WEBVTT 1 00:00:00.040 --> 00:00:02.640 Hey everyone, and welcome back to the Deep Dive. Today, 2 00:00:02.640 --> 00:00:06.200 we're diving headfirst into the world of Android app security. 3 00:00:06.559 --> 00:00:10.080 Oo exciting it is, right, We've got these excerpts from 4 00:00:10.359 --> 00:00:13.919 Testing and Securing Androids Studio Applications, so nice, and we're 5 00:00:13.960 --> 00:00:16.199 going to break it down figure out how to make 6 00:00:16.239 --> 00:00:19.320 sure that your Android apps are as secure as fort Knox. 7 00:00:19.879 --> 00:00:22.280 A mighty task, it is, but I think we can 8 00:00:22.320 --> 00:00:23.800 do it. You ready to get into it? 9 00:00:23.920 --> 00:00:25.120 Yeah, let's do it all right. 10 00:00:25.160 --> 00:00:27.559 So the book actually kicks off by talking about some 11 00:00:27.640 --> 00:00:31.600 core security concepts kind of like security one oh one. Yeah, 12 00:00:31.679 --> 00:00:34.320 that apply to all software, not just Android. Yeah, so 13 00:00:34.399 --> 00:00:37.640 things like access control, encryption, authentication. 14 00:00:37.439 --> 00:00:39.079 Yeah, the basics, the basics. 15 00:00:39.119 --> 00:00:42.240 It's interesting they emphasize this before even getting into like 16 00:00:42.439 --> 00:00:43.719 Android specifics. 17 00:00:44.000 --> 00:00:46.799 Yeah, it's really important to understand these kind of foundational 18 00:00:46.840 --> 00:00:49.759 pieces of security before you can even start to think 19 00:00:49.759 --> 00:00:52.719 about building a secure app. Yeah, because you know, we 20 00:00:52.799 --> 00:00:55.840 all have passwords, but what does it really mean for 21 00:00:55.880 --> 00:00:58.520 a password to be secure? What does it actually mean 22 00:00:58.560 --> 00:01:01.960 to authenticate yourself? How can you prove that you are 23 00:01:02.039 --> 00:01:03.000 who you say you are? 24 00:01:03.200 --> 00:01:03.479 Right? 25 00:01:03.759 --> 00:01:05.959 So those are the building blocks totally, and. 26 00:01:06.000 --> 00:01:09.680 The book actually quotes this guy, Boris Buyser, who's a 27 00:01:09.680 --> 00:01:13.480 software testing expert, and he says bugs lurk in corners 28 00:01:13.519 --> 00:01:15.040 and congregate at boundaries. 29 00:01:15.560 --> 00:01:16.959 Ooh, that's good. 30 00:01:17.239 --> 00:01:19.239 I feel like that's setting the stage for a whole 31 00:01:19.239 --> 00:01:20.599 lot of testing. It is. 32 00:01:20.760 --> 00:01:23.760 It means we to test everything, yeah, because those bugs 33 00:01:23.799 --> 00:01:24.519 are going to be hiden. 34 00:01:24.760 --> 00:01:26.359 Yeah. All right, so we've talked about some of the 35 00:01:26.400 --> 00:01:30.400 foundational concepts. Now let's actually talk about androids specifically. 36 00:01:30.640 --> 00:01:31.000 Okay. 37 00:01:31.079 --> 00:01:33.680 So Android seems to have like a multi layered approach 38 00:01:33.760 --> 00:01:34.519 to security. 39 00:01:34.760 --> 00:01:35.560 Yeah, it does. 40 00:01:35.719 --> 00:01:38.879 The book describes it as like an Onion architecture, oh, 41 00:01:39.560 --> 00:01:41.560 the Onion, yeah, which I thought was interesting. 42 00:01:41.680 --> 00:01:43.560 Yeah. It's a good way to think about it, because 43 00:01:43.959 --> 00:01:46.439 each layer adds an extra level of protection. 44 00:01:46.879 --> 00:01:47.200 Okay. 45 00:01:47.280 --> 00:01:50.120 So at the very core, you have the Linux kernel, 46 00:01:50.680 --> 00:01:54.000 which provides some of the most fundamental security features. Okay, 47 00:01:54.319 --> 00:01:55.879 and then on top of that you have things like 48 00:01:56.040 --> 00:01:58.920 app sandboxing, permissions, application signing. 49 00:01:59.000 --> 00:02:01.200 Okay, So let's break those down a little bit. What 50 00:02:01.400 --> 00:02:02.400 is sandboxing? 