Thanks so much to those that joined the #AndroidDev space today. If you missed it, the recording is available right now!
Here’s a list of tools and content I talked about that you can look into to make your apps more secure 🧵
Here’s a list of tools and content I talked about that you can look into to make your apps more secure 🧵
1. John Hammond
While not necessarily mobile security focussed, John's content on YouTube highlights security techniques and vulnerabilities in such an engaging way, that it made me want to dive into the mobile security space
youtube.com/c/JohnHammond0…
While not necessarily mobile security focussed, John's content on YouTube highlights security techniques and vulnerabilities in such an engaging way, that it made me want to dive into the mobile security space
youtube.com/c/JohnHammond0…
2. LiveOverflow
Again, despite not being mobile-focused, LiveOverflow's content makes for really compelling viewing. His recent deep dives into 'Hacking Minecraft' are particularly interesting
youtube.com/c/LiveOverflow
Again, despite not being mobile-focused, LiveOverflow's content makes for really compelling viewing. His recent deep dives into 'Hacking Minecraft' are particularly interesting
youtube.com/c/LiveOverflow
3. MobSF
(Now I will be focussing on the Mobile Security tools)
MobSF is a tool that can be run on your APK to perform static analysis and compile a comprehensive report of security vulnerabilities
mobsf.github.io/docs
(Now I will be focussing on the Mobile Security tools)
MobSF is a tool that can be run on your APK to perform static analysis and compile a comprehensive report of security vulnerabilities
mobsf.github.io/docs
4. apktool
As I mentioned, decompiling and recompiling an app is relatively trivial. This is normally achieved with apktool
As promised, here is a video of Flappy Bird that was recompiled to have my own face on it 😂
ibotpeaches.github.io/Apktool
As I mentioned, decompiling and recompiling an app is relatively trivial. This is normally achieved with apktool
As promised, here is a video of Flappy Bird that was recompiled to have my own face on it 😂
ibotpeaches.github.io/Apktool
5. jadx
So apktool decompiles the app, but how do we view the source code in a comprehensible way? jadx is a great tool for this. Convert your .dex files to .java and view the source. Let's hope you obfuscated...
Thanks to @MishaalRahman for mentioning
github.com/skylot/jadx
So apktool decompiles the app, but how do we view the source code in a comprehensible way? jadx is a great tool for this. Convert your .dex files to .java and view the source. Let's hope you obfuscated...
Thanks to @MishaalRahman for mentioning
github.com/skylot/jadx
6. R8
If you want to make life harder for anyone looking to decompile your apps, then obfuscation is a must.
Thankfully, the Android team have you covered here ✨
developer.android.com/studio/build/s…
If you want to make life harder for anyone looking to decompile your apps, then obfuscation is a must.
Thankfully, the Android team have you covered here ✨
developer.android.com/studio/build/s…
7. ProGuard & DexGuard
Of course, it wouldn't be a great list if @Guardsquare didn't feature
You may already know about ProGuard, but depending on your needs you may wish to look into the golden standard of professional mobile security tools, DexGuard
guardsquare.com/dexguard
Of course, it wouldn't be a great list if @Guardsquare didn't feature
You may already know about ProGuard, but depending on your needs you may wish to look into the golden standard of professional mobile security tools, DexGuard
guardsquare.com/dexguard
8. Snyk / Sonarcloud
If you want to integrate security solutions into your CI pipelines, I would recommend looking into Snyk or Sonarcloud
Both have integration with Gradle projects and can alert you if anything nefarious occurs!
sonarcloud.io
snyk.io
If you want to integrate security solutions into your CI pipelines, I would recommend looking into Snyk or Sonarcloud
Both have integration with Gradle projects and can alert you if anything nefarious occurs!
sonarcloud.io
snyk.io
9. OWASP Mobile Top 10
Ironically the 9th and final entry, I would highly recommend checking out the top 10 risks to mobile security as determined by OWASP
This is a great overview of some key areas to begin looking into within your app's code
owasp.org/www-project-mo…
Ironically the 9th and final entry, I would highly recommend checking out the top 10 risks to mobile security as determined by OWASP
This is a great overview of some key areas to begin looking into within your app's code
owasp.org/www-project-mo…
10.
Ok, I lied. The final entry and best place to find out more about mobile security is of course, ✨ my website✨
You can find out more about OWASP Top 10, 'hacking' your app with apktool and more on Android libraries that secure your app
spght.dev
Ok, I lied. The final entry and best place to find out more about mobile security is of course, ✨ my website✨
You can find out more about OWASP Top 10, 'hacking' your app with apktool and more on Android libraries that secure your app
spght.dev
🥰 Thank you so much to @madona_syombua and @himattm for having me on
🎙 @MishaalRahman and @AdamMc331 for the questions
❤️ And of course to you, for making it this far down the list! I am always available to chat, so please find my links on my site or drop me a message here
🎙 @MishaalRahman and @AdamMc331 for the questions
❤️ And of course to you, for making it this far down the list! I am always available to chat, so please find my links on my site or drop me a message here
Last tweet, I promise!
The recording of today's space is here ✨ Get it whilst it's fresh out the proverbial oven ☺️
twitter.com/i/spaces/1mrxm…
The recording of today's space is here ✨ Get it whilst it's fresh out the proverbial oven ☺️
twitter.com/i/spaces/1mrxm…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
