Secure your Android app- fight the leaks!
-
date post
19-Oct-2014 -
Category
Technology
-
view
196 -
download
2
description
Transcript of Secure your Android app- fight the leaks!
SECURE YOUR APP
FIGHT THE LEAKS!
DROIDCON PARIS 2013
EYAL LEZMY
Slides http://bit.ly/droidcon-sec
http://eyal.fr
ANDROID PRESALES ENGINEER, SAMSUNG B2B
TREASURER AT PARIS ANDROID USER GROUP
ANDROID GOOGLE DEVELOPER EXPERT
DON'T LET HIM DOWN
THE USER TRUSTS YOUCompany
Copyright © 1995-2012 SAMSUNG All rights reserved
APPS HAVE TO RESPECT THE DATA
Different ways to unintentionally grant other apps access to the data inside your application :
Exporting an unprotected component
Storing personal data in a world readable file
Logging personal data in logcat logs
Copyright © 1995-2012 SAMSUNG All rights reserved
It declares accessible app components Activity, Service, Receive,...
Adding <intent-filter>=> your element is exported by default
CHECK YOUR ANDROIDMANIFEST.XML
ContentProvider is always exported by default, until android:targetSdkVersion="17"
Copyright © 1995-2012 SAMSUNG All rights reserved
Don't export app components unless you want to share their content with other applications
<application android:label="@string/app_name">… <service android:name=".ServiceExample“ android:exported="false"> <intent-filter>
… </intent-filter>
</service>…</application>
CHECK YOUR ANDROIDMANIFEST.XML
Copyright © 1995-2012 SAMSUNG All rights reserved
Don't export app components unless you want to share their content with other applications
<application android:label="@string/app_name">… <service android:name=".ServiceExample“ android:exported="false"> <intent-filter>
… </intent-filter>
</service>…</application>
What is your legitimity to
expose data?
CHECK YOUR ANDROIDMANIFEST.XML
Copyright © 1995-2012 SAMSUNG All rights reserved
There are different permission protection levels:
normal Lower risk permission
dangerous Higher risk, access to user private data, potential negative impact
signature Needs the same certificate signature
PERMISIONS
Copyright © 1995-2012 SAMSUNG All rights reserved
Lets look at the code:
<permission android:name="com.example.EXAMPLE_PERM“ android:label="@string/example_perm_l“ android:description="@string/example_perm_d“ android:icon="@drawable/example_perm_i“ android:protectionLevel="signature" />...<service android:name=".ServiceExample“ android:permission="com.example.EXAMPLE_PERM">
<intent-filter>...</intent-filter>
</service>
PERMISIONS
Copyright © 1995-2012 SAMSUNG All rights reserved
Don't be the weakest link
private boolean checkPermission(Context context){ String permission = "com.example.EXAMPLE_PERM"; int res = context.checkCallingPermission(permission); return (res == PackageManager.PERMISSION_GRANTED);}
PERMISIONS
Always check the permission of a caller if you use your permission
Copyright © 1995-2012 SAMSUNG All rights reserved
DISABLE USELESS ACTIVITIES
Fit your components lifecycle to your application's lifecycle
If before configuration (login, account creation, ...) a service or activity is not useful, disable it
If your application handles common implicit Intent's actions like ACTION_VIEW or ACTION_SEND consider disabling it by default
Copyright © 1995-2012 SAMSUNG All rights reserved
PackageManager.setComponentEnabledSetting(componentName, newState, flags);
DISABLE USELESS ACTIVITIES
<activity android:name="com.example.Activity" android:label="@string/app_name" android:enabled="false"></activity>
Disabled:
Enabled:
Copyright © 1995-2012 SAMSUNG All rights reserved
STORING DATA WISELY
Protect personal data using MODE_PRIVATE for data files, shared preferences, and databases:
openFileOutput()openSharedPreferences() openOrCreateDatabase()
External storage (sdcard) is shared storage
Copyright © 1995-2012 SAMSUNG All rights reserved
PLEASE... SHUT THE FUCK UP!
public static final boolean SHOW_LOG = BuildConfig.DEBUG;
public static void d(final String tag, final String msg) { if (SHOW_LOG) Log.d(tag, msg);}
Don't expose data through logcat on productionDetect the build mode with BuildConfig.DEBUG
Be careful about this subject and test it during QA
Copyright © 1995-2012 SAMSUNG All rights reserved
PROTECTING APP FROM USERS
No more android:debuggable on the manifest
Don't leave this enabled in release code!
ADT 8.0+ do it for you automatically
Copyright © 1995-2012 SAMSUNG All rights reserved
$ adb shellshell@android:/ $ run-as com.android.example sh
shell@android:/data/data/com.android.example $ iduid=10060(app_60) gid=10060(app_60)
shell@android:/data/data/com.android.example $ ls files/secret_data.txt
shell@android:/data/data/com.android.example $ cat files/secret_data.txt
PROTECTING APP FROM USERS
IT'S NOT JUST ABOUT YOUR APP
INSECURE NETWORK
LOST OR STOLEN DEVICES
Copyright © 1995-2012 SAMSUNG All rights reserved
Free certified SSL: https://www.startssl.com/
USE SAFE NETWORKING
HTTPS and SSL can protect against Man in the Middle attacks and prevent casual snooping
Server certificate validity must be correctly checked"15% of apps have weak or bad SSL implementation on the Play Store"
Copyright © 1995-2012 SAMSUNG All rights reserved
...but it may help discouraging curious.
Use a peer-reviewed library like KeyCzar
Take care of the key :Create it at first start, with true randomOr grab a user key from your serverOr ask the user for a passphrase you won't store
DATA ENCRYPTION DOESN'T SOLVE ALL PROBLEMS
Copyright © 1995-2012 SAMSUNG All rights reserved
On a corporate environment, device administration can be considered
Password managementDevice encryptionDisable cameraLock the deviceRemote wipe
DEVICE ADMINISTRATION
Copyright © 1995-2012 SAMSUNG All rights reserved
BEHIND THE STAGE
The APK's content is always world readable, take care about what you put inside
Sensitive files should be kept out of the APK
Java is open source, your code tooUsing Proguard takes a single line of codeOr...Dex encryptionAAPT modified Logic on server
IT'S NOT JUST ABOUT SECURITY
THINK ABOUT POLITICS...
Copyright © 1995-2012 SAMSUNG All rights reserved
THE SECURITY PARADOX
Copyright © 1995-2012 SAMSUNG All rights reserved
"The more secure you make something, the less secure it becomes"
Level the security following the user acceptance or...Users will find workaroundsUsers won't use your service
NEVER FORGET THE USER, NEVAAAAA!
Copyright © 1995-2012 SAMSUNG All rights reserved
REFERENCES
Google I/O 2012 Sessions
Android Developpers Live Youtube channel
Android DevelopementAndroid Developement: Using Cryptography
The Commons Blog
InformationWeek: Security Paradox
ThreatPost: SLL implementation on Android apps
StartSSL Free certificates
SAMSUNG SMART APP CHALLENGE 2013
SAMSUNG SMART APP CHALLENGE 2013
A Global app challenge Apps for the Galaxy S4 Use of Samsung Chord SDK Apply June 20 - August 31
www.smartappchallenge.com
$800,000 for 10 winners
SAMSUNG DEVELOPERS
SDKs and Documentation
http://developer.samsung.com
Samsung Chord SDKBluetooth Low Energy SDK
Remote Test LabTest your applications on real devices through the internet
Free24H 365 Days
S Pen & Multi Window SDK AllShare Framework
Real Device,NOT emulator
Multiple Devices