51 00:02:02.719 --> 00:02:06.239 Okay? So sandboxing basically means that each app lives in 52 00:02:06.280 --> 00:02:11.080 its own little isolated environment okay, and this prevents apps 53 00:02:11.120 --> 00:02:14.319 from interfering with each other or accessing data that they 54 00:02:14.360 --> 00:02:15.280 shouldn't have access to. 55 00:02:15.439 --> 00:02:17.080 Oh, so it's all about isolation. 56 00:02:16.879 --> 00:02:18.960 Exactly, It's all about isolation. 57 00:02:18.680 --> 00:02:21.840 Got it? Okay? What about permissions? Permissions those pop up 58 00:02:21.919 --> 00:02:23.719 every time I install an app, Yes. 59 00:02:23.560 --> 00:02:26.879 Every time on my phone. So permissions are how Android 60 00:02:26.919 --> 00:02:29.479 controls what an app can and can't do. 61 00:02:30.120 --> 00:02:30.599 Okay. 62 00:02:30.680 --> 00:02:33.479 So if an app wants to access your camera, it 63 00:02:33.520 --> 00:02:35.280 has to ask you for permission. 64 00:02:34.879 --> 00:02:37.319 First, okay. So it's like a check and balance. 65 00:02:37.039 --> 00:02:39.039 Exactly, It's a checks and balance the system. 66 00:02:38.800 --> 00:02:41.840 Gotcha, okay? And then what about application signing? 67 00:02:42.319 --> 00:02:46.439 Oh, application signing is how Android knows that an app 68 00:02:46.479 --> 00:02:50.840 is legitimate and that it hasn't been campered with. So 69 00:02:50.919 --> 00:02:53.199 every app that's published to the play Store has to 70 00:02:53.199 --> 00:02:57.039 be digitally signed, okay. And that's how your phone knows okay, 71 00:02:57.080 --> 00:02:57.960 I can trust this app. 72 00:02:58.000 --> 00:03:00.400 So it's basically like a guarantee that it can from, 73 00:03:00.439 --> 00:03:02.639 like a trusted source, a trust. 74 00:03:02.360 --> 00:03:03.919 It source, no one's messed with it. 75 00:03:03.919 --> 00:03:06.080 Right, Okay? Cool. So it seems like Android has a 76 00:03:06.080 --> 00:03:08.439 lot of built in security features. It does, but the 77 00:03:08.439 --> 00:03:12.800 book also talks about how smartphones are constantly connected and 78 00:03:12.840 --> 00:03:15.560 that kind of creates more opportunities for attacks. 79 00:03:15.639 --> 00:03:18.800 Right. Our phones are basically mini computers in our pockets. 80 00:03:19.520 --> 00:03:21.879 They're connected to the internet almost all the time. Yeah, 81 00:03:22.159 --> 00:03:24.319 so that just gives attackers more ways to try to 82 00:03:24.319 --> 00:03:24.560 get in. 83 00:03:24.599 --> 00:03:27.879 Okay. So let's say you are a developer, Okay, you're 84 00:03:27.919 --> 00:03:31.360 building an Android app. What are some of the common 85 00:03:31.639 --> 00:03:34.120 vulnerabilities that you need to watch out for. 86 00:03:34.280 --> 00:03:37.159 Well, the book talks about three really big ones. Okay, 87 00:03:37.400 --> 00:03:42.280 input validation, sequel injection, and intense spoofing. Okay, let's start 88 00:03:42.319 --> 00:03:45.759 with input validation. So imagine you have an app that 89 00:03:45.919 --> 00:03:49.280 has a form okay, and it's asking the user for 90 00:03:49.360 --> 00:03:52.039 their email address. Yeah, you need to make sure that 91 00:03:52.080 --> 00:03:55.319 the user is actually entering a valid email address. Oh okay, 92 00:03:55.400 --> 00:03:58.039 and not like trying to sneak in some malicious code 93 00:03:58.159 --> 00:03:58.560 or something. 94 00:03:58.759 --> 00:04:01.639 Is it like a pain to actually validate every single 95 00:04:01.680 --> 00:04:04.080 input it can be that a user could provide. 96 00:04:04.120 --> 00:04:07.879 But it's really important, okay, because without proper input validation, 97 00:04:08.000 --> 00:04:10.599 you're essentially leaving the front door to your app wide open. 98 00:04:11.159 --> 00:04:14.680 An attacker could exploit that to inject some harmful code 99 00:04:14.759 --> 00:04:17.439 or manipulate data to cast all sorts of problems. 100 00:04:17.480 --> 00:04:20.160 Okay, So input validation, that's something that developers really need 101 00:04:20.199 --> 00:04:23.079 to pay attention to absolutely. Okay. What about SQL injection? 