droidcon secureyourapp fighttheleaks-samsung

27
SECURE YOUR APP FIGHT THE LEAKS! DROIDCON PARIS 2013

Upload: ottot

Post on 12-May-2015

334 views

Category:

Technology


0 download

TRANSCRIPT

Page 1: Droidcon secureyourapp fighttheleaks-samsung

SECURE YOUR APPFIGHT THE LEAKS!

DROIDCON PARIS 2013

Page 2: Droidcon secureyourapp fighttheleaks-samsung

EYAL LEZMY

Slides http://bit.ly/droidcon-sec

http://eyal.fr

ANDROID PRESALES ENGINEER, SAMSUNG B2B

TREASURER AT PARIS ANDROID USER GROUP

ANDROID GOOGLE DEVELOPER EXPERT

Page 3: Droidcon secureyourapp fighttheleaks-samsung

DON'T LET HIM DOWN

THE USER TRUSTS YOUCompany

Page 4: Droidcon secureyourapp fighttheleaks-samsung

Copyright © 1995-2012 SAMSUNG All rights reserved

APPS HAVE TO RESPECT THE DATA

Different ways to unintentionally grant other apps access to the data inside your application :

Exporting an unprotected component

Storing personal data in a world readable file

Logging personal data in logcat logs

Page 5: Droidcon secureyourapp fighttheleaks-samsung

Copyright © 1995-2012 SAMSUNG All rights reserved

It declares accessible app components Activity, Service, Receive,...

Adding <intent-filter>=> your element is exported by default

CHECK YOUR ANDROIDMANIFEST.XML

ContentProvider is always exported by default, until android:targetSdkVersion="17"

Page 6: Droidcon secureyourapp fighttheleaks-samsung

Copyright © 1995-2012 SAMSUNG All rights reserved

Don't export app components unless you want to share their content with other applications

<application android:label="@string/app_name">… <service android:name=".ServiceExample“ android:exported="false"> <intent-filter>

… </intent-filter>

</service>…</application>

What is your legitimity to

expose data?

CHECK YOUR ANDROIDMANIFEST.XML

Page 7: Droidcon secureyourapp fighttheleaks-samsung

Copyright © 1995-2012 SAMSUNG All rights reserved

There are different permission protection levels:

normal Lower risk permission

dangerous Higher risk, access to user private data, potential negative impact

signature Needs the same certificate signature

PERMISIONS

Page 8: Droidcon secureyourapp fighttheleaks-samsung

Copyright © 1995-2012 SAMSUNG All rights reserved

Lets look at the code:

<permission android:name="com.example.EXAMPLE_PERM“ android:label="@string/example_perm_l“ android:description="@string/example_perm_d“ android:icon="@drawable/example_perm_i“ android:protectionLevel="signature" />...<service android:name=".ServiceExample“ android:permission="com.example.EXAMPLE_PERM">

<intent-filter>...</intent-filter>

</service>

PERMISIONS

Page 9: Droidcon secureyourapp fighttheleaks-samsung

Copyright © 1995-2012 SAMSUNG All rights reserved

Don't be the weakest link

private boolean checkPermission(Context context){ String permission = "com.example.EXAMPLE_PERM"; int res = context.checkCallingPermission(permission); return (res == PackageManager.PERMISSION_GRANTED);}

PERMISIONS

Always check the permission of a caller if you use your permission

Page 10: Droidcon secureyourapp fighttheleaks-samsung

Copyright © 1995-2012 SAMSUNG All rights reserved

DISABLE USELESS ACTIVITIES

Fit your components lifecycle to your application's lifecycle

If before configuration (login, account creation, ...) a service or activity is not useful, disable it

If your application handles common implicit Intent's actions like ACTION_VIEW or ACTION_SEND consider disabling it by default

Page 11: Droidcon secureyourapp fighttheleaks-samsung

Copyright © 1995-2012 SAMSUNG All rights reserved

PackageManager.setComponentEnabledSetting(componentName, newState, flags);

DISABLE USELESS ACTIVITIES

<activity android:name="com.example.Activity" android:label="@string/app_name" android:enabled="false"></activity>

Disabled:

Enabled:

Page 12: Droidcon secureyourapp fighttheleaks-samsung

Copyright © 1995-2012 SAMSUNG All rights reserved

STORING DATA WISELY

Protect personal data using MODE_PRIVATE for data files, shared preferences, and databases:

openFileOutput()openSharedPreferences()

openOrCreateDatabase()

