Android Security Overview and Safe Practices for Web-Based Android Applications w/ Dario Incalza – XDA:DevCon 2014
So far, we’ve talked about many things while presenting the videos from XDA:DevCon 2014. We’ve talked about robotics with Android, Robotics and Vision Oh My! w/ Shane Francis, open source with AOSP for Sony Devices: Past, Present and Future w/ Alin Jerpelea and supporting users with Shoot Troubles, Not Users w/ Alex Boag-Munroe. However, all of this knowledge needs another piece to make a successful developers, and that is security.
As a full-time Master student of engineering at the department of Computer Science at the KU Leuven University, Dario Incalza is majoring in development of secure software. He is working on a Master thesis focusing on the security of web-based Android applications. Incalza is an active member of xda-developers, and has been involved since October 2010. He has been combining Android development and security since the age of thirteen. His presentation is entitled, Android Security Overview and Safe Practices for Web-Based Android Applications.
Incalza starts with a brief overview of the different layers of the Android platform, highlighting interesting parts for attackers. The layers covered are: Android apps, Android Framework, Dalvik Virtual Machine, User-space native code, and the kernel. Next the talk covers the attack surface for Android. For example: remote attacks, physical, and local. Last, the bigger part of the presentation covers web-based apps. Incalza tries to inspire developers to take better care of security when using and developing their own web-based apps using the WebView component.
Be sure to all of our exciting xda:devcon 2014 coverage.