102 00:04:23.600 --> 00:04:29.560 So? SQL injection is a classic attack that exploits vulnerabilities 103 00:04:29.759 --> 00:04:33.199 in how an app interacts with a database. So let's 104 00:04:33.199 --> 00:04:35.399 say you have an app that allows users to search 105 00:04:35.439 --> 00:04:38.680 for products in a database. An attacker could craft a 106 00:04:38.720 --> 00:04:43.279 malicious search query. Oh that, instead of returning search results, 107 00:04:43.759 --> 00:04:47.120 ends up deleting data from your database. Oh no, yeah, 108 00:04:47.120 --> 00:04:49.639 so it's a serious threat. Okay, the developers need to 109 00:04:49.639 --> 00:04:50.240 be aware. 110 00:04:50.040 --> 00:04:51.879 Of Okay, but are there ways to prevent it? 111 00:04:52.120 --> 00:04:57.800 Yes, thankfully there are using things like parameterized queries, which 112 00:04:58.000 --> 00:05:02.839 essentially separate the user input from the actual SEQL query itself. 113 00:05:02.920 --> 00:05:04.839 Okay, so it's like creating a barrier. 114 00:05:04.680 --> 00:05:08.600 Exactly, creating a barrier between the user's input and the 115 00:05:08.639 --> 00:05:09.279 sensitive part. 116 00:05:09.360 --> 00:05:13.120 Okay, gotcha, So input validation's sequel injection. Now what about 117 00:05:13.120 --> 00:05:14.199 intense spoofing. 118 00:05:14.839 --> 00:05:18.160 Woh, intense poofing sounds scary, it does? 119 00:05:18.279 --> 00:05:18.839 What is it? 120 00:05:19.199 --> 00:05:22.680 So? Intense spoofing is all about exploiting the way that 121 00:05:22.759 --> 00:05:25.959 Android apps can communicate with each other. Okay, So Android 122 00:05:25.959 --> 00:05:29.959 apps can send messages called intents to request actions or 123 00:05:30.000 --> 00:05:34.959 share information. An attacker can basically create a fake intent 124 00:05:36.120 --> 00:05:38.600 to trick an app into doing something it shouldn't. 125 00:05:38.839 --> 00:05:41.560 So it's like sending like a fake invitation to a party. 126 00:05:41.959 --> 00:05:43.480 Yes, exactly like that. 127 00:05:43.560 --> 00:05:46.240 Okay. So how can developers protect their apps against this? 128 00:05:47.120 --> 00:05:50.079 A couple of key things. One is to always use 129 00:05:50.160 --> 00:05:54.360 explicit intents whenever possible, okay, which means being very specific 130 00:05:54.439 --> 00:05:57.439 about which component should receive that intent. And the other 131 00:05:57.480 --> 00:06:00.079 one is to validate the data that's being received, make 132 00:06:00.120 --> 00:06:02.399 sure it's what you expect and that it hasn't been 133 00:06:02.439 --> 00:06:02.920 tampered with. 134 00:06:03.120 --> 00:06:05.199 Makes sense, all right? So I think we've covered a 135 00:06:05.240 --> 00:06:08.759 lot of ground here. We've talked about some foundational security concepts, 136 00:06:08.800 --> 00:06:13.079 how Android approaches security, and some of the most common vulnerabilities, 137 00:06:13.160 --> 00:06:16.120 the scary stuff. Yeah, but good to know, good to know. 138 00:06:16.240 --> 00:06:18.920 So I feel like we've built a pretty solid foundation here. 139 00:06:19.120 --> 00:06:21.480 We have. The walls are up, the doors are locked. 140 00:06:21.279 --> 00:06:23.920 All right, perfect, Now we need to think about protecting 141 00:06:23.959 --> 00:06:25.240 the data inside the house. 142 00:06:25.639 --> 00:06:26.639 Yes, that's next. 143 00:06:26.839 --> 00:06:28.879 So let's take a quick break and we'll be back 144 00:06:28.920 --> 00:06:30.720 to dive into the world of data privacy. 