Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Intent Security in Android: Best Practices for Developers

OWASP Foundation via YouTube

Overview

Explore the intricacies of Android intents and their security implications in this 39-minute conference talk from AppSecEU 2014. Delve into how intents enable interprocess communications and collaboration, while also introducing potential vulnerabilities such as spoofing, hijacking, and data theft. Learn about the defensive approaches needed to secure intents properly, including validating assumptions and implementing old techniques in new ways. Gain insights into intent functionality under the hood, best practices for securing your intents, and strategies for developing more secure Android applications. Aimed primarily at app developers, this talk by Andrew Lee-Thorp, a Senior Consultant at Cigital Ltd, covers topics like explicit and implicit intents, intent filters, permissions, and practical examples of both vulnerable and secure implementations.

Syllabus

Introduction
About me
About you
Quick primer
Intent
Intent Example
Explicit Intent
Implicit Intent
Intent Filters
Intense
Permissions
Rules
Export
Uncertainty
Same old same old
Empty intent
Verify origin
Use explicit intents
Local Broadcast Manager
Unauthorized Intent Recipient
Sequel Injection
Avoid Sending Sensitive Data
Example
The standard behavior
Example Bad App
Example Good App
The Fix
Summary
Custom permissions
Push notifications

Taught by

OWASP Foundation

Reviews

Start your review of Intent Security in Android: Best Practices for Developers

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.