterdam 18,670,00 records 56,000,000 data items addresses Health records Employee databases Customer databases Server backups Voice records Secure Software Engineering Group Steven Arzt 38
39 Countermeasures String encryption Use the debugger, get de-obfuscated result Code encryption Use debugger to get the code as it is about to be loaded Hide calls in reflection Use debugger to step into right target method Debugger detection Patch the code to remove the check Secure Software Engineering Group Steven Arzt 39
40 Extending CodeInspect THE PLUG-IN SYSTEM Secure Software Engineering Group Steven Arzt 40
41 Data Flow Analysis Plugin Which data is read? What happens with the data? Where is the data sent to? Secure Software Engineering Group Steven Arzt 41
42 Data Flow Analysis Plugin Sink Source Secure Software Engineering Group Steven Arzt 42
43 Data Flow Analysis Plugin Jimple Code Propagation Path Data Flows Secure Software Engineering Group Steven Arzt 43
44 Data Flow Analysis Plugin Data Flows Secure Software Engineering Group Steven Arzt 44
45 Data Flow Analysis Plugin Propagation Path Secure Software Engineering Group Steven Arzt 45
46 Data Flow Analysis Plugin Jimple Code Secure Software Engineering Group Steven Arzt 46
47 Other Planned Plugins Runtime value reconstruction Interactive callgraph and control flow visualization Malware analysis assistance (Semi-)Automatic deobfuscation Plugins directly from research Secure Software Engineering Group Steven Arzt 47
48 Obtaining CodeInspect Will be a commercial product Free 60 day demo license available All features available No restrictions on target APKs me Secure Software Engineering Group Steven Arzt 48
49 Steven Arzt Secure Software Engineering Group (EC-SPRIDE) Blog: Website: Secure Software Engineering Group Steven Arzt 49
50 Secure Software Engineering Group Steven Arzt 50
Smartphone Security for Android Applications
Smartphone Security for Android Applications Steven Arzt Siegfried Rasthofer (Eric Bodden) 17.09.2013 Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 1 About Us PhD-Students at the
More information(In-)Security of Backend-as-a-Service
(In-)Security of Backend-as-a-Service Siegfried Rasthofer (TU Darmstadt / CASED) Steven Arzt (TU Darmstadt / CASED) Robert Hahn (TU Darmstadt) Max Kolhagen (TU Darmstadt) Eric Bodden (Fraunhofer SIT /
More informationThis is DEEPerent: Tracking App behaviors with (Nothing changed) phone for Evasive android malware
This is DEEPerent: Tracking App behaviors with (Nothing changed) phone for Evasive android malware What I will talk about.. Challenges we faced on android malware analysis: Fast code analysis (Reversing)
More informationSandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers
Sandy The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis About Me! I work as a Researcher for a Global Threat Research firm.! Spoke at the few security
More informationMobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus
Mobile Application Hacking for Android and iphone 4-Day Hands-On Course Syllabus Android and iphone Mobile Application Hacking 4-Day Hands-On Course Course description This course will focus on the techniques
More informationDetecting privacy leaks in Android Apps
Detecting privacy leaks in Android Apps Li Li, Alexandre Bartel, Jacques Klein, and Yves le Traon University of Luxembourg - SnT, Luxembourg {li.li,alexandre.bartel,jacques.klein,yves.letraon}@uni.lu Abstract.
More informationAPPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK
APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK John T Lounsbury Vice President Professional Services, Asia Pacific INTEGRALIS Session ID: MBS-W01 Session Classification: Advanced
More informationLecture 1 Introduction to Android
These slides are by Dr. Jaerock Kwon at. The original URL is http://kettering.jrkwon.com/sites/default/files/2011-2/ce-491/lecture/alecture-01.pdf so please use that instead of pointing to this local copy
More informationMessing with the Android Runtime
Northeastern University Systems Security Lab Messing with the Android Runtime Collin Mulliner, April 26th 2013, Singapore crm[at]ccs.neu.edu SyScan Singapore 2013 $ finger collin@mulliner.org 'postdoc'
More informationPROFILEDROID: MULTI-LAYER PROFILING OF ANDROID APPLICATIONS XUETAO WEI LORENZO GOMEZ UNIVERSITY OF CALIFORNIA, RIVERSIDE PROFESSOR IULIAN NEAMTIU
PROFILEDROID: MULTI-LAYER PROFILING OF ANDROID APPLICATIONS XUETAO WEI LORENZO GOMEZ PROFESSOR IULIAN NEAMTIU PROFESSOR MICHALIS FALOUTSOS UNIVERSITY OF CALIFORNIA, RIVERSIDE WE DEPEND ON SMARTPHONES MORE
More informationCertifying the Security of Android Applications with Cassandra
1 15 th International School on Foundations of Software Security and Design August 31 st, 2015, Bertinoro Certifying the Security of Android Applications with Cassandra Steffen Lortz, Heiko Mantel, David
More informationMonitoring, Tracing, Debugging (Under Construction)
Monitoring, Tracing, Debugging (Under Construction) I was already tempted to drop this topic from my lecture on operating systems when I found Stephan Siemen's article "Top Speed" in Linux World 10/2003.
More informationStatic Analysis of Virtualization- Obfuscated Binaries
Static Analysis of Virtualization- Obfuscated Binaries Johannes Kinder School of Computer and Communication Sciences École Polytechnique Fédérale de Lausanne (EPFL), Switzerland Virtualization Obfuscation
More informationTool-based Approaches to Software Security. Prof. Dr. Eric Bodden Andreas Follner
Tool-based Approaches to Software Security Prof. Dr. Eric Bodden Andreas Follner Outline General Information Timeline Term Paper / Review / Talk Grading Next Steps Topics General Information Purpose of
More informationOverview of CS 282 & Android
Overview of CS 282 & Android Douglas C. Schmidt d.schmidt@vanderbilt.edu www.dre.vanderbilt.edu/~schmidt Institute for Software Integrated Systems Vanderbilt University Nashville, Tennessee, USA CS 282
More informationAGENDA. Background. The Attack Surface. Case Studies. Binary Protections. Bypasses. Conclusions
MOBILE APPLICATIONS AGENDA Background The Attack Surface Case Studies Binary Protections Bypasses Conclusions BACKGROUND Mobile apps for everything == lots of interesting data Banking financial Social
More information(In)Security of Backend-as-a-Service
(In)Security of Backend-as-a-Service Siegfried Rasthofer 1,2, Steven Arzt 1, Robert Hahn 1, Max Kolhagen 1, Eric Bodden 1,2 1 Center for Advanced Security Research Darmstadt (CASED) Technische Universität
More informationIntroduction to Android
Introduction to Android Poll How many have an Android phone? How many have downloaded & installed the Android SDK? How many have developed an Android application? How many have deployed an Android application
More informationObfuscation: know your enemy
Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON sguelton@quarkslab.com Prelude Prelude Plan 1 Introduction What is obfuscation? 2 Control flow obfuscation 3 Data flow
More informationIntroduction to Android
Introduction to Android 26 October 2015 Lecture 1 26 October 2015 SE 435: Development in the Android Environment 1 Topics for Today What is Android? Terminology and Technical Terms Ownership, Distribution,
More informationPentesting Android Apps. Sneha Rajguru (@Sneharajguru)
Pentesting Android Apps Sneha Rajguru (@Sneharajguru) About Me Penetration Tester Web, Mobile and Infrastructure applications, Secure coding ( part time do secure code analysis), CTF challenge writer (at
More informationLecture 12: Software protection techniques. Software piracy protection Protection against reverse engineering of software
Lecture topics Software piracy protection Protection against reverse engineering of software Software piracy Report by Business Software Alliance for 2001: Global economic impact of software piracy was