145 00:06:31.120 --> 00:06:34.720 Sounds good. So we've talked about building this secure house, right, 146 00:06:35.079 --> 00:06:37.360 thank you. Sure the walls are strong and the doors are. 147 00:06:37.240 --> 00:06:39.319 Locked, right, keeping those intruders out. 148 00:06:39.480 --> 00:06:42.199 Now, let's step inside and talk about protecting the valuables, 149 00:06:42.639 --> 00:06:44.680 those precious possessions. Data. 150 00:06:44.879 --> 00:06:48.399 Data privacy. It's such a hot topic these days, and 151 00:06:48.480 --> 00:06:51.759 for good reason. Users are trusting these apps with more 152 00:06:51.800 --> 00:06:54.759 and more of their personal information. Oh yeah, absolutely, So 153 00:06:54.800 --> 00:06:56.600 we really got to make sure we're treating it with care. 154 00:06:56.839 --> 00:06:59.360 Yeah, it's like being a bank. You need to make 155 00:06:59.399 --> 00:07:01.480 sure that you're keeping your customer's money safe. 156 00:07:02.000 --> 00:07:04.519 Right. So the book talks about all the different storage 157 00:07:04.519 --> 00:07:09.240 options available and Android. There's shared preferences, internal storage, external 158 00:07:09.240 --> 00:07:12.040 storage databases, so many ops. It's like a whole storage unit, 159 00:07:12.160 --> 00:07:13.000 it is, and you. 160 00:07:12.959 --> 00:07:14.759 Have to check the right storage unit for the right 161 00:07:14.800 --> 00:07:16.120 thing exactly. 162 00:07:16.279 --> 00:07:18.720 So let's start with shared preferences. I use this all 163 00:07:18.720 --> 00:07:21.959 the time for like user settings or app settings. Yeah, 164 00:07:22.040 --> 00:07:24.959 simple stuff. Are there any security risks with those? 165 00:07:25.199 --> 00:07:28.560 Well, Shared preferences are really convenient for those small bits 166 00:07:28.560 --> 00:07:32.279 of data. Yeah, but they're not the best choice for 167 00:07:32.399 --> 00:07:36.560 sensitive information because by default, the data that's stored and 168 00:07:36.639 --> 00:07:40.720 shared preferences is unencrypted, ah, which means it's basically visible 169 00:07:40.759 --> 00:07:42.560 to anyone who has access to the device. 170 00:07:42.920 --> 00:07:45.800 So, like, if I'm storing a user's password or apike 171 00:07:46.560 --> 00:07:48.480 shared preferences are out of the question. 172 00:07:48.680 --> 00:07:51.079 Definitely, you need a more secure storage option for that. 173 00:07:51.279 --> 00:07:53.680 Okay, So what about internal storage? Is that a step up? 174 00:07:53.759 --> 00:07:56.680 Internal storage is definitely more secure okay, because the data 175 00:07:56.720 --> 00:08:00.199 is stored in your app's private data directory Okay, and 176 00:08:00.279 --> 00:08:04.480 boxed and generally inaccessible to other apps. Gotcha, unless they 177 00:08:04.480 --> 00:08:06.079 have root access to the device. 178 00:08:06.399 --> 00:08:09.000 But what happens if an attacker gets root access? 179 00:08:09.160 --> 00:08:11.839 Well, if an attacker has root access, then it's basically 180 00:08:11.839 --> 00:08:14.600 game over. Oh no, they can access pretty much anything 181 00:08:14.600 --> 00:08:15.079 on the device. 182 00:08:15.199 --> 00:08:17.639 So even with internal storage, it's not a guarantee. 183 00:08:17.720 --> 00:08:19.160 Right, That's why we need encryption. 184 00:08:19.319 --> 00:08:22.839 Okay, So encryption is important no matter where we're storing it. Yes, 185 00:08:23.079 --> 00:08:25.839 what about external storage like an SD card? 186 00:08:26.000 --> 00:08:30.800 So external storage is typically used for data that's not 187 00:08:30.839 --> 00:08:34.240 specific to your app okay, so things like media files 188 00:08:34.240 --> 00:08:36.279 that you want users to be able to share. Yeah, 189 00:08:36.320 --> 00:08:38.320 but it's also the least secure option. 190 00:08:38.480 --> 00:08:40.200 Yeah, it seems like it because. 191 00:08:39.960 --> 00:08:43.919 Anyone can access it. So never store sensitive data on 192 00:08:44.120 --> 00:08:45.759 external storage makes sense? 193 00:08:46.000 --> 00:08:47.240 Now, what about databases? 194 00:08:47.519 --> 00:08:51.080 Databases are great for storing larger amounts of structured data, okay, 195 00:08:51.159 --> 00:08:53.919 and they offer a really good level of security, especially 196 00:08:53.919 --> 00:08:55.080 when you combine them with encryption. 197 00:08:55.679 --> 00:08:58.960 Always got to encrypt. So you keep mentioning encryption, Can 198 00:08:59.000 --> 00:09:01.360 you explain what it is and why it's so important? 