Android Application Security, The Fun Details presented at hashdays 2010

by Jesse Burns (iSEC Partners ),

Tags: Mobile Security Android

Summary : Jesse Burns, an Android security expert who has been working with the Android platform since before it was released, explains some of the most interesting parts of Android Security. Discussing how Android's powerful security model offers to protect users, and the new types of vulnerabilities that can cause. How Android mechanisms like Binder can act like capabilities or be used to enforce permissions. Jesse will describe android's security enforcement points, discuss experiments in making the platform more flexible, and how several of the key security mechanisms in the platform tend to fail, especially when developers don't properly understand them. Jesse will also discuss some common Android security misconceptions, and make some suggestions about how Android could be further improved, hopefully without adding gross over-complexity. This will include a discussion of a tool that attempts to repackage Android applications with user, rather than developer specified permissions.