BlrDroid February 2014 Meetup Overview
BlrDroid organized an Android Tech meetup for all the Android developer was held on 22nd of February 2014 at Intuit India Product Development Center Pvt Ltd, Bangalore. BlrDroid had already organized many meets earlier which were successful in creating a lot of buzz among the tech people. The main Agenda of the meetup was discussion over few Android related topics below:
- Common Security Pitfalls in Android Applications, and How to Avoid Them
Speaker : By Speaker Aditya Gupta, from Attify
To talk over these sensitive topics we had Aditya Gupta, who is Founder of Attify, Co-creator of AFE (Android Framework for Exploitation) and also Speaker/Trainer at BlackHat, Toorcon, ClubHack, Nullcon, OWASP AppSec, Syscan.
Security Overview of Android Apps
• Application Sandboxing
• Data stored in /data/data/[package-name]/
• AndroidManifest.xml plays an important role
• Permissions while accessing activities, services, and content providers.
Android Security Model
Let us first know the basic Architectural model of the Android Security Model. The very first thing that we need to know is it’s based on Linux and its Security features are derived mostly from Linux. There is a separate Application Isolation. That means each app in its own DVM is isolated.
Hard Coding Sensitive Info
• Have seen some apps hardcode sensitive info
• Reversing applications
• Encrypting passwords: really common
• Use protection to prevent apps from reversing
• Don’t ever hardcode a sensitive info in an app.
Protecting against Reversing:
- Logging Sensitive Information.
- Leaking Content Providers
- Adobe Reader.
Android WebView vulnerability:
- Malicious functions with JS
- Ad Libraries
- Fix it
- SQLite Injection
- Insecure File Permissions
- Android Backup Vulnerability
- Preventing Backup vulnerability
- Network Traffic
- Securing Android Applications
ü Avoid common mistakes
ü Store data in encrypted form
ü Sending data through HTTP/insecure HTTPs
Drop a mail at email@example.com if you have any doubts about these topics.
Let’s discuss some of the highlights of Arvind Devaraj’stech talk about High Performance on GPU using OpenGL and Renderscript.
- High Performance on GPU using OpenGL and Renderscript
Speaker : Arvind Devaraj
OpenGL graphics API is used for doing the 3D operations on GPU and CPU and to achieve hardware-accelerated rendering. It is employed for rendering the 2D and 3D vector graphics.
Renderscript provide code portability to the hardware and so it increases the performance of the applicationby enabling to write greater amount of complex codes.
– Good at executing sequential code
– Handles branches well
– Same code, multiple data
– Parallelism (ideal for image rendering)
– Accelerates the Graphics
- OpenGL Drivers
-Converts API call to commands
-Commands executed in GPU/CPU, for implementation of Graphics pipeline.
- It makes the OpenGL calls to render a frame.
- Programs that execute on GPU.
- They operate on Each Vertex and Each Pixel.
Then he explains about different aspects of OpenGLES Android Graphics, Android Graphics Classes, GLSurfaceView, Shaders and different programs running on CPU /GPU.
● Advantages of Render Script: Compared to NDK, provides an easy device agnostic way to accelerate performance on GPU.
● Disadvantages Render Script: C99 standard, debugging is restricted.
Main Summary of Renderscipt:
● Renderscript is an API to access GPU
● Used for High Performance
● High Performance Compute / Graphics
● Compute, Math, FFT, convolution, Signal processing
● Support Graphics – but not a replacement for OpenGL
● Works on all GPUs (if supported by SoC ) otherwise on CPU
Drop a mail to firstname.lastname@example.org if you have any doubts about these topics.
Break for the snacks and networking opportunity also proved useful in terms of exchanging knowledge and many good views among each other.
The Demo Apps Session:
1. Breeze: This app helps the user to browse for interactive voice response options on their smartphones and so helps users to bypass all the inefficiency of going through steps.
By Manjunath Hanasi
2. Tomoeyx: It is an anti-search system that recommends the users itself for their searches by indexing the information that matches user’s taste and work.
By Vikash Ranjan
3. SkyRecorder: It is a wonderful app to record, play and share the audio in an easy and fun way. Also enables geo-tagging and many other new features.
By Soham Monthal
After all the attendees were also given cool android t-shirts to make them feel as a family and active participant of this informative tech talk.