199 00:09:01.799 --> 00:09:06.720 Yeah. So encryption is basically scrambling data into an unreadable 200 00:09:06.759 --> 00:09:09.000 format so that anyone who doesn't have the key to 201 00:09:09.120 --> 00:09:11.480 unscramble it just seems gibberish. 202 00:09:11.960 --> 00:09:14.799 So even if someone gets the data, it's useless without 203 00:09:14.879 --> 00:09:15.320 that key. 204 00:09:15.519 --> 00:09:16.000 Exactly. 205 00:09:16.279 --> 00:09:19.320 Okay, cool. Now you mentioned before there's like two types 206 00:09:19.360 --> 00:09:22.639 of encryption, symmetric and asymmetric. Yeah, can you break those down? 207 00:09:22.759 --> 00:09:26.159 Yeah. So symmetric encryption is like having one key that 208 00:09:26.279 --> 00:09:29.279 locks and unlocks the treasure chests. Okay, so anyone who 209 00:09:29.320 --> 00:09:32.840 has that key can access the data, gotcha. Asymmetric encryption 210 00:09:32.960 --> 00:09:35.559 is like having two keys, a public key and a 211 00:09:35.559 --> 00:09:36.200 private key. 212 00:09:36.360 --> 00:09:36.799 Okay. 213 00:09:37.080 --> 00:09:39.080 You use the public key to encrypt the data and 214 00:09:39.159 --> 00:09:40.279 the private key to DECRYPTI. 215 00:09:40.440 --> 00:09:40.759 Gotcha. 216 00:09:40.960 --> 00:09:43.840 So you can give anyone the public key, but only 217 00:09:43.879 --> 00:09:46.600 the person with the private key can actually see the data. 218 00:09:46.679 --> 00:09:50.240 It's like a super secret decoder ring exactly. But even 219 00:09:50.240 --> 00:09:52.399 with encryption, we still have to make sure those keys 220 00:09:52.399 --> 00:09:53.360 are safe. 221 00:09:53.159 --> 00:09:57.240 Right, absolutely. Key management is just as important as encryption itself. 222 00:09:57.320 --> 00:09:59.480 Okay, so what are some best practices for that. 223 00:10:00.320 --> 00:10:04.240 Ideally you want to avoid storing encryption keys directly on 224 00:10:04.279 --> 00:10:07.200 the device, Okay, If possible, you should send them to 225 00:10:07.240 --> 00:10:10.399 a secure server. So keep them somewhere else, Yeah, separate 226 00:10:10.440 --> 00:10:10.919 from the data. 227 00:10:10.919 --> 00:10:12.720 It makes sense. Well, what if, like sending the keys 228 00:10:12.759 --> 00:10:14.159 to a server isn't possible. 229 00:10:14.440 --> 00:10:18.120 Well, another option is to generate the key based on 230 00:10:18.200 --> 00:10:21.240 a password that the user has to enter each time 231 00:10:21.279 --> 00:10:23.279 they start the app. Okay, So the key is never 232 00:10:23.320 --> 00:10:27.519 actually stored anywhere permanently. Tatscha, but it's recreated each time. 233 00:10:27.919 --> 00:10:28.440 Interesting. 234 00:10:28.679 --> 00:10:30.600 Yeah, it's more secure, but it could be a little 235 00:10:30.600 --> 00:10:32.159 bit more inconvenient for the user. 236 00:10:32.399 --> 00:10:35.399 Right. It's always a balancing act, always a balancing act. Okay. 237 00:10:35.440 --> 00:10:38.679 So we've talked about protecting data at rest, Right now 238 00:10:38.720 --> 00:10:40.399 we got to think about protecting data when. 239 00:10:40.240 --> 00:10:42.200 It's moving around, data in transit. 240 00:10:42.360 --> 00:10:46.360 Yeah, exactly. And I think this is where HGTPS comes in. 241 00:10:46.519 --> 00:10:48.200 Yes, HGTTPS is our. 242 00:10:48.080 --> 00:10:50.519 Friend, right. I always see that little pad luck in 243 00:10:50.519 --> 00:10:53.000 the address bar. Yes, I feel like it makes me safe. 244 00:10:53.159 --> 00:10:57.519 It does. It means that the communication between your browser 245 00:10:58.000 --> 00:11:01.840 and the website is encrypted okay, So anyone who's trying 246 00:11:01.840 --> 00:11:04.200 to easdrop can't see what's being sent. 247 00:11:04.360 --> 00:11:07.039 So it's like sending a postcard versus sending a sealed letter, 248 00:11:07.240 --> 00:11:09.559 right exactly. So if I'm building an app that handles 249 00:11:09.559 --> 00:11:11.960 sensitive data, HTTPS is a must. 250 00:11:12.039 --> 00:11:13.600 It is absolutely essential. 