Android apps security

Before I share about the Android apps security, I wish to touch on how malicious code(hacker program) was added to the apps for start.

Reverse engineering is a matter of reversing a computer program(apps) back to source code level.

Malicious code(hacker program) is than added to the computer program(apps) and recompile it again into a computer program(apps).

This computer program(apps) is than reload to a phishing site for user to download and use for free.

At this time, the computer program(apps) is look and function the same as the original one, but with malicious code(hacker program) added.

Those user which download and install the computer program(apps) also install the malicious code(hacker program).

At this time, the malicious code(hacker program) was install official with certain rights issue by the user unknowingly.

This malicious code(hacker program) will start to works based on the program when it was active(example: user playing the game(apps)).

After the malicious code(hacker program) gather the information needed, it will than send the information to a specified IP address. And this information will further misuse by the hacker in term of spam / sell it as BI.

The above demonstrate how the apps can be misuse by the hacker for their personal interest and now I wish to share how Android apps security allow this to be happen in my best knowledge as below:

Most Android apps is written in Java and Java code is compile to byte code.

This byte code can be reverse back to source code easy with a proper reverse engineering tool / software.

In due the apps itself is a compiled software, it need to allow the user to decompile it at the client side(mobile device) in order to be use.

So, the apps needed to be able to decompile / reversed back to source code.

There are some security measurement and precaution regards the above loop hole, but the awareness of this measurement is not popular to the smart phone user and more awareness campaign is needed to promote Android apps security concern.

 

Share Button