8. Android
• What are the security principles of Android?
– POSIX based (Linux)
– User IDs and File Access
– Permissions
– Application signing (identifies developer)
– Sandboxing (application isolation)
9. Android
• Implications of rooting your device?
– You can modify the Operating System
– You can replace all applications
– Access all application data
– Grant/revoke permissions
– Send data to and from the phone
• Others (malicious software?) can do the same!*
11. We’ll make an app that…
• Steals Facebook login from bonafide apps
– Draw Something Free
– Hootsuite
– Facebook Marketplace (Oodle)
– Soundhound
– LauncherPro
– Sleepy Jack
– Airport City, Diamonds Blaze
and others by Game Insight
16. Freek Kauffmann Paul Lammertsma
freek.kauffmann@itq.nl paul@pixplicity.com
Notas del editor
ZSC speakers / speakersonly
2:We’ll be installing an app outside of Google Play (because we’re building it from source!); don’t forget to restore the setting after the workshop
Sindsdien allerlei apps – van lollig tot onmogelijkRepudo – speelse app – KLM wereldweken, uniek nummer van Anouk, gratis Android telefoonSmart calls – Voorbeeld van het onmogelijkeSlechte Dekking – Spierballen van Android
*) although most rooting methods install Superuser, an app that shows a permission prompt when a `su` command executes
David Poll (Parse.com): “Logcat is not a safe place to put sensitive data, but it's easy to mistakenly assume that only developers will see this.”
Audience: test any app that uses Facebook to log in (i.e. Facebook app)
Copy the link, don’t visit it!Don’t forget it’s ‘https’Don’t forget the ‘.git’ at the endMind the capitalization