251 00:11:13.759 --> 00:11:16.919 So I'm kind of curious, how does HTTPS actually work? 252 00:11:17.000 --> 00:11:18.720 What's going on behind the scenes. 253 00:11:18.960 --> 00:11:22.960 Well, HTTPS is actually a combination of the standard HTTP 254 00:11:23.360 --> 00:11:27.000 protocol okay and something called SSL or TLS. 255 00:11:27.039 --> 00:11:29.240 Okay, SSL, we talked about that before, right, like when 256 00:11:29.240 --> 00:11:30.559 we were talking about certificates. 257 00:11:30.639 --> 00:11:34.159 Yes, you write, SSL stands for Secure Sockets Layer okay, 258 00:11:34.360 --> 00:11:37.559 and TLS is Transport Layer Security okay, which is basically 259 00:11:37.639 --> 00:11:40.559 a newer, more secure version of SSL. 260 00:11:40.679 --> 00:11:41.120 Gotcha. 261 00:11:41.320 --> 00:11:43.840 But they both do essentially the same thing, which is 262 00:11:43.879 --> 00:11:47.120 to encrypt the communication between your app and a server. 263 00:11:47.320 --> 00:11:49.879 So they're like the bodyguards for our data. 264 00:11:49.720 --> 00:11:52.000 Yes, protecting it from those prying eyes. 265 00:11:52.240 --> 00:11:56.159 I like that. So when an app establishes an HTTPTS connection, 266 00:11:56.720 --> 00:11:57.720 what actually happens. 267 00:11:57.759 --> 00:12:01.159 There's a handshake process okay, where the app and the 268 00:12:01.200 --> 00:12:05.799 server agree on which encryption algorithms to use and they 269 00:12:05.799 --> 00:12:06.559 exchange keys. 270 00:12:06.639 --> 00:12:07.960 Okay, So it's like a secret meeting. 271 00:12:08.120 --> 00:12:09.159 Yeah, the secret means. 272 00:12:09.039 --> 00:12:10.919 To make sure they're on the same page, and once 273 00:12:10.960 --> 00:12:13.720 that connection is established, then all the data. 274 00:12:13.480 --> 00:12:15.399 Is encrypto exactly. It's like a secret tunnel. 275 00:12:15.480 --> 00:12:18.519 Okay. Cool. So we talked about certificates before, and I 276 00:12:18.519 --> 00:12:21.639 remember you mentioned a tool called key Tool. Yes, what 277 00:12:21.840 --> 00:12:23.440 is that and how does that play into this? 278 00:12:23.799 --> 00:12:28.039 So digital certificates are like electronic passports that verify the 279 00:12:28.120 --> 00:12:31.840 identity of a website or a server, and key tool 280 00:12:32.240 --> 00:12:33.879 is a tool that you can use to create your 281 00:12:33.919 --> 00:12:35.480 own self signed certificates. 282 00:12:35.559 --> 00:12:37.879 So like, if I'm a developer just getting started, I 283 00:12:37.919 --> 00:12:39.799 can create my own certificates to play with. 284 00:12:40.039 --> 00:12:42.879 Yes, exactly, and the book actually shows you how to 285 00:12:42.879 --> 00:12:45.120 do that. Awesome bo through the command line and through 286 00:12:45.159 --> 00:12:45.960 Android studio. 287 00:12:46.399 --> 00:12:50.320 Okay, handy, But even with HTTPS and certificates, things can 288 00:12:50.360 --> 00:12:52.879 still go wrong, right unfortunately? 289 00:12:53.000 --> 00:12:56.440 Yes, okay. Sometimes you might encounter a certificate that's self signed, 290 00:12:57.200 --> 00:13:00.080 or it was issued by a certificate authority that's not 291 00:13:00.200 --> 00:13:01.360 recognized by Android. 292 00:13:01.519 --> 00:13:04.200 So it's like having a passport from a country that 293 00:13:04.240 --> 00:13:05.360 Android doesn't trust. 294 00:13:05.759 --> 00:13:09.759 Exactly. Yeah, in those cases, you need to explicitly tell 295 00:13:09.840 --> 00:13:13.039 your app to trust that certificate. Oh okay, otherwise you'll 296 00:13:13.039 --> 00:13:13.679 get an error. 297 00:13:13.879 --> 00:13:16.080 So we have to be careful about which certificate. 298 00:13:16.159 --> 00:13:20.559 Sweet, it's very careful. Always double check and make sure 299 00:13:20.600 --> 00:13:21.720 you're handling them correctly. 