Smartphone Security for Android Applications
|
|
- Lisa Hubbard
- 8 years ago
- Views:
Transcription
1 Smartphone Security for Android Applications Steven Arzt Siegfried Rasthofer (Eric Bodden) Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 1
2 About Us PhD-Students at the Secure Software Engineering Group (Eric Bodden) Steven Arzt Master in IT-Security Research Interests: Applied Software Security on Mobile Devices (Android Security) Static/Dynamic Code Analysis Siegfried Rasthofer Blog: Eric Bodden Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 2
3 About the Course Lab Course 6 Credit Points Teams of 1-3 Students Team and Topic Registration due on Friday, October 25 th Contact us via Steven.Arzt@ec-spride.de, Siegfried.Rasthofer@ec-spride.de Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 3
4 Proposed Topics 1. Android App Obfuscator 2. Android App Deobfuscator 3. Jimple Integration into Eclipse 4. Flow-Insensitive Data Flow Analysis 5. Runtime Code Patches on Android 6. Monitoring Android Apps for Runtime Code Changes 7. DroidBase: Detailed Android App Search Engine Own topic proposals are welcome! Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 4
5 T1: Android App Obfuscator (1) Make reverse engineering / code understanding harder Raise the bar for static and dynamic analysis tools Hide behavior in applications, but retain functionality Automatic code generation and transformation User selects transformations to apply, rest is fully automatic Plugin infrastructure for new transformations Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 5
6 T1: Android App Obfuscator (2) SmsManager manager = new SmsManager(); manager.sendtextmessage(" ", "", "Hello World", null, null); Change Class Name Change Method Name String rawname = "tntnbobhfs"; Maybe encrypt String classname = ""; for (char c : rawname.tochararray()) { if (classname.length() == 0 classname.length() == 3) c = Character.toUpperCase(c); classname += Character.toString((char) (c - 1)); } Add Unused Computation Class c = Class.forName("android.telephony." + classname); Method m = c.getmethod("sendtextmessage", String.class, String.class, String.class, PendingIntent.class, PendingIntent.class); Object mgr = c.newinstance(); m.invoke(mgr, " ", "", "Hello World", null, null); Obfuscate constants Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 6
7 T1: Android App Obfuscator (3) TelephonyManager telephonymanager = (TelephonyManager) getsystemservice(context.telephony_service); String imei = obfuscate(telephonymanager.getdeviceid()); Log.i("INFO", imei); private String obfuscate(string imei){ String result = ""; } for (char c : imei.tochararray()){ switch (c) { case '0' : result += 'a'; break; case '1' : result += 'b'; break; case '2' : result += 'c'; break; case '3' : result += 'd'; break; case '4' : result += 'e'; break; case '5' : result += 'f'; break; case '6' : result += 'g'; break; case '7' : result += 'h'; break; case '8' : result += 'i'; break; case '9' : result += 'j'; break; default : System.err.println("Problem in obfuscate for character: " + c); } } return result; Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 7
8 T1: Android App Obfuscator (4) Many more ideas Control flow obfuscation using GOTOs Exploit virtual dispatch / override semantics, reflection/invokedynamic? Distribute data across instance / static fields, parameters, Generate / decrypt and execute code at runtime Generate constants using runtime information Dynamic analysis tool and debugger detection Be creative with own ideas! Related work will be provided! Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 8
9 T2: Android App Deobfuscator Detect and remove obfuscations where possible Remap simple reflective calls to targets Simulate app execution and generate new code Detect fishy code in applications Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 9
10 T3: Jimple Integration into Eclipse (1) Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 10
11 T3: Jimple Integration into Eclipse (2) What is Jimple? Java but Simple Used as intermediate representation for Java/Android Source and Bytecode public void <init>() { de.ecspride.rv2013 $r0; Three-operand language No invocation stacks Only few opcodes android.telephony.smsmanager $r1; $r0 de.ecspride.rv2013; specialinvoke $r0.<android.app.activity: void <init>()>(); $r1 = staticinvoke <android.telephony.smsmanager: android.telephony.smsmanager getdefault()>(); $r0.<de.ecspride.rv2013: android.telephony.smsmanager smsmanager> = $r1; return; } Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 11