More informationIntroduction to Android
Introduction to Android Android Smartphone Programming Matthias Keil Institute for Computer Science Faculty of Engineering October 19, 2015 Outline 1 What is Android? 2 Development on Android 3 Applications:
More informationBuilding an Android client. Rohit Nayak Talentica Software
Building an Android client Rohit Nayak Talentica Software Agenda iphone and the Mobile App Explosion How mobile apps differ Android philosophy Development Platform Core Android Concepts App Demo App Dissection
More informationArchitectural Risk Analysis for Android Applications
Architectural Risk Analysis for Android Applications ComNets - AG RN-Kolloquium, 13.07.2015 Karsten Sohr TZI Universität Bremen 1 Outline Software security as an own discipline Security problems in Android
More informationReversing Android Malware
Reversing Android Malware The Honeynet Project 10 th Annual Workshop ESIEA PARIS.FR 2011-03-21 MAHMUD AB RAHMAN (MyCERT, CyberSecurity Malaysia) Copyright 2011 CyberSecurity Malaysia MYSELF Mahmud Ab Rahman
More informationWebView addjavascriptinterface Remote Code Execution 23/09/2013
MWR InfoSecurity Advisory WebView addjavascriptinterface Remote Code Execution 23/09/2013 Package Name Date Affected Versions Google Android Webkit WebView 23/09/2013 All Android applications built with
More informationIntroduction to Native Android Development with NDK
Introduction to Native Android Development with NDK Outline Motivation: case study of a real project Android Architecture Simplified Tool chain Diagram Adding 3 rd party modules Adding pdf and encrypted
More informationANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY
ANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY Suhas Holla #1, Mahima M Katti #2 # Department of Information Science & Engg, R V College of Engineering Bangalore, India Abstract In the advancing
More informationTechnical Report. Harvesting Runtime Data in Android Applications for Identifying Malware and Enhancing Code Analysis
Technical Report Nr. TUD-CS-5- Feb. 5th, 5 Harvesting Runtime Data in Android Applications for Identifying Malware and Enhancing Code Analysis Authors Siegfried Rasthofer Steven Arzt Marc Miltenberger
More informationIntroduction (Apps and the Android platform)
Introduction (Apps and the Android platform) CE881: Mobile and Social Application Programming Simon Lucas & Spyros Samothrakis January 13, 2015 1 / 38 1 2 3 4 2 / 38 Course Structure 10 weeks Each week:
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationIntroduction to Android Development. Jeff Avery CS349, Mar 2013
Introduction to Android Development Jeff Avery CS349, Mar 2013 Overview What is Android? Android Architecture Overview Application Components Activity Lifecycle Android Developer Tools Installing Android
More informationSynthesis for Developing Apps on Mobile Platforms
Synthesis for Developing Apps on Mobile Platforms Jeff Foster University of Maryland, College Park Armando Solar-Lezama Massachusetts Institute of Technology Schedule for session Jeff Foster and Armando
More informationGraduate presentation for CSCI 5448. By Janakiram Vantipalli ( Janakiram.vantipalli@colorado.edu )
Graduate presentation for CSCI 5448 By Janakiram Vantipalli ( Janakiram.vantipalli@colorado.edu ) Content What is Android?? Versions and statistics Android Architecture Application Components Inter Application
More informationInstrumentation Software Profiling
Instrumentation Software Profiling Software Profiling Instrumentation of a program so that data related to runtime performance (e.g execution time, memory usage) is gathered for one or more pieces of the
More informationMobile Security Framework
Automated Mobile Application Security Testing with Mobile Security Framework Ajin Abraham About Me! Security Consultant @ Yodlee! Security Engineering @ IMMUNIO! Next Gen Runtime Application Self Protection
More informationDatabase Application Developer Tools Using Static Analysis and Dynamic Profiling
Database Application Developer Tools Using Static Analysis and Dynamic Profiling Surajit Chaudhuri, Vivek Narasayya, Manoj Syamala Microsoft Research {surajitc,viveknar,manojsy}@microsoft.com Abstract
More informationAndroid Programming and Security