300 00:13:21.799 --> 00:13:25.399 Awesome advice. Okay, so we've covered a lot today, data 301 00:13:25.519 --> 00:13:28.679 at rest, data in transit, lots of security. 302 00:13:28.240 --> 00:13:29.679 Measures, players upon layers. 303 00:13:29.759 --> 00:13:31.960 But we can't forget about one of the most important 304 00:13:32.039 --> 00:13:35.960 aspects of any secure system, which is authentication. Making sure 305 00:13:35.960 --> 00:13:37.879 we know who's at the door before we let them in. 306 00:13:38.039 --> 00:13:40.960 Yes, we've built the house, we've protected the valuables. Now 307 00:13:40.960 --> 00:13:42.360 we need to hire a good bouncer. 308 00:13:42.519 --> 00:13:46.000 Right, we'll be right back to talk all about authentication. 309 00:13:47.519 --> 00:13:50.279 Welcome back to the deep dive. We've talked about building 310 00:13:50.320 --> 00:13:53.759 a secure foundation, protecting data at rest and in transit, 311 00:13:54.120 --> 00:13:56.080 lots of layers. Now it's time to make sure we've 312 00:13:56.120 --> 00:13:56.360 got a. 313 00:13:56.360 --> 00:13:58.159 Strong front door authentication. 314 00:13:58.519 --> 00:14:01.159 Yes, so let's talk about some of the most common 315 00:14:01.200 --> 00:14:02.720 authentication methods out there. 316 00:14:03.200 --> 00:14:03.480 Right. 317 00:14:03.559 --> 00:14:07.320 The book starts with the classic, the tried and true username. 318 00:14:06.879 --> 00:14:08.399 And password, the old standby. 319 00:14:08.799 --> 00:14:10.720 But I feel like everyone knows this is not the 320 00:14:10.720 --> 00:14:11.639 most secure method. 321 00:14:11.720 --> 00:14:14.720 Yeah, it's definitely got its weaknesses. Passwords can be stolen, 322 00:14:14.840 --> 00:14:16.440 they could be guessed they could be cracked. 323 00:14:16.720 --> 00:14:19.639 People are not great at picking good passwords. So what 324 00:14:19.679 --> 00:14:21.480 are some alternatives that we can use. 325 00:14:21.840 --> 00:14:26.320 Well, one that's becoming increasingly popular is multi factor authentication 326 00:14:27.000 --> 00:14:27.639 or MFA. 327 00:14:28.000 --> 00:14:29.519 Oh yeah, MFA, I've heard of that. 328 00:14:29.600 --> 00:14:32.720 It adds an extra layer of security, okay, by requiring 329 00:14:32.840 --> 00:14:35.440 users to provide more than just their password. 330 00:14:35.600 --> 00:14:38.320 Okay, So it's like having two locks on the door exactly. 331 00:14:38.399 --> 00:14:40.919 Okay, So even if someone gets passed the first lock, 332 00:14:41.360 --> 00:14:42.879 they still need another key to get in. 333 00:14:43.279 --> 00:14:48.200 Gotcha. So MFA usually combines something the user knows, like 334 00:14:48.240 --> 00:14:51.440 a password, with something they have like a physical token 335 00:14:51.519 --> 00:14:54.679 or a code sent to their phone, right, or even 336 00:14:54.720 --> 00:14:57.519 something they are like a fingerprint or a face scan. 337 00:14:57.840 --> 00:15:00.519 Biometrics biometrics, Yeah, those again popular. 338 00:15:00.639 --> 00:15:01.919 Yeah, they're super convenient. 339 00:15:02.000 --> 00:15:02.799 They are convenient. 340 00:15:02.919 --> 00:15:04.879 But are there any downsides to using them? 341 00:15:05.360 --> 00:15:08.279 Yeah? There are some things to consider. For one thing, 342 00:15:08.360 --> 00:15:11.559 biometric data can be harder to change if it's compromised, 343 00:15:11.720 --> 00:15:14.399 that's true, And there are also privacy concerns about how 344 00:15:14.440 --> 00:15:16.000 that data is being collected. 345 00:15:15.600 --> 00:15:18.559 And stored, right, So always important to think about the 346 00:15:18.600 --> 00:15:21.879 trade offs. So the book actually walks through how to 347 00:15:21.960 --> 00:15:25.399 build a basic login system in Android. Okay, what are 348 00:15:25.440 --> 00:15:28.000 some key things developers should be thinking about when they're 349 00:15:28.000 --> 00:15:29.000 building something like that. 350 00:15:29.279 --> 00:15:32.399 Well, first and foremost, security has to be your top priority. 