12 T3: Jimple Integration into Eclipse (3) Build on existing Soot plugin Code highlighting and syntax checking Open declaration Type hierarchy Search for references Refactorings, especially variable and method renaming Integration into Eclipse s project model Decompile APK to Jimple Compile Jimple to APK Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 12
13 T4: Flow-Insensitive Data Flow Analysis (1) Follow the flow of data through the program: TelephonyManager mgr = (TelephonyManager) this.getsystemservice(telephony_service); SmsManager sms = SmsManager.getDefault(); String imei = mgr.getdeviceid(); imei = ""; sms.sendtextmessage(" ", null, imei, null, null); Flow sensitivity is precise, but may be costly Use flow-insensitive pre-analysis Flow-insensitive analyses are an over-approximation Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 14
14 T4: Flow-Insensitive Data Flow Analysis (2) FlowDroid: Highly precise taint analysis Mostly fast Still quite (time & memory) expensive in some cases Efficient detection of goodware No precise analysis necessary Highly Precise Taint Analysis for Android Application Christian Fritz, Steven Arzt, Siegfried Rasthofer, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves le Traon, Damien Octeau and Patrick McDaniel Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 15
15 T5: Runtime Code Patches on Android (1) Custom App Loader Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 16
16 T5: Runtime Code Patches on Android (2) 1. Custom loader spawns new Dalvik VM for app 2. Loader modifies Dalvik data structures to change app Rewrite app in memory Completely replace app in memory 3. Loader monitors Dalvik structures for policy enforcement Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 17
17 T6: Monitoring for Apps Runtime Code Changes Protect Dalvik data structures against manipulation Ideas: Use a monitoring loader that gets loaded first Periodically poll and compare against checksum Place native code inside the app into a sandbox Intercept memory accesses to protected locations Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 18
18 T7: DroidBase: Detailed Android App Search Engine (1) only name search Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 19
19 T7: DroidBase: Detailed Android App Search Engine (2) Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 20
20 T7: DroidBase: Detailed Android App Search Engine (3) Why? - Easily search for specific type of Android app - Base for nice statistics - How many apps do have aggressive Ads? - What kind of apps do specific developers develop? - How many apps do include native code/reflections/javascript? Interesting for researchers download mechanism - Easily detection of apps with known vulnerabilities Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 21
21 Lab Grading Well-documented code 60% Final presentation 20% Test cases 20% Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 22
22 Proposed Topics 1. Android App Obfuscator 2. Android App Deobfuscator 3. Jimple Integration into Eclipse 4. Flow-Insensitive Data Flow Analysis 5. Runtime Code Patches on Android 6. Monitoring Android Apps for Runtime Code Changes 7. DroidBase: Detailed Android App Search Engine Own topic proposals are welcome! Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 23
23 Team and Topic Registration due on Friday, October 25 th Steven Arzt and Siegfried Rasthofer Secure Software Engineering Group (EC-SPRIDE) Blog: Website: Secure Software Engineering Group Steven Arzt and Siegfried Rasthofer 24
All Your Code Belongs To Us Dismantling Android Secrets With CodeInspect. Steven Arzt. 04.10.2015 Secure Software Engineering Group Steven Arzt 1
All Your Code Belongs To Us Dismantling Android Secrets With CodeInspect Steven Arzt 04.10.2015 Secure Software Engineering Group Steven Arzt 1 04.10.2015 Secure Software Engineering Group Steven Arzt
More informationDetecting privacy leaks in Android Apps
Detecting privacy leaks in Android Apps Li Li, Alexandre Bartel, Jacques Klein, and Yves le Traon University of Luxembourg - SnT, Luxembourg {li.li,alexandre.bartel,jacques.klein,yves.letraon}@uni.lu Abstract.
