android app 資安實務 過去 現在 未來2017/06/27 · apk native libraries (so) x86 armeabi...
TRANSCRIPT
![Page 1: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/1.jpg)
Android App 資安實務
過去/現在/未來 Ted
![Page 2: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/2.jpg)
大綱
past
early version of app without proguard (明碼)
dexguard with encrypt class string
now
dexguard with encrypt class string + app 弱掃
https
future
sign app 安全防護
上架 app 安全防護
2017 google io security 功能
![Page 3: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/3.jpg)
![Page 4: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/4.jpg)
demo dex2jar
![Page 5: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/5.jpg)
![Page 6: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/6.jpg)
![Page 7: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/7.jpg)
![Page 8: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/8.jpg)
![Page 9: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/9.jpg)
![Page 10: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/10.jpg)
![Page 11: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/11.jpg)
![Page 12: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/12.jpg)
![Page 13: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/13.jpg)
![Page 14: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/14.jpg)
![Page 15: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/15.jpg)
![Page 16: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/16.jpg)
![Page 17: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/17.jpg)
![Page 18: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/18.jpg)
![Page 19: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/19.jpg)
![Page 20: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/20.jpg)
![Page 21: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/21.jpg)
![Page 22: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/22.jpg)
Dexguard
EncryptStrings
![Page 23: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/23.jpg)
![Page 24: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/24.jpg)
Is It Safe?
![Page 25: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/25.jpg)
![Page 26: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/26.jpg)
![Page 27: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/27.jpg)
![Page 28: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/28.jpg)
![Page 29: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/29.jpg)
![Page 30: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/30.jpg)
![Page 31: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/31.jpg)
![Page 32: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/32.jpg)
![Page 33: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/33.jpg)
這樣應該夠了吧?
![Page 34: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/34.jpg)
![Page 35: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/35.jpg)
future
1. sign app 安全防護
2.上架 app 安全防護
3. android N 之後的network security config
4. 2017 google io security 功能
![Page 36: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/36.jpg)
![Page 37: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/37.jpg)
gradle.properies
build.gradle
![Page 38: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/38.jpg)
自動上架程式
p12 控管
應該只有特定的機器可以取得
CI/CD server
你的p12 權限是什麼
絕對不要設定成最大權限
調整成你需要的權限
![Page 39: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/39.jpg)
network security config
![Page 40: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/40.jpg)
Custom trust anchors: Customize which Certificate Authorities (CA) are trusted
for an app's secure connections. For example, trusting particular self-signed
certificates or restricting the set of public CAs that the app trusts.
Debug-only overrides: Safely debug secure connections in an app without
added risk to the installed base.
Cleartext traffic opt-out: Protect apps from accidental usage of cleartext traffic.
Certificate pinning: Restrict an app's secure connection to particular certificates.
![Page 41: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/41.jpg)
![Page 42: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/42.jpg)
![Page 43: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/43.jpg)
![Page 44: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/44.jpg)
![Page 45: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/45.jpg)
![Page 46: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/46.jpg)
![Page 47: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/47.jpg)
![Page 48: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/48.jpg)
![Page 49: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/49.jpg)
last and the
most important
![Page 50: Android App 資安實務 過去 現在 未來2017/06/27 · APK Native Libraries (so) x86 armeabi v7a armeabi Drawables (.png, Jpg, xxhdpi hdpi Other Stuff (dex files, strings, assets)](https://reader034.vdocuments.site/reader034/viewer/2022042215/5ebd639caca0be17d01d5476/html5/thumbnails/50.jpg)
Summary
沒有絕對安全的處理方式
不管是dexguard & 各種加密演算法都只是增加破解難度而已
如果可以不要把重要資料存在local
如果可以不要把重要資料利用網路傳輸
如果要盡可能安全
可以偵測root device
root 就不能用
SafetyNet api
有問題的app 就不能執行
SafetyNet attestation
沒過CTS 就不能用
然後PM就會追殺你?