Android Security Symposium 2017

Lifting all boats: getting developers to improve app security

About the speaker

Hans-Christoph Steiner

Guardian Project, Vienna, Austria
Hans-Christoph Steiner spends his time making private software usable, designing interactive software with a focus on human perceptual capabilities, building networks with free software, and composing music with computers. With an emphasis on collaboration, he has worked in many forms, including free software for mobile and embedded devices, responsive sound environments, free wireless networks that help build community, musical robots that listen, programming environments allow people to play with math, and a jet-powered fish that you can ride.

Abstract

There are many proven techniques for protecting data, providing strong authentication, etc. but
actually delivering secure software is often tedious and error prone. On Android it is even worse
since most devices rarely get updates, leaving years of open issues across the spectrum of
devices that are in use. Guardian Project develops mobile apps for high risk users, such as
journalists and human rights activists, that deal with this landscape. Those techniques that we
developed are then bundled up into free, easy to use libraries. All of our work is user driven,
so we also research the user experience of developers, to learn what are the actual barriers for
getting developers to improve app security.

Security is rarely given priority in software development, so in order get developers to use
secure practices, the libraries must fit in with their existing knowledge, with minimal technical
risk. So our libraries use APIs that developers already know (e.g. android.database.*, java.io.*)
so the ramp up time for developers is really fast. This talk will also give a quick overview of
our suite of libraries, including SQLCipher-for-Android, private file stores, and hardened
network connections. Then short discussion of examples including sample code, real world apps
that use these libraries, and UI/UX patterns that work well.

Slides

Get the slides here.

Video