Securing The Android Apps On Your Wrist and Face presented at OWASPbasc 2014

by Jack Mannino, Geller Bedoya,

Summary : Android Wear and Google Glass introduce new ways of interacting with our apps and receiving timely, contextual information from the world around us. Smartphones and tablets are becoming the central point for sending and receiving data from wearables and sensors. Building apps for a wearable world introduces new risks as well as shifts the responsibilities for implementing security controls to other layers.
Many of the same issues we’re familiar with from past Android experiences are still relevant, while some issues are less impactful or not (currently) possible within existing wearables. At the same time, extending the app’s trust boundaries introduces new points of exposure for developers to be aware of in order to proactively defend against attacks. We want to highlight these areas, which developers may not be aware of when adding a wearable component to an existing app.
In this presentation, we will explore how Android Wear and Glass work underneath the hood. We will examine their methods of communication, data replication, and persistence options. We will examine how they fit into the Android development ecosystem and the new risks to privacy and security that need to be considered. Our goal isn’t to deter developers from building wearable apps, but to enable them to make strong security decisions throughout development.