Securing Mobile App Secrets: Preventing Credential Leaks in Android Applications

Explore the critical issue of mobile app security in this 39-minute conference talk from Android Makers by droidcon 2023. Dive into the world of secret leaks, including API keys, security certificates, and other sensitive credentials that are inadvertently exposed in source code and compiled mobile applications. Learn about real-life breaches where hackers exploited discovered credentials, gaining unauthorized access to various services. Examine the findings from GitGuardian's 2022 State of Secrets Sprawl report, revealing millions of secrets leaked publicly through source code on GitHub.com, with a focus on Android projects. Investigate research on secret leaks in Google Play Store applications, uncovering the alarming percentage of apps containing plain text secrets. Gain valuable insights into how attackers find and exploit these vulnerabilities, and discover actionable steps developers can take to prevent secret leaks and enhance the security of their mobile applications.