Android Programming and Security Dependable and Secure Systems Andrea Saracino andrea.saracino@iet.unipi.it Outlook (1) The Android Open Source Project Philosophy Players Outlook (2) Part I: Android System
More informationMobile Application Security and Penetration Testing Syllabus
Mobile Application Security and Penetration Testing Syllabus Mobile Devices Overview 1.1. Mobile Platforms 1.1.1.Android 1.1.2.iOS 1.2. Why Mobile Security 1.3. Taxonomy of Security Threats 1.3.1.OWASP
More informationStoring Encrypted Plain Text Files Using Google Android
Storing Encrypted Plain Text Files Using Google Android Abstract Jared Hatfield University of Louisville Google Android is an open source operating system that is available on a wide variety of smart phones
More informationBraindumps.C2150-810.50 questions
Braindumps.C2150-810.50 questions Number: C2150-810 Passing Score: 800 Time Limit: 120 min File Version: 5.3 http://www.gratisexam.com/ -810 IBM Security AppScan Source Edition Implementation This is the
More informationPractical Android Projects Lucas Jordan Pieter Greyling
Practical Android Projects Lucas Jordan Pieter Greyling Apress s w«^* ; i - -i.. ; Contents at a Glance Contents --v About the Authors x About the Technical Reviewer xi PAcknowiedgments xii Preface xiii
More informationAndroid Malware for Pen-testing. IOAsis San Fransicso 2014
Android Malware for Pen-testing IOAsis San Fransicso 2014 Dr. Who? Robert Erbes Senior Security Consultant (not a doctor) Target Audience The Malicious Defender i.e., Someone who believes that the best
More informationOWASP Mobile Top Ten 2014 Meet the New Addition
OWASP Mobile Top Ten 2014 Meet the New Addition Agenda OWASP Mobile Top Ten 2014 Lack of Binary Protections added Why is Binary Protection important? What Risks Need to be Mitigated? Where to Go For Further
More informationCourse MS10975A Introduction to Programming. Length: 5 Days
3 Riverchase Office Plaza Hoover, Alabama 35244 Phone: 205.989.4944 Fax: 855.317.2187 E-Mail: rwhitney@discoveritt.com Web: www.discoveritt.com Course MS10975A Introduction to Programming Length: 5 Days
More informationIntroduction (Apps and the Android platform) Course Structure. Mobile and Social Application Programming. About the Course.
Introduction (Apps and the Android platform) About the Course The Platform Spyros Samothrakis Research Fellow, IADS Univerisity of Essex First App Developer Statistics January 11, 2016 1 / 37 2 / 37 Course
More informationIntroduction to IBM Worklight Mobile Platform
Introduction to IBM Worklight Mobile Platform The Worklight Mobile Platform The Worklight Mobile Platform is an open, complete and advanced mobile application platform for HTML5, hybrid and native apps.
More informationTutorial on Basic Android Setup
Tutorial on Basic Android Setup EE368/CS232 Digital Image Processing, Spring 2015 Windows Version Introduction In this tutorial, we will learn how to set up the Android software development environment
More informationA Study of Android Application Security
A Study of Android Application Security William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri USENIX Security Symposium August 2011 Systems and Internet Infrastructure Security Laboratory
More informationVisCG: Creating an Eclipse Call Graph Visualization Plug-in. Kenta Hasui, Undergraduate Student at Vassar College Class of 2015
VisCG: Creating an Eclipse Call Graph Visualization Plug-in Kenta Hasui, Undergraduate Student at Vassar College Class of 2015 Abstract Call graphs are a useful tool for understanding software; however,
More informationProgramming Android Smart Phones. Tom Chothia Internet Computing Workshop
Programming Android Smart Phones Tom Chothia Internet Computing Workshop What is Android? A mobile phone operating system. Best selling smart phone OS. Runs on a range of hardware Based on Linux and Java
More informationEclipse Visualization and Performance Monitoring
Eclipse Visualization and Performance Monitoring Chris Laffra IBM Ottawa Labs http://eclipsefaq.org/chris Chris Laffra Eclipse Visualization and Performance Monitoring Page 1 Roadmap Introduction Introspection
More informationEnterprise Application Security Workshop Series
Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants
More informationAndroid Packer. facing the challenges, building solutions. Rowland YU. Senior Threat Researcher Virus Bulletin 2014
