Think Like an Attacker to Protect Your App
Presented by: PreEmptive (Sponsor)Time: Thursday, Jan. 09, 2:15 PM - 3:00 PM
(Presented by Peter Tefft)
Applications running in untrusted environments are especially susceptible to attack. Threats include reverse engineering, probing, and tampering. These attacks can result in your intellectual property being stolen, or in compromised versions of your app being distributed, exposing user data and causing reputational damage. In this talk, I’ll discuss and, using an Android application, demonstrate some simple ways in which an attacker might approach your application as well as countermeasures that you can take to make their job much more difficult. I’ll cover renaming elements of your code, employing control flow obfuscation, and using string encryption in order to make your code much more difficult for an attacker to navigate. Additionally, I'll discuss using checks to verify the safety of the environment in which your app is running and react accordingly if it is running in an unsafe environment.