More information(In-)Security of Backend-as-a-Service
(In-)Security of Backend-as-a-Service Siegfried Rasthofer (TU Darmstadt / CASED) Steven Arzt (TU Darmstadt / CASED) Robert Hahn (TU Darmstadt) Max Kolhagen (TU Darmstadt) Eric Bodden (Fraunhofer SIT /
More informationTowards a Generic Framework for Automating Extensive Analysis of Android Applications
Towards a Generic Framework for Automating Extensive Analysis of Android Applications Li Li, Daoyuan Li SnT University of Luxembourg {li.li,daoyuan.li}@uni.lu Alexandre Bartel EC SPRIDE TU Darmstadt alexandre.bartel@ec-spride.de
More informationA Study of Android Application Security
A Study of Android Application Security William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri USENIX Security Symposium August 2011 Systems and Internet Infrastructure Security Laboratory
More informationTechnical Report. Harvesting Runtime Data in Android Applications for Identifying Malware and Enhancing Code Analysis
Technical Report Nr. TUD-CS-5- Feb. 5th, 5 Harvesting Runtime Data in Android Applications for Identifying Malware and Enhancing Code Analysis Authors Siegfried Rasthofer Steven Arzt Marc Miltenberger
More informationThis is DEEPerent: Tracking App behaviors with (Nothing changed) phone for Evasive android malware
This is DEEPerent: Tracking App behaviors with (Nothing changed) phone for Evasive android malware What I will talk about.. Challenges we faced on android malware analysis: Fast code analysis (Reversing)
More informationMobile Application Hacking for Android and iphone. 4-Day Hands-On Course. Syllabus
Mobile Application Hacking for Android and iphone 4-Day Hands-On Course Syllabus Android and iphone Mobile Application Hacking 4-Day Hands-On Course Course description This course will focus on the techniques
More informationMessing with the Android Runtime
Northeastern University Systems Security Lab Messing with the Android Runtime Collin Mulliner, April 26th 2013, Singapore crm[at]ccs.neu.edu SyScan Singapore 2013 $ finger collin@mulliner.org 'postdoc'
More informationRV-Android: a brief tutorial
Philip Daian, Yliès Falcone, Grigore Rosu RV inc / U of Illinois at Urbana-Champaign, USA https://runtimeverification.com/android/ RV-Android: a brief tutorial RV 2015 The 15th International Conference
More informationObfuscation: know your enemy
Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON sguelton@quarkslab.com Prelude Prelude Plan 1 Introduction What is obfuscation? 2 Control flow obfuscation 3 Data flow
More informationAndroid Developer Fundamental 1
Android Developer Fundamental 1 I. Why Learn Android? Technology for life. Deep interaction with our daily life. Mobile, Simple & Practical. Biggest user base (see statistics) Open Source, Control & Flexibility
More informationLecture 1 Introduction to Android
These slides are by Dr. Jaerock Kwon at. The original URL is http://kettering.jrkwon.com/sites/default/files/2011-2/ce-491/lecture/alecture-01.pdf so please use that instead of pointing to this local copy
More information(In)Security of Backend-as-a-Service
(In)Security of Backend-as-a-Service Siegfried Rasthofer 1,2, Steven Arzt 1, Robert Hahn 1, Max Kolhagen 1, Eric Bodden 1,2 1 Center for Advanced Security Research Darmstadt (CASED) Technische Universität
More informationTechnical Report. Highly Precise Taint Analysis for Android Applications. Nr. TUD-CS-2013-0113 May 8th, 2013
Technical Report Nr. TUD-CS-2013-0113 May 8th, 2013 Highly Precise Taint Analysis for Android Applications Authors Christian Fritz (EC SPRIDE) Steven Arzt (EC SPRIDE) Siegfried Rasthofer (EC SPRIDE) Eric
More informationANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY
ANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY Suhas Holla #1, Mahima M Katti #2 # Department of Information Science & Engg, R V College of Engineering Bangalore, India Abstract In the advancing
More informationBypassing SSL Pinning on Android via Reverse Engineering
Bypassing SSL Pinning on Android via Reverse Engineering Denis Andzakovic Security-Assessment.com 15 May 2014 Table of Contents Bypassing SSL Pinning on Android via Reverse Engineering... 1 Introduction...
