Securing apps, ”at scale”
base program
app-release-plain.apk
automatic string decryption
b.a()
Android Studio’s build.gradle file
class naming
command
Docker Hub
MainActivity.class file
MainActivity.kt source code
nonalphabetic characters
reversed MainActivity.class file
reversed MainActivity.class file, ProGuard
reversed TestModule.class file
testModule.kt source code
class remaining
NOP/code injection
spaghetti code/control flow alteration
string encryption
vulnerability assessment
SSL pinning
Android client
back-end server
breaking SSL
certificates
Certbot
DV
EV
OV
self-signed
verification
connection
handshake
Network Security Configuration
OpenSSL
techniques
testing traffic interception, Brup Suite
Static source code security analysis
developer training
example
missing source code
setting up
third-party libraries/dependencies
“trust but verify” ethos
StringBuilder’s append method