Android Packer facing the challenges, building solutions Rowland YU Senior Threat Researcher Virus Bulletin 2014 1 What is Android Packer? Android packers are able to encrypt an original classes.dex file,
More informationAdvanced ANDROID & ios Hands-on Exploitation
Advanced ANDROID & ios Hands-on Exploitation By Attify Trainers Aditya Gupta Prerequisite The participants are expected to have a basic knowledge of Mobile Operating Systems. Knowledge of programming languages
More informationAndroid Application Repackaging
ISA 564, Laboratory 4 Android Exploitation Software Requirements: 1. Android Studio http://developer.android.com/sdk/index.html 2. Java JDK http://www.oracle.com/technetwork/java/javase/downloads/index.html
More informationComparing Android Applications to Find Copying
Comparing Android Applications to Find Copying Larry Melling Sr. Product Marketing Manager Virtual System Platform Cadence Design Systems USA phone: 408-944-7432 fax: 408-910-2745 lmelling@cadence.com
More informationHarvesting Developer Credentials in Android Apps
8 th ACM Conference on Security and Privacy in Wireless and Mobile Networks, New York City, Jun 24-26 Harvesting Developer Credentials in Android Apps Yajin Zhou, Lei Wu, Zhi Wang, Xuxian Jiang Florida
More informationBasic Android Setup. 2014 Windows Version
Basic Android Setup 2014 Windows Version Introduction In this tutorial, we will learn how to set up the Android software development environment and how to implement image processing operations on an Android
More information-Android 2.3 is the most used version of Android on the market today with almost 60% of all Android devices running 2.3 Gingerbread -Winner of
1 2 3 -Android 2.3 is the most used version of Android on the market today with almost 60% of all Android devices running 2.3 Gingerbread -Winner of Internet Telephony Magazine s 2012 Product of the Year
More informationMobile Payment Security
Mobile Payment Security Maurice Aarts & Nikita Abdullin Black Hat Sessions, 23 June 2016, Ede - NL Content Introduction EMV & NFC for HCE Platform / ecosystem overview Attacker model Attacks and countermeasures
More informationSecuring Secure Browsers
Securing Secure Browsers SESSION ID: TRM-T11 Prashant Kumar Verma Sr. Consultant & Head (Security Testing) Paladion Networks @prashantverma21 Agenda Browser Threats Secure Browsers to address threats Secure
More informationIron Chef: John Henry Challenge
Iron Chef: John Henry Challenge Brian Chess Pravir Chandra Black Hat 3/27/2008 Amsterdam Sean Fay Jacob West Concept We love Iron Chef. We can t cook. Concept Compare tools and manual code review in head-tohead
More informationReal-time Streaming Analysis for Hadoop and Flume. Aaron Kimball odiago, inc. OSCON Data 2011
Real-time Streaming Analysis for Hadoop and Flume Aaron Kimball odiago, inc. OSCON Data 2011 The plan Background: Flume introduction The need for online analytics Introducing FlumeBase Demo! FlumeBase
More informationECE 455/555 Embedded System Design. Android Programming. Wei Gao. Fall 2015 1
ECE 455/555 Embedded System Design Android Programming Wei Gao Fall 2015 1 Fundamentals of Android Application Java programming language Code along with any required data and resource files are compiled
More informationOWASP and OWASP Top 10 (2007 Update) OWASP. The OWASP Foundation. Dave Wichers. The OWASP Foundation. OWASP Conferences Chair dave.wichers@owasp.
and Top 10 (2007 Update) Dave Wichers The Foundation Conferences Chair dave.wichers@owasp.org COO, Aspect Security dave.wichers@aspectsecurity.com Copyright 2007 - The Foundation This work is available
More informationSecuring your Mobile Applications. Karson Chan Security Consultant
Securing your Mobile Applications Karson Chan Security Consultant NTT Com Security Threat can come from anywhere that s why we are everywhere 1,000+ Staff Our knowledge is your security 8,000+ Customers
More informationExample of Standard API
16 Example of Standard API System Call Implementation Typically, a number associated with each system call System call interface maintains a table indexed according to these numbers The system call interface
More informationIslamic University of Gaza. Faculty of Engineering. Computer Engineering Department. Mobile Computing ECOM 5341. Eng. Wafaa Audah.
