Download - Zarafa SummerCamp 2012 - Android Workshop
![Page 1: Zarafa SummerCamp 2012 - Android Workshop](https://reader035.vdocuments.mx/reader035/viewer/2022062703/5552f493b4c90584028b4cff/html5/thumbnails/1.jpg)
Build an app that reveals security holes on Android
Workshop
Freek Kauffmann Paul Lammertsma
![Page 2: Zarafa SummerCamp 2012 - Android Workshop](https://reader035.vdocuments.mx/reader035/viewer/2022062703/5552f493b4c90584028b4cff/html5/thumbnails/2.jpg)
1. Connect to the open wireless network
2. Android setting: allow non-market applications
3. Download AIDE from Google Play
Before we start
![Page 3: Zarafa SummerCamp 2012 - Android Workshop](https://reader035.vdocuments.mx/reader035/viewer/2022062703/5552f493b4c90584028b4cff/html5/thumbnails/3.jpg)
![Page 4: Zarafa SummerCamp 2012 - Android Workshop](https://reader035.vdocuments.mx/reader035/viewer/2022062703/5552f493b4c90584028b4cff/html5/thumbnails/4.jpg)
![Page 5: Zarafa SummerCamp 2012 - Android Workshop](https://reader035.vdocuments.mx/reader035/viewer/2022062703/5552f493b4c90584028b4cff/html5/thumbnails/5.jpg)
![Page 6: Zarafa SummerCamp 2012 - Android Workshop](https://reader035.vdocuments.mx/reader035/viewer/2022062703/5552f493b4c90584028b4cff/html5/thumbnails/6.jpg)
![Page 7: Zarafa SummerCamp 2012 - Android Workshop](https://reader035.vdocuments.mx/reader035/viewer/2022062703/5552f493b4c90584028b4cff/html5/thumbnails/7.jpg)
APPS!
![Page 8: Zarafa SummerCamp 2012 - Android Workshop](https://reader035.vdocuments.mx/reader035/viewer/2022062703/5552f493b4c90584028b4cff/html5/thumbnails/8.jpg)
Android
• What are the security principles of Android?– POSIX based (Linux)– User IDs and File Access– Permissions– Application signing (identifies developer)– Sandboxing (application isolation)
![Page 9: Zarafa SummerCamp 2012 - Android Workshop](https://reader035.vdocuments.mx/reader035/viewer/2022062703/5552f493b4c90584028b4cff/html5/thumbnails/9.jpg)
Android
• Implications of rooting your device? – You can modify the Operating System– You can replace all applications– Access all application data– Grant/revoke permissions– Send data to and from the phone
• Others (malicious software?) can do the same!*
![Page 10: Zarafa SummerCamp 2012 - Android Workshop](https://reader035.vdocuments.mx/reader035/viewer/2022062703/5552f493b4c90584028b4cff/html5/thumbnails/10.jpg)
Android
• Facebook SDK exploit (April, David Poll)– Logcat– Let’s hack this!
![Page 11: Zarafa SummerCamp 2012 - Android Workshop](https://reader035.vdocuments.mx/reader035/viewer/2022062703/5552f493b4c90584028b4cff/html5/thumbnails/11.jpg)
We’ll make an app that…
• Steals Facebook login from bonafide apps– Draw Something Free– Hootsuite– Facebook Marketplace (Oodle)– Soundhound– LauncherPro– Sleepy Jack– Airport City, Diamonds Blaze
and others by Game Insight
![Page 12: Zarafa SummerCamp 2012 - Android Workshop](https://reader035.vdocuments.mx/reader035/viewer/2022062703/5552f493b4c90584028b4cff/html5/thumbnails/12.jpg)
https://github.com/pflammertsma/FacebookThief.git
github
![Page 13: Zarafa SummerCamp 2012 - Android Workshop](https://reader035.vdocuments.mx/reader035/viewer/2022062703/5552f493b4c90584028b4cff/html5/thumbnails/13.jpg)
https://github.com/pflammertsma/FacebookThief.git
continues onnext slide…
![Page 14: Zarafa SummerCamp 2012 - Android Workshop](https://reader035.vdocuments.mx/reader035/viewer/2022062703/5552f493b4c90584028b4cff/html5/thumbnails/14.jpg)
![Page 15: Zarafa SummerCamp 2012 - Android Workshop](https://reader035.vdocuments.mx/reader035/viewer/2022062703/5552f493b4c90584028b4cff/html5/thumbnails/15.jpg)
Facebook Thief
Tap to enable the background service