Please log in to watch this conference skillscast.
Although hard to see at a first sight, Android applications are not completely safe – with appropriate techniques they can be reverse engineered, and the insights can be accessible by any person with the right knowledge.
Through those techniques all the valuable data from the application can be accessed – not only graphical resources, but also secret tokens, HTTP address used for connecting our own web services, passwords, algorithms, etc. Creating safe applications and knowing which techniques will prevent unauthorized access to the source code and our resources is a must nowadays.
This workshop will present three use cases on how applications can be reverse engineered. First, a single application will be decompiled, modifications will be applied on its source code, and we will see how this application can be compiled again. Secondly, we will show how we can extract from a crackme key information, such as the algorithm used to validate a key. Last, we will see a real case of reverse engineering of an application: how can we make a real code injection within an existing application.
The second part will show which tools and techniques can be used to prevent attacks. ProGuard will be introduced as the main tool to obfuscate our code, but also some general good programming and developing practices will be introduced.
The attendee will be familiar after this class also with techniques to protect stored data and to secure server interactions.
Reversing Engineering Android applications (and protecting them)
Enrique is a Google Developer Expert, and Mobile Engineer at Sixt in Munich. Among other projects he has been involved with DriveNow, Sixt and myDriver. He spends his free time developing OpenSource code, writing articles, learning languages or taking photographies. He loves nature, beer, traveling, and talking about him in third person