External storage (sdcard) is shared storage

Page 13: Droidcon secureyourapp fighttheleaks-samsung

Copyright © 1995-2012 SAMSUNG All rights reserved

PLEASE... SHUT THE FUCK UP!

public static final boolean SHOW_LOG = BuildConfig.DEBUG;

public static void d(final String tag, final String msg) { if (SHOW_LOG) Log.d(tag, msg);}

Don't expose data through logcat on productionDetect the build mode with BuildConfig.DEBUG

Be careful about this subject and test it during QA

Page 14: Droidcon secureyourapp fighttheleaks-samsung

Copyright © 1995-2012 SAMSUNG All rights reserved

PROTECTING APP FROM USERS

No more android:debuggable on the manifest

Don't leave this enabled in release code!

ADT 8.0+ do it for you automatically

Page 15: Droidcon secureyourapp fighttheleaks-samsung

Copyright © 1995-2012 SAMSUNG All rights reserved

$ adb shellshell@android:/ $ run-as com.android.example sh

shell@android:/data/data/com.android.example $ iduid=10060(app_60) gid=10060(app_60)

shell@android:/data/data/com.android.example $ ls files/secret_data.txt

shell@android:/data/data/com.android.example $ cat files/secret_data.txt

PROTECTING APP FROM USERS

Page 16: Droidcon secureyourapp fighttheleaks-samsung

IT'S NOT JUST ABOUT YOUR APP

INSECURE NETWORK

LOST OR STOLEN DEVICES

Page 17: Droidcon secureyourapp fighttheleaks-samsung

Copyright © 1995-2012 SAMSUNG All rights reserved

Free certified SSL: https://www.startssl.com/

USE SAFE NETWORKING

HTTPS and SSL can protect against Man in the Middle attacks and prevent casual snooping

Server certificate validity must be correctly checked"15% of apps have weak or bad SSL implementation on the Play Store"

Page 18: Droidcon secureyourapp fighttheleaks-samsung

Copyright © 1995-2012 SAMSUNG All rights reserved

...but it may help discouraging curious.

Use a peer-reviewed library like KeyCzar

Take care of the key :Create it at first start, with true randomOr grab a user key from your serverOr ask the user for a passphrase you won't store

DATA ENCRYPTION DOESN'T SOLVE ALL PROBLEMS

Page 19: Droidcon secureyourapp fighttheleaks-samsung

Copyright © 1995-2012 SAMSUNG All rights reserved

On a corporate environment, device administration can be considered

Password managementDevice encryptionDisable cameraLock the deviceRemote wipe

DEVICE ADMINISTRATION

Page 20: Droidcon secureyourapp fighttheleaks-samsung

Copyright © 1995-2012 SAMSUNG All rights reserved

BEHIND THE STAGE

The APK's content is always world readable, take care about what you put inside

Sensitive files should be kept out of the APK

Java is open source, your code tooUsing Proguard takes a single line of codeOr...Dex encryptionAAPT modified Logic on server

Page 21: Droidcon secureyourapp fighttheleaks-samsung

IT'S NOT JUST ABOUT SECURITY

THINK ABOUT POLITICS...

Page 22: Droidcon secureyourapp fighttheleaks-samsung

Copyright © 1995-2012 SAMSUNG All rights reserved

THE SECURITY PARADOX

Page 23: Droidcon secureyourapp fighttheleaks-samsung

Copyright © 1995-2012 SAMSUNG All rights reserved

"The more secure you make something, the less secure it becomes"

Level the security following the user acceptance or...Users will find workaroundsUsers won't use your service

NEVER FORGET THE USER, NEVAAAAA!

Page 25: Droidcon secureyourapp fighttheleaks-samsung

SAMSUNG SMART APP CHALLENGE 2013

SAMSUNG SMART APP CHALLENGE 2013

A Global app challenge Apps for the Galaxy S4 Use of Samsung Chord SDK Apply June 20 - August 31

www.smartappchallenge.com

$800,000 for 10 winners

Page 26: Droidcon secureyourapp fighttheleaks-samsung

SAMSUNG DEVELOPERS

SDKs and Documentation

http://developer.samsung.com

Samsung Chord SDKBluetooth Low Energy SDK

Remote Test LabTest your applications on real devices through the internet

Free24H 365 Days

S Pen & Multi Window SDK AllShare Framework

Real Device,NOT emulator

Multiple Devices

Page 27: Droidcon secureyourapp fighttheleaks-samsung

THANK YOU!

Slides http://bit.ly/droidcon-sec

http://eyal.fr