More informationAndroid Application Repackaging
ISA 564, Laboratory 4 Android Exploitation Software Requirements: 1. Android Studio http://developer.android.com/sdk/index.html 2. Java JDK http://www.oracle.com/technetwork/java/javase/downloads/index.html
More informationAndroid Packer. facing the challenges, building solutions. Rowland YU. Senior Threat Researcher Virus Bulletin 2014
Android Packer facing the challenges, building solutions Rowland YU Senior Threat Researcher Virus Bulletin 2014 1 What is Android Packer? Android packers are able to encrypt an original classes.dex file,
More informationThe OWASP Foundation http://www.owasp.org
Android reverse engineering: understanding third-party applications OWASP EU Tour 2013 June 5, 2013. Bucharest (Romania) Vicente Aguilera Díaz OWASP Spain Chapter Leader Co-founder of Internet Security
More informationMobile Application Development Android
Mobile Application Development Android MTAT.03.262 Satish Srirama satish.srirama@ut.ee Goal Give you an idea of how to start developing Android applications Introduce major Android application concepts
More informationAdvanced ANDROID & ios Hands-on Exploitation
Advanced ANDROID & ios Hands-on Exploitation By Attify Trainers Aditya Gupta Prerequisite The participants are expected to have a basic knowledge of Mobile Operating Systems. Knowledge of programming languages
More informationMobile Payment Security
Mobile Payment Security Maurice Aarts & Nikita Abdullin Black Hat Sessions, 23 June 2016, Ede - NL Content Introduction EMV & NFC for HCE Platform / ecosystem overview Attacker model Attacks and countermeasures
More informationIntroduction to Android
Introduction to Android Poll How many have an Android phone? How many have downloaded & installed the Android SDK? How many have developed an Android application? How many have deployed an Android application
More informationMobile Application Hacking for ios. 3-Day Hands-On Course. Syllabus
Mobile Application Hacking for ios 3-Day Hands-On Course Syllabus Course description ios Mobile Application Hacking 3-Day Hands-On Course This course will focus on the techniques and tools for testing
More informationTool-based Approaches to Software Security. Prof. Dr. Eric Bodden Andreas Follner
Tool-based Approaches to Software Security Prof. Dr. Eric Bodden Andreas Follner Outline General Information Timeline Term Paper / Review / Talk Grading Next Steps Topics General Information Purpose of
More informationRE-TRUST Design Alternatives on JVM
RE-TRUST Design Alternatives on JVM ( - Italy) paolo.falcarin@polito.it http://softeng.polito.it/falcarin Trento, December, 19 th 2006 Tamper-Detection Tamper-detection goals Detect malicious modifications
More informationIntroduction to Native Android Development with NDK
Introduction to Native Android Development with NDK Outline Motivation: case study of a real project Android Architecture Simplified Tool chain Diagram Adding 3 rd party modules Adding pdf and encrypted
More informationAPPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK
APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK John T Lounsbury Vice President Professional Services, Asia Pacific INTEGRALIS Session ID: MBS-W01 Session Classification: Advanced
More informationParasitics: The Next Generation. Vitaly Zaytsev Abhishek Karnik Joshua Phillips
Parasitics: The Next Generation. Vitaly Zaytsev Abhishek Karnik Joshua Phillips Agenda Overview W32/Xpaj analysis Overview of a virtual machine Software protection trends W32/Winemmem analysis W32/Induc
More informationJonathan Worthington Scarborough Linux User Group
Jonathan Worthington Scarborough Linux User Group Introduction What does a Virtual Machine do? Hides away the details of the hardware platform and operating system. Defines a common set of instructions.
More informationWebView addjavascriptinterface Remote Code Execution 23/09/2013
MWR InfoSecurity Advisory WebView addjavascriptinterface Remote Code Execution 23/09/2013 Package Name Date Affected Versions Google Android Webkit WebView 23/09/2013 All Android applications built with
More informationProgramming the Android Platform. Logistics
Programming the Android Platform CMSC498G Logistics Professor Adam Porter 4125 AVW aporter@cs.umd.edu Course meets W 3:00 3:50 in CSI 3118 1 Goals Learn more about Mobile devices Mobile device programming
More informationOverview of CS 282 & Android
Overview of CS 282 & Android Douglas C. Schmidt d.schmidt@vanderbilt.edu www.dre.vanderbilt.edu/~schmidt Institute for Software Integrated Systems Vanderbilt University Nashville, Tennessee, USA CS 282
More informationAndroid Programming and Security
Android Programming and Security Dependable and Secure Systems Andrea Saracino andrea.saracino@iet.unipi.it Outlook (1) The Android Open Source Project Philosophy Players Outlook (2) Part I: Android System
More informationProtection against Code Obfuscation Attacks based on control dependencies in Android Systems
Protection against Code Obfuscation Attacks based on control dependencies in Android Systems Mariem Graa, Nora Cuppens-Boulahia, Frédéric Cuppens, Ana Cavalli To cite this version: Mariem Graa, Nora Cuppens-Boulahia,
More informationAndroid Development. Marc Mc Loughlin
Android Development Marc Mc Loughlin Android Development Android Developer Website:h:p://developer.android.com/ Dev Guide Reference Resources Video / Blog SeCng up the SDK h:p://developer.android.com/sdk/
More informationWhen Security Gets in the Way. PenTesting Mobile Apps That Use Certificate Pinning
When Security Gets in the Way PenTesting Mobile Apps That Use Certificate Pinning Justine Osborne Alban Diquet Outline What is Certificate Pinning? Definition and Background Consequences for Mobile Blackbox
More information02 B The Java Virtual Machine
02 B The Java Virtual Machine CS1102S: Data Structures and Algorithms Martin Henz January 22, 2010 Generated on Friday 22 nd January, 2010, 09:46 CS1102S: Data Structures and Algorithms 02 B The Java Virtual
More informationCloud Computing. Up until now
Cloud Computing Lecture 11 Virtualization 2011-2012 Up until now Introduction. Definition of Cloud Computing Grid Computing Content Distribution Networks Map Reduce Cycle-Sharing 1 Process Virtual Machines
More informationIslamic University of Gaza. Faculty of Engineering. Computer Engineering Department. Mobile Computing ECOM 5341. Eng. Wafaa Audah.