351 00:15:32.480 --> 00:15:32.879 Okay. 352 00:15:33.519 --> 00:15:37.039 Always use HTTPS to protect those credentials as they're being 353 00:15:37.080 --> 00:15:41.039 sent over the network, right, Never ever store passwords in 354 00:15:41.080 --> 00:15:44.519 plain text. Oh yeah, Always hash them using a strong 355 00:15:44.559 --> 00:15:46.000 hashing algorithm hashing. 356 00:15:46.039 --> 00:15:47.919 I remember we talked about that before. That's like a 357 00:15:47.919 --> 00:15:49.519 one way function, right exactly. 358 00:15:49.679 --> 00:15:52.559 You can't unscramble a hashed password, okay, So even if 359 00:15:52.600 --> 00:15:55.879 your database is compromise, the attacker can't actually see the passwords. 360 00:15:56.200 --> 00:15:58.639 Cool. Okay, And of course we already talked about MFA. 361 00:15:58.759 --> 00:15:59.720 That's always a good idea. 362 00:15:59.799 --> 00:16:01.240 Yeah, layers of security. 363 00:16:01.279 --> 00:16:05.000 Now, the book mentions something called account manager. What is that? 364 00:16:05.120 --> 00:16:09.200 So? Account manager is a class in Android okay that 365 00:16:09.320 --> 00:16:12.080 gives you access to the user accounts that are stored 366 00:16:12.120 --> 00:16:15.200 on the device. Okay, so things like Google accounts or 367 00:16:15.240 --> 00:16:17.080 accounts for other online services. 368 00:16:17.200 --> 00:16:19.720 It's like a central hub, gotcha, And you can use 369 00:16:19.759 --> 00:16:23.279 it to request authentication tokens you can, which is really cool. 370 00:16:23.399 --> 00:16:25.399 It is because it means the user doesn't have to 371 00:16:25.519 --> 00:16:27.639 enter their credentials over and over again. It just makes 372 00:16:27.639 --> 00:16:28.840 it smoother, much smoother. 373 00:16:29.000 --> 00:16:32.159 Okay. Cool, All right, so we've talked about authentication. Yeah, 374 00:16:32.279 --> 00:16:34.759 now let's move on to what I think is one 375 00:16:34.759 --> 00:16:38.919 of the most important parts of building secure software. 376 00:16:39.120 --> 00:16:40.039 Oh, I know what's coming. 377 00:16:40.679 --> 00:16:41.120 Testing. 378 00:16:41.799 --> 00:16:42.600 We have to test. 379 00:16:42.720 --> 00:16:45.200 We have to it's so important, it is. So the 380 00:16:45.200 --> 00:16:49.919 book talks about different types of testing unit testing. Yeah, 381 00:16:50.120 --> 00:16:52.759 let's start with UI testing. Why is that so important 382 00:16:52.759 --> 00:16:53.480 for security? 383 00:16:53.840 --> 00:16:56.759 Well? UI testing focuses on how a user interacts with 384 00:16:56.799 --> 00:17:00.279 the app's interface. Remember we were talking about those input 385 00:17:00.360 --> 00:17:03.840 validation vulnerabilities. UI testing can help. 386 00:17:03.679 --> 00:17:06.319 Us catch those, okay, So we can simulate a real 387 00:17:06.440 --> 00:17:09.440 user trying to break the app exactly and see if 388 00:17:09.440 --> 00:17:11.279 our input validation is actually working. 389 00:17:11.440 --> 00:17:17.200 Yes, And Android provides this great framework called UI Automator okay 390 00:17:17.279 --> 00:17:19.160 for creating automated UI tests. 391 00:17:19.200 --> 00:17:20.680 Cool, so we don't have to do it manually. 392 00:17:20.799 --> 00:17:22.720 Well, you can do it manually, but it's much easier 393 00:17:22.720 --> 00:17:25.440 to automate it. And there's also this cool tool called 394 00:17:25.559 --> 00:17:29.720 UI Automator Viewer okay, which lets you inspect the hierarchy 395 00:17:29.920 --> 00:17:30.319 of your. 396 00:17:30.240 --> 00:17:32.559 App's UI so we can see what's going on. 397 00:17:32.640 --> 00:17:34.240 Yeah, you can see all the different elements and how 398 00:17:34.240 --> 00:17:34.880 they're laid out. 399 00:17:34.920 --> 00:17:38.480 Okay, very cool. Now what about unit testing? How is 400 00:17:38.480 --> 00:17:38.960 that different? 401 00:17:39.279 --> 00:17:43.480