Islamic University of Gaza Faculty of Engineering Computer Engineering Department Mobile Computing ECOM 5341 By Eng. Wafaa Audah June 2013 1 Setting Up the Development Environment and Emulator Part 1:
More informationEclipse Web Tools Platform. Naci Dai (Eteration), WTP JST Lead
Eclipse Web Tools Platform Naci Dai (Eteration), WTP JST Lead 2007 by Naci Dai and Eteration A.S. ; made available under the EPL v1.0 Istanbul April 30, 2007 Outline WTP Organization JSF Overview and Demo
More informationl What is Android? l Getting Started l The Emulator l Hello World l ADB l Text to Speech l Other APIs (camera, bitmap, etc)
today l What is Android? l Getting Started l The Emulator l Hello World l ADB l Text to Speech l Other APIs (camera, bitmap, etc) l Other: Signing Apps, SVN l Discussion and Questions introduction to android
More informationAndroid Development. Marc Mc Loughlin
Android Development Marc Mc Loughlin Android Development Android Developer Website:h:p://developer.android.com/ Dev Guide Reference Resources Video / Blog SeCng up the SDK h:p://developer.android.com/sdk/
More information1,300 Developers Speak
1,300 Developers Speak Runtime Intelligence for WP7 exceeds developer expectations : 87.1% of developers with apps on the marketplace indicate that Runtime Intelligence for Windows Phone either set the
More informationHacking your Droid ADITYA GUPTA
Hacking your Droid ADITYA GUPTA adityagupta1991 [at] gmail [dot] com facebook[dot]com/aditya1391 Twitter : @adi1391 INTRODUCTION After the recent developments in the smart phones, they are no longer used
More informationTwo-factor Protection Scheme in Securing the Source Code of Android Applications
Two-factor Protection Scheme in Securing the Source Code of Android Applications Daniel TSE iswktse@cityu.edu.hk Ka Fai WONG kfwong48-c@my.cityu.edu.hk Zihuan LI zackli2-c@my.cityu.edu.hk Wai Hou CHOI
More informationJordan Jozwiak November 13, 2011
Jordan Jozwiak November 13, 2011 Agenda Why Android? Application framework Getting started UI and widgets Application distribution External libraries Demo Why Android? Why Android? Open source That means
More informationSmartphone market share
Smartphone market share Gartner predicts that Apple s ios will remain the second biggest platform worldwide through 2014 despite its share deceasing slightly after 2011. Android will become the most popular
More informationVM Application Debugging via JTAG: Android TRACE32 JTAG Debug Bridge ADB Architecture Stop-Mode implications for ADB JTAG Transport Outlook
VM Application Debugging via JTAG: Android TRACE32 JTAG Debug Bridge ADB Architecture Stop-Mode implications for ADB JTAG Transport Outlook TRACE32 JTAG Debug Bridge Hagen Patzke 2011-06-16 www.lauterbach.com
More informationIntel Integrated Native Developer Experience (INDE): IDE Integration for Android*
Intel Integrated Native Developer Experience (INDE): IDE Integration for Android* 1.5.8 Overview IDE Integration for Android provides productivity-oriented design, coding, and debugging tools for applications
More informationANDROID APPS DEVELOPMENT FOR MOBILE AND TABLET DEVICE (LEVEL I)
ANDROID APPS DEVELOPMENT FOR MOBILE AND TABLET DEVICE (LEVEL I) Who am I? Lo Chi Wing, Peter Lecture 1: Introduction to Android Development Email: Peter@Peter-Lo.com Facebook: http://www.facebook.com/peterlo111
More informationLab 4 In class Hands-on Android Debugging Tutorial
Lab 4 In class Hands-on Android Debugging Tutorial Submit lab 4 as PDF with your feedback and list each major step in this tutorial with screen shots documenting your work, i.e., document each listed step.