Islamic University of Gaza Faculty of Engineering Computer Engineering Department Mobile Computing ECOM 5341 By Eng. Wafaa Audah June 2013 1 Setting Up the Development Environment and Emulator Part 1:
More informationBlackbox Android. Breaking Enterprise Class Applications and Secure Containers. Marc Blanchou Mathew Solnik 10/13/2011. https://www.isecpartners.
Blackbox Android Breaking Enterprise Class Applications and Secure Containers Marc Blanchou Mathew Solnik 10/13/2011 https://www.isecpartners.com Agenda Background Enterprise Class Applications Threats
More informationHybriDroid: Analysis Framework for Android Hybrid Applications
HybriDroid: Analysis Framework for Android Hybrid Applications Sungho Lee, Julian Dolby, Sukyoung Ryu Programming Language Research Group KAIST June 13, 2015 Sungho Lee, Julian Dolby, Sukyoung Ryu HybriDroid:
More informationAndroid Malware for Pen-testing. IOAsis San Fransicso 2014
Android Malware for Pen-testing IOAsis San Fransicso 2014 Dr. Who? Robert Erbes Senior Security Consultant (not a doctor) Target Audience The Malicious Defender i.e., Someone who believes that the best
More information341 - Bioinformatics Android Coursework
341 - Bioinformatics Android Coursework 1 Important This coursework must be submitted electronically via CATE. This coursework is intended for groups of 4. Each group must contain at least one Computing
More informationHow To Protect Your Source Code From Reverse Engineering
Software Obfuscation To make so confused or opaque as to be difficult to perceive or understand. Why would anyone want to do this to medical device software? Surprisingly, it s not what you might think.
More informationHabanero Extreme Scale Software Research Project
Habanero Extreme Scale Software Research Project Comp215: Java Method Dispatch Zoran Budimlić (Rice University) Always remember that you are absolutely unique. Just like everyone else. - Margaret Mead
More informationINTRODUCTION TO ANDROID CSCI 4448/5448: OBJECT-ORIENTED ANALYSIS & DESIGN LECTURE 11 02/15/2011
INTRODUCTION TO ANDROID CSCI 4448/5448: OBJECT-ORIENTED ANALYSIS & DESIGN LECTURE 11 02/15/2011 1 Goals of the Lecture Present an introduction to the Android Framework Coverage of the framework will be
More informationEmbedded Systems. Review of ANSI C Topics. A Review of ANSI C and Considerations for Embedded C Programming. Basic features of C
Embedded Systems A Review of ANSI C and Considerations for Embedded C Programming Dr. Jeff Jackson Lecture 2-1 Review of ANSI C Topics Basic features of C C fundamentals Basic data types Expressions Selection
More informationIntroduction to Android Development. Jeff Avery CS349, Mar 2013
Introduction to Android Development Jeff Avery CS349, Mar 2013 Overview What is Android? Android Architecture Overview Application Components Activity Lifecycle Android Developer Tools Installing Android
More informationANDROID APPS DEVELOPMENT FOR MOBILE AND TABLET DEVICE (LEVEL I)
ANDROID APPS DEVELOPMENT FOR MOBILE AND TABLET DEVICE (LEVEL I) Who am I? Lo Chi Wing, Peter Lecture 1: Introduction to Android Development Email: Peter@Peter-Lo.com Facebook: http://www.facebook.com/peterlo111
More information- Applet java appaiono di frequente nelle pagine web - Come funziona l'interprete contenuto in ogni browser di un certo livello? - Per approfondire
- Applet java appaiono di frequente nelle pagine web - Come funziona l'interprete contenuto in ogni browser di un certo livello? - Per approfondire il funzionamento della Java Virtual Machine (JVM): -
More informationFirst Java Programs. V. Paúl Pauca. CSC 111D Fall, 2015. Department of Computer Science Wake Forest University. Introduction to Computer Science
First Java Programs V. Paúl Pauca Department of Computer Science Wake Forest University CSC 111D Fall, 2015 Hello World revisited / 8/23/15 The f i r s t o b l i g a t o r y Java program @author Paul Pauca
More informationOpenCV on Android Platforms
