Explore the security implications of deep links in Android applications through this insightful conference talk from Nullcon Berlin 2022. Delve into how app developers use deep links to enhance user experience and create sophisticated campaigns, while inadvertently increasing the app's attack surface. Learn about a critical vulnerability discovered in Samsung's pre-installed Camera app that allowed unauthorized access to sensitive functions without permissions or user interaction. Understand the two main attack scenarios: exploitation by arbitrary Android apps and websites. Gain valuable insights into how such vulnerabilities can be exploited by spyware creators to develop seemingly trustworthy apps. Discover the importance of implementing proper security measures, such as custom permissions with signature protectionLevel, to safeguard sensitive deep link handlers and protect billions of users from potential privacy breaches.
Overview
Syllabus
Analysis The Dangerous Role Of Deep Links by Rahul Kankrale & Yogesh Tantak | Nullcon Berlin 2022
Taught by
nullcon
Related Courses
-
Hacking Android & iOS Apps with Deep Links & XSS - Mobile Hacking
-
Common Android Deep Links and WebViews Exploitations - Mobile Hacking
-
Mobile Hacking - Exploiting Android Deep Links and Exported Components
-
An Analysis of Pre-installed Android Software
-
Start Arbitrary Activity App Components as the System User Vulnerability Affecting Samsung Android
-
Following Devil's Footprints - Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS
