Explore mobile app security vulnerabilities and defense strategies in this TROOPERS18 conference talk. Delve into the mobile top 10 security risks, including improper platform usage, insecure communication, and insufficient cryptography. Examine real-world cases involving Tinder, Strava, and Twilio. Learn about Android code reverse engineering techniques, sandbox bypasses, and exploiting shared preferences. Investigate pin lock vulnerabilities, photo vault weaknesses, and ADB backup risks. Discover mobile payment app security issues and understand the importance of application security verification standards. Gain insights on implementing effective control categories to enhance mobile app security.
Overview
Syllabus
Intro
Who is Gustavo
How did this talk start
The first mobile top 10
Improper platform usage
Insecure communication
Insecure identification and authorization
Insufficient cryptography
Client code quality
Binary patching
Reverse engineering
Extravagant functionality
Cases in the news
Tinder
Strava
Twilio
Mobile Banking App
Android Code Reverse
Verify Resource
Give Me The Pin
Sandbox
Shared Preferences
Pin Lock
Local Pins
Backups
ADB
Pinlock
Photo Vault
Android Photo Vault
Adb Backup
Backup Findings
Another Pin Bypass
Class Dumping
Boid Methods
Code Injection
Mobile Payment App
Mobile Application Security
ASBS
Control Categories
Conclusion
Is Android better than iOS
Taught by
WEareTROOPERS