OpenCV on Android Platforms Marco Moltisanti Image Processing Lab http://iplab.dmi.unict.it moltisanti@dmi.unict.it http://www.dmi.unict.it/~moltisanti Outline Intro System setup Write and build an Android
More informationReversing Android Malware
Reversing Android Malware The Honeynet Project 10 th Annual Workshop ESIEA PARIS.FR 2011-03-21 MAHMUD AB RAHMAN (MyCERT, CyberSecurity Malaysia) Copyright 2011 CyberSecurity Malaysia MYSELF Mahmud Ab Rahman
More informationAn Introduction to Android
An Introduction to Android Michalis Katsarakis M.Sc. Student katsarakis@csd.uoc.gr Tutorial: hy439 & hy539 16 October 2012 http://www.csd.uoc.gr/~hy439/ Outline Background What is Android Android as a
More informationIntroduction to Android. CSG250 Wireless Networks Fall, 2008
Introduction to Android CSG250 Wireless Networks Fall, 2008 Outline Overview of Android Programming basics Tools & Tricks An example Q&A Android Overview Advanced operating system Complete software stack
More informationIntroduction to Android
Introduction to Android Android Smartphone Programming Matthias Keil Institute for Computer Science Faculty of Engineering October 19, 2015 Outline 1 What is Android? 2 Development on Android 3 Applications:
More informationAGENDA. Background. The Attack Surface. Case Studies. Binary Protections. Bypasses. Conclusions
MOBILE APPLICATIONS AGENDA Background The Attack Surface Case Studies Binary Protections Bypasses Conclusions BACKGROUND Mobile apps for everything == lots of interesting data Banking financial Social
More informationSmartphone Security. A Holistic view of Layered Defenses. David M. Wheeler, CISSP, CSSLP, GSLC. (C) 2012 SecureComm, Inc. All Rights Reserved
Smartphone Security A Holistic view of Layered Defenses David M. Wheeler, CISSP, CSSLP, GSLC 1 The Smartphone Market The smartphone security market is expected to grow at a rate of 44 percent annually
More informationInstall Java Development Kit (JDK) 1.8 http://www.oracle.com/technetwork/java/javase/downloads/index.html
CS 259: Data Structures with Java Hello World with the IntelliJ IDE Instructor: Joel Castellanos e-mail: joel.unm.edu Web: http://cs.unm.edu/~joel/ Office: Farris Engineering Center 319 8/19/2015 Install
More informationCS 106 Introduction to Computer Science I
CS 106 Introduction to Computer Science I 01 / 21 / 2014 Instructor: Michael Eckmann Today s Topics Introduction Homework assignment Review the syllabus Review the policies on academic dishonesty and improper
More informationRemote Android Assistant with Global Positioning System Tracking
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 16, Issue 2, Ver. III (Mar-Apr. 2014), PP 95-99 Remote Android Assistant with Global Positioning System Tracking
More informationLecture 17: Mobile Computing Platforms: Android. Mythili Vutukuru CS 653 Spring 2014 March 24, Monday
Lecture 17: Mobile Computing Platforms: Android Mythili Vutukuru CS 653 Spring 2014 March 24, Monday Mobile applications vs. traditional applications Traditional model of computing: an OS (Linux / Windows),
More informationWith a single download, the ADT Bundle includes everything you need to begin developing apps:
Get the Android SDK The Android SDK provides you the API libraries and developer tools necessary to build, test, and debug apps for Android. The ADT bundle includes the essential Android SDK components
More informationEnabling Automated, Rich, and Versatile Data Management for Android Apps with BlueMountain
Enabling Automated, Rich, and Versatile Data Management for Android Apps with BlueMountain Sharath Chandrashekhara, Kyle Marcus, Rakesh G. M. Subramanya, Hrishikesh S. Karve, Karthik Dantu, Steven Y. Ko
More informationIntroduction to IBM Worklight Mobile Platform
Introduction to IBM Worklight Mobile Platform The Worklight Mobile Platform The Worklight Mobile Platform is an open, complete and advanced mobile application platform for HTML5, hybrid and native apps.
