Thanks so much to those that joined the #AndroidDev space today. If you missed it, the recording is available right now!

Here’s a list of tools and content I talked about that you can look into to make your apps more secure 🧵
1. John Hammond

While not necessarily mobile security focussed, John's content on YouTube highlights security techniques and vulnerabilities in such an engaging way, that it made me want to dive into the mobile security space

youtube.com/c/JohnHammond0…
2. LiveOverflow

Again, despite not being mobile-focused, LiveOverflow's content makes for really compelling viewing. His recent deep dives into 'Hacking Minecraft' are particularly interesting

youtube.com/c/LiveOverflow
3. MobSF

(Now I will be focussing on the Mobile Security tools)

MobSF is a tool that can be run on your APK to perform static analysis and compile a comprehensive report of security vulnerabilities

mobsf.github.io/docs
4. apktool

As I mentioned, decompiling and recompiling an app is relatively trivial. This is normally achieved with apktool

As promised, here is a video of Flappy Bird that was recompiled to have my own face on it 😂

ibotpeaches.github.io/Apktool
5. jadx

So apktool decompiles the app, but how do we view the source code in a comprehensible way? jadx is a great tool for this. Convert your .dex files to .java and view the source. Let's hope you obfuscated...

Thanks to @MishaalRahman for mentioning

github.com/skylot/jadx
6. R8

If you want to make life harder for anyone looking to decompile your apps, then obfuscation is a must.

Thankfully, the Android team have you covered here ✨

developer.android.com/studio/build/s…
7. ProGuard & DexGuard

Of course, it wouldn't be a great list if @Guardsquare didn't feature

You may already know about ProGuard, but depending on your needs you may wish to look into the golden standard of professional mobile security tools, DexGuard

guardsquare.com/dexguard
8. Snyk / Sonarcloud

If you want to integrate security solutions into your CI pipelines, I would recommend looking into Snyk or Sonarcloud

Both have integration with Gradle projects and can alert you if anything nefarious occurs!

sonarcloud.io
snyk.io
9. OWASP Mobile Top 10

Ironically the 9th and final entry, I would highly recommend checking out the top 10 risks to mobile security as determined by OWASP

This is a great overview of some key areas to begin looking into within your app's code

owasp.org/www-project-mo…
10.

Ok, I lied. The final entry and best place to find out more about mobile security is of course, ✨ my website✨

You can find out more about OWASP Top 10, 'hacking' your app with apktool and more on Android libraries that secure your app

spght.dev
🥰 Thank you so much to @madona_syombua and @himattm for having me on

🎙 @MishaalRahman and @AdamMc331 for the questions

❤️ And of course to you, for making it this far down the list! I am always available to chat, so please find my links on my site or drop me a message here
Last tweet, I promise!

The recording of today's space is here ✨ Get it whilst it's fresh out the proverbial oven ☺️

twitter.com/i/spaces/1mrxm…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Ed Holloway-George 🍝

Ed Holloway-George 🍝 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(