Contenu connexe Similaire à Android Camp 2011 @ Silicon India (20) Android Camp 2011 @ Silicon India1. Building and Deploying
Safe and Secure Android
Apps for Enterprise
Presented by
Technology Consulting Group
at Endeavour Software Technologies
2. Session Contents
• Overview
of
Mobility
and
Mobile
Security
– Introduc6on
to
Mobility
– Mobile
Security
• Best
Prac6ces
for
Secure
So:ware
Development
• Android
OS
– Security
Architecture
and
deployment
– Android
A@ack
Surfaces
– Enterprise
features,
What
can
we
leverage?
• Ques6ons?
©
2011
Endeavour
So:ware
Technologies
2
3. Mobility
• A
Capability
Enterprise
Mobility
• Communicate
and
Access
• On
the
Move
The
ability
of
an
enterprise
to
connect
to
people
and
control
assets
from
any
loca6on.
• Any6me
• From
Anywhere
Technologies
that
support
enterprise
mobility
• Voice,
Messages,
Data
include
wireless
networks,
mobile
applica9ons,
middleware,
devices,
and
security
and
management
so;ware.
Forrester
Research
Defini9on
©
2011
Endeavour
So:ware
Technologies
3
5. Mobile Security – Everywhere!
Applica6on
Device
Level
Level
Network
Level
©
2011
Endeavour
So:ware
Technologies
5
6. Mobile Security Considerations
• Mobility
Infrastructure
– Security
is
a
key
focus
area.
– Ensuring
exis6ng
policies
is
implemented
Infrastructure
– Integra6on
with
exis6ng
tools,
systems
– Keep
devices
light,
manageable
• Mobile
Middleware
PlaXorm
– Composite
Applica6ons
Landscape
and
devices
Middleware
– Mobile
Device
Management
– Mobile
Data
Synchroniza6on
– Phased
approach
for
Common
Services
and
Applica3on
Mobile
Applica6ons
• Mobile
Applica6ons
Distribu6on
– Enterprise
distribu6on
through
OTA
to
specific
devices
©
2011
Endeavour
So:ware
Technologies
6
7. Application Security – Must Include
User
Data
Security
Authen6ca6on
on
Device
Device
Management
Data
in
Transit
and
Issue
Applica6on
Provisioning
©
2011
Endeavour
So:ware
Technologies
7
8. Mobile Security Considerations
• Creden6als
• IMEI/
2FA
Access
• OTP,
User
–
Agent
• Quick
Access
Code,
Token
• Files
Storage
• Key
Storage
• Resources
• Session
Transporta6on
• Protocols
• Connec6on
Points
©
2011
Endeavour
So:ware
Technologies
8
10. Enterprise Mobile Security – Best Practices
1. Protect
the
Brand
Your
Customers
Trust
2. Know
Your
Business
and
Support
it
with
Secure
Solu6ons
3. Understand
the
Technology
of
the
So:ware
4. Ensure
Compliance
to
Governance,
Regula6ons,
and
Privacy
5. Know
the
Basic
Tenets
of
So:ware
Security
6. Ensure
the
Protec6on
of
Sensi6ve
Informa6on
7. Design,
Develop
and
Deploy
So:ware
with
Secure
Features
©
2011
Endeavour
So:ware
Technologies
10
12. Android Security – Permission based model
• Permission-‐based
Model
– Linux
+
Android’s
Permission
– Well
defined
at
system
level
– Approved
by
user
at
install
– High-‐level
permissions
restricted
by
Android
run6me
framework
– For
example,
an
applica6on
that
needs
to
monitor
incoming
SMS
messages
would
specify
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.android.app.myapp" >
<uses-permission android:name="android.permission.RECEIVE_SMS" />
...
</manifest>
©
2011
Endeavour
So:ware
Technologies
12
13. Android Security – Remote App Management
• Remote
Install/removal
– Google
can
remove
or
install
apps
remotely
– Users
can
install
apps
remotely
from
online
Android
Market
h@p://market.android.com
©
2011
Endeavour
So:ware
Technologies
13
15. Android’s Attack Surfaces
• Isolated
applica6ons
is
like
having
mul6-‐user
system
• Single
UI/
Device
Secure
sharing
of
UI
and
IO
• Principal
maps
to
code,
not
user
(like
browsers)
• Appeals
to
user
for
all
security
decisions
• Phishing
style
a@ach
risks
• Linux,
not
Java,
Sandbox.
Na6ve
code
not
a
barrier
• Any
java
App
can
execute
shell,
load
JNI
libraries,
write
and
exec
programs
Reference
–
iSEC
PARTNERS
©
2011
Endeavour
So:ware
Technologies
15
16. Enterprise features (Froyo/ GingerBread)
• Remote
wipe
– Remotely
reset
the
device
to
factory
defaults
• Improved
security
– Addi6on
of
numeric
pin,
alphanumeric
passwords
to
unlock
the
device
• Exchange
calendars
• Auto-‐discovery
• Global
Address
List
• C2DM*
–
Cloud
to
device
messaging
*S6ll
it
is
part
of
Google
Code
Labs
©
2011
Endeavour
So:ware
Technologies
16
17. Enterprise features (Honeycomb)
• New
device
administra6on
policies
– Encrypted
storage
– Password
expira6on
– Password
history
– Complex
characters
in
password
• Configure
HTTP
proxy
for
each
connected
WiFi
access
point
(AOS
3.1
only)
• Encrypted
storage
cards
©
2011
Endeavour
So:ware
Technologies
17
18. Thanks!
• You!
– For
pa6ently
listening
to
us!
• Silicon
India
team
• Endeavour’s
Android
TCG
team
• Happy
to
receive
feedback
and
ques6ons
at
tcg@techendeavour.com
18