More informationMobile Application Security Testing ASSESSMENT & CODE REVIEW
Mobile Application Security Testing ASSESSMENT & CODE REVIEW Sept. 31 st 2014 Presenters ITAC 2014 Bishop Fox Francis Brown Partner Joe DeMesy Security Associate 2 Introductions FRANCIS BROWN Hi, I m Fran
More informationUser scripting on Android using BladeDroid
User scripting on Android using BladeDroid Ravi Bhoraskar, Dominic Langenegger, Pingyang He, Raymond Cheng, Will Scott, and Michael D. Ernst University of Washington {bhora, pingyh, ryscheng,wrs,mernst@cs.washington.edu
More informationAndroid Architecture. Alexandra Harrison & Jake Saxton
Android Architecture Alexandra Harrison & Jake Saxton Overview History of Android Architecture Five Layers Linux Kernel Android Runtime Libraries Application Framework Applications Summary History 2003
More informationOverview. The Android operating system is like a cake consisting of various layers.
The Android Stack Overview The Android operating system is like a cake consisting of various layers. Each layer has its own characteristics and purpose but the layers are not always cleanly separated and
More informationODROID Multithreading in Android
Multithreading in Android 1 Index Android Overview Android Stack Android Development Tools Main Building Blocks(Activity Life Cycle) Threading in Android Multithreading via AsyncTask Class Multithreading
More informationDownloading Electro Scan Smartphone App From Google Play* * Previously known as The Android Market
Downloading Electro Scan Smartphone App From Google Play* * Previously known as The Android Market Hello and Welcome to Electro Scan s Next Generation in Leak Detection Before you begin, please make sure
More informationReminders. Lab opens from today. Many students want to use the extra I/O pins on
Reminders Lab opens from today Wednesday 4:00-5:30pm, Friday 1:00-2:30pm Location: MK228 Each student checks out one sensor mote for your Lab 1 The TA will be there to help your lab work Many students
More informationAndroid Malware Characterisation. Giovanni Russello g.russello@auckland.ac.nz
Android Malware Characterisation Giovanni Russello g.russello@auckland.ac.nz Analysis of Two Malware Families DroidKungFu and AnserverBot represent the most recent incarnation of malware engineering Since
More informationAnalysis of advanced issues in mobile security in android operating system
Available online atwww.scholarsresearchlibrary.com Archives of Applied Science Research, 2015, 7 (2):34-38 (http://scholarsresearchlibrary.com/archive.html) ISSN 0975-508X CODEN (USA) AASRC9 Analysis of
More informationMonitoring, Tracing, Debugging (Under Construction)
Monitoring, Tracing, Debugging (Under Construction) I was already tempted to drop this topic from my lecture on operating systems when I found Stephan Siemen's article "Top Speed" in Linux World 10/2003.
More informationHOW SMART IS YOUR ANDROID SMARTPHONE? In Partial Fulfillment of the Requirements for the Degree Master of Computer Science
HOW SMART IS YOUR ANDROID SMARTPHONE? A Project Report Presented to The Faculty of the Department of Computer Science San José State University In Partial Fulfillment of the Requirements for the Degree
More informationGenerate Android App
Generate Android App This paper describes how someone with no programming experience can generate an Android application in minutes without writing any code. The application, also called an APK file can
More informationUranine: Real-time Privacy Leakage Monitoring without System Modification for Android
Uranine: Real-time Privacy Leakage Monitoring without System Modification for Android Vaibhav Rastogi 1, Zhengyang Qu 2, Jedidiah McClurg 3, Yinzhi Cao 4, and Yan Chen 2 1 University of Wisconsin and Pennsylvania
More informationINTRODUCTION TO OBJECTIVE-C CSCI 4448/5448: OBJECT-ORIENTED ANALYSIS & DESIGN LECTURE 12 09/29/2011
INTRODUCTION TO OBJECTIVE-C CSCI 4448/5448: OBJECT-ORIENTED ANALYSIS & DESIGN LECTURE 12 09/29/2011 1 Goals of the Lecture Present an introduction to Objective-C 2.0 Coverage of the language will be INCOMPLETE
More informationMemory Management for Android Apps Patrick Dubroy (dubroy.com @dubroy) May 11, 2011
Memory Management for Android Apps Patrick Dubroy (dubroy.com @dubroy) May 11, 2011 3 192MB RAM 4 1GB RAM Xoom 1280x800 G1 320x480 5 6 Software Work expands to fill the time available. memory 7 Overview
More informationBypassing Browser Memory Protections in Windows Vista
Bypassing Browser Memory Protections in Windows Vista Mark Dowd & Alexander Sotirov markdowd@au1.ibm.com alex@sotirov.net Setting back browser security by 10 years Part I: Introduction Thesis Introduction
More informationTable of Contents. Adding Build Targets to the SDK 8 The Android Developer Tools (ADT) Plug-in for Eclipse 9
SECOND EDITION Programming Android kjj *J} Zigurd Mednieks, Laird Dornin, G. Blake Meike, and Masumi Nakamura O'REILLY Beijing Cambridge Farnham Koln Sebastopol Tokyo Table of Contents Preface xiii Parti.
