OWASP AppSec DC 2012/An InDepth Introduction to the Android Permissions Modeland How to Secure MultiComponent Applications

Revision as of 15:57, 2 March 2012 by Mark.bristow (talk | contribs) (Created page with "<noinclude>{{:OWASP AppSec DC 2012 Header}}</noinclude> __NOTOC__ == The Presentation == rightThis presentation is an in-depth exploration and...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Registration Now OPEN! | Hotel | Schedule | Convention Center | AppSecDC.org

The Presentation

Owasp logo normal.jpg
This presentation is an in-depth exploration and discussion of the Android permissions model. First, the overall design of the permissions model will be discussed, including how/why system permissions must be declared by an application, and then we move to creating custom permissions for developers to use in their own multi-component applications. The use of custom permissions to secure the various components that are available to Android developers is the primary topic of discussion, including the difference between public and private component, and how to lock down Activities, Services, Broadcasts and Broadcast Receivers, and then Content Providers, the most complex of the components to secure.
This presentation is an adaptation of chapters three and four from Application Security for the Android Platform (ISBN 978-1449315078), published by O'Reilly in December 2011, of which the presenter is the author.

The Speakers

Jeff Six

Gold Sponsors

Aspect logo owasp.jpg AppSecDC2009-Sponsor-securicon.gif AppSecDC2009-Sponsor-mandiant.gif AppSecDC2012-ISC2.gif

Silver Sponsors


Small Business

AppSecDC2012-Sponsor-sideas.gif BayShoreNetworks.png


link=http://www.codenomicon.com/ Codenomicon WhiteHat Logo.png AppSecDC2012-HP.jpg WSI - Logo.jpg