More informationDevelopment Environment and Tools for Java. Brian Hughes IBM
Development Environment and Tools for Java Brian Hughes IBM 1 Acknowledgements and Disclaimers Availability. References in this presentation to IBM products, programs, or services do not imply that they
More informationWelcome to the Force.com Developer Day
Welcome to the Force.com Developer Day Sign up for a Developer Edition account at: http://developer.force.com/join Nicola Lalla nlalla@saleforce.com n_lalla nlalla26 Safe Harbor Safe harbor statement under
More informationIntroduction to Android. CSG250 Wireless Networks Fall, 2008
Introduction to Android CSG250 Wireless Networks Fall, 2008 Outline Overview of Android Programming basics Tools & Tricks An example Q&A Android Overview Advanced operating system Complete software stack
More informationSecurity in Android apps
Security in Android apps Falco Peijnenburg (3749002) August 16, 2013 Abstract Apps can be released on the Google Play store through the Google Developer Console. The Google Play store only allows apps
More informationLecture 17: Mobile Computing Platforms: Android. Mythili Vutukuru CS 653 Spring 2014 March 24, Monday
Lecture 17: Mobile Computing Platforms: Android Mythili Vutukuru CS 653 Spring 2014 March 24, Monday Mobile applications vs. traditional applications Traditional model of computing: an OS (Linux / Windows),
More informationChapter 13: Program Development and Programming Languages
15 th Edition Understanding Computers Today and Tomorrow Comprehensive Chapter 13: Program Development and Programming Languages Deborah Morley Charles S. Parker Copyright 2015 Cengage Learning Learning
More informationNetbeans 6.0. José Maria Silveira Neto. Sun Campus Ambassador jose.neto@sun.com
Netbeans 6.0 José Maria Silveira Neto Sun Campus Ambassador jose.neto@sun.com Agenda What is Netbeans? What's in Netbeans 6.0? Coolest Features Netbeans 6.0 Demo! What To Do/Where To Go What Is NetBeans?
More informationTopics. Introduction. Java History CS 146. Introduction to Programming and Algorithms Module 1. Module Objectives
Introduction to Programming and Algorithms Module 1 CS 146 Sam Houston State University Dr. Tim McGuire Module Objectives To understand: the necessity of programming, differences between hardware and software,
More informationARIZONA CTE CAREER PREPARATION STANDARDS & MEASUREMENT CRITERIA SOFTWARE DEVELOPMENT, 15.1200.40
SOFTWARE DEVELOPMENT, 15.1200.40 STANDARD 1.0 APPLY PROBLEM-SOLVING AND CRITICAL THINKING SKILLS TO INFORMATION 1.1 Describe methods of establishing priorities 1.2 Prepare a plan of work and schedule information
More informationTechnical paper review. Program visualization and explanation for novice C programmers by Matthew Heinsen Egan and Chris McDonald.
Technical paper review Program visualization and explanation for novice C programmers by Matthew Heinsen Egan and Chris McDonald Garvit Pahal Indian Institute of Technology, Kanpur October 28, 2014 Garvit
More informationDefending Behind The Device Mobile Application Risks
Defending Behind The Device Mobile Application Risks Tyler Shields Product Manager and Strategist Veracode, Inc Session ID: MBS-301 Session Classification: Advanced Agenda The What The Problem Mobile Ecosystem
More informationAppUse - Android Pentest Platform Unified
AppUse - Android Pentest Platform Unified Standalone Environment AppUse is designed to be a weaponized environment for Android application penetration testing. It is a unique, free, and rich platform aimed
More informationMobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus
Mobile Application Hacking for ios 3-Day Hands-On Course Syllabus Course description ios Mobile Application Hacking 3-Day Hands-On Course This course will focus on the techniques and tools for testing
More informationAndroid Developer Fundamental 1
Android Developer Fundamental 1 I. Why Learn Android? Technology for life. Deep interaction with our daily life. Mobile, Simple & Practical. Biggest user base (see statistics) Open Source, Control & Flexibility
More informationRisk-Rating Framework for Mobile Applications (Sponsored by DISA CTO)
Risk-Rating Framework for Mobile Applications (Sponsored by DISA CTO) Praveen Sharma praveen.sharma@ll.mit.edu (781-981-6709) Federal Mobile Computing Summit March 6, 2014 What is Risk-Rating Framework?
More informationAndroid Environment SDK
Part 2-a Android Environment SDK Victor Matos Cleveland State University Notes are based on: Android Developers http://developer.android.com/index.html 1 2A. Android Environment: Eclipse & ADT The Android
More informationios Application Development &
Introduction of ios Application Development & Swift Programming Language Presented by Chii Chang chang@ut.ee Outlines Basic understanding about ios App Development Development environment: Xcode IDE Foundations
More information