More informationIT UNIVERSITY OF COPENHAGEN. Abstract. Department of Software Development and Technology (SDT) Master s Thesis. Generic deobfuscator for Java
IT UNIVERSITY OF COPENHAGEN Abstract Department of Software Development and Technology (SDT) Master s Thesis Generic deobfuscator for Java by Mikkel B. Nielsen Obfuscation is a tool used to enhance the
More informationEnterprise Application Security Workshop Series
Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants
More informationCSCI E 98: Managed Environments for the Execution of Programs
CSCI E 98: Managed Environments for the Execution of Programs Draft Syllabus Instructor Phil McGachey, PhD Class Time: Mondays beginning Sept. 8, 5:30-7:30 pm Location: 1 Story Street, Room 304. Office
More informationAndroid Programming. Høgskolen i Telemark Telemark University College. Cuong Nguyen, 2013.06.18
Høgskolen i Telemark Telemark University College Department of Electrical Engineering, Information Technology and Cybernetics Cuong Nguyen, 2013.06.18 Faculty of Technology, Postboks 203, Kjølnes ring
More informationVersion 7.7 PREEMPTIVE SOLUTIONS DASHO. User Guide
Version 7.7 PREEMPTIVE SOLUTIONS DASHO User Guide 1998-2015 by PreEmptive Solutions, LLC All rights reserved. Manual Version 7.7 www.preemptive.com TRADEMARKS DashO, Overload-Induction, the PreEmptive
More informationMobile Application Security and Penetration Testing Syllabus
Mobile Application Security and Penetration Testing Syllabus Mobile Devices Overview 1.1. Mobile Platforms 1.1.1.Android 1.1.2.iOS 1.2. Why Mobile Security 1.3. Taxonomy of Security Threats 1.3.1.OWASP
More informationChapter 2 Getting Started
Welcome to Android Chapter 2 Getting Started Android SDK contains: API Libraries Developer Tools Documentation Sample Code Best development environment is Eclipse with the Android Developer Tool (ADT)
More informationIntroduction to Android
Introduction to Android 26 October 2015 Lecture 1 26 October 2015 SE 435: Development in the Android Environment 1 Topics for Today What is Android? Terminology and Technical Terms Ownership, Distribution,
More informationUser Manual. Gold Lock 3G Military Grade Encryption For Android OS 2.1 and Later
User Manual Gold Lock 3G Military Grade Encryption For Android OS 2.1 and Later 1 Table of Contents 1. Security Warnings...3 2. Installation...3 3. Configuration...4 4. Usage...5 2 Security Warnings -
More informationMobile Application Security: Who, How and Why
Mobile Application Security: Who, How and Why Presented by: Mike Park Managing Security Consultant Trustwave SpiderLabs Who Am I Mike Park Managing Consultant, Application Security Services, Trustwave
More informationPentesting Android Apps. Sneha Rajguru (@Sneharajguru)
Pentesting Android Apps Sneha Rajguru (@Sneharajguru) About Me Penetration Tester Web, Mobile and Infrastructure applications, Secure coding ( part time do secure code analysis), CTF challenge writer (at
More informationIntroduction to Java
Introduction to Java The HelloWorld program Primitive data types Assignment and arithmetic operations User input Conditional statements Looping Arrays CSA0011 Matthew Xuereb 2008 1 Java Overview A high
More informationA proposal to realize the provision of secure Android applications - ADMS: an application development and management system -
2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing A proposal to realize the provision of secure Android applications - ADMS: an application development
More informationStoring Encrypted Plain Text Files Using Google Android
Storing Encrypted Plain Text Files Using Google Android Abstract Jared Hatfield University of Louisville Google Android is an open source operating system that is available on a wide variety of smart phones
More information