Overview
Explore the security implications of deep links in Android applications through this insightful conference talk from Nullcon Berlin 2022. Delve into how app developers use deep links to enhance user experience and create sophisticated campaigns, while inadvertently increasing the app's attack surface. Learn about a critical vulnerability discovered in Samsung's pre-installed Camera app that allowed unauthorized access to sensitive functions without permissions or user interaction. Understand the two main attack scenarios: exploitation by arbitrary Android apps and websites. Gain valuable insights into how such vulnerabilities can be exploited by spyware creators to develop seemingly trustworthy apps. Discover the importance of implementing proper security measures, such as custom permissions with signature protectionLevel, to safeguard sensitive deep link handlers and protect billions of users from potential privacy breaches.
Syllabus
Analysis The Dangerous Role Of Deep Links by Rahul Kankrale & Yogesh Tantak | Nullcon Berlin 2022
Taught by
nullcon