This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, May 11 • 12:25 - 13:10
The Key Under the Doormat: Design Flaws and Vulnerabilities in Android Password Manager Applications

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
How is the reality on Android mobile, password manger applications? Can users really be sure that their secrets are stored in a secure way, even if their device gets lost or stolen? Considering this “lost device” scenario we analyzed 15 of the most popular Android password manager apps based on download count.

In our analyses, we tested the apps’ resistance against attempts to extract the user’s stored secrets and we tried to assess how hard it would be for an attacker to steal the stored secrets.

Assuming the correctness of the Android crypto API implementation, developers still can introduce conceptual flaws when using encryption. This can lead to serious vulnerabilities inside the apps.

In this talk we will present the most common implementation pitfalls and design failures. We will show that a faulty concept will break the confidentiality even without root privileges. Furthermore we explain countermeasures and best practice approaches to avoid these vulnerabilities.

avatar for Steven Arzt

Steven Arzt

Steven is a currently a researcher at the Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt. He has received a PhD, a master’s degree in computer science, and a master’s degree in IT Security from Technische Universität Darm... Read More →
avatar for Stephan Huber

Stephan Huber

Stephan Huber is a security researcher at the Testlab Mobile Security group at the Fraunhofer Institute for Secure Information Technology (SIT). His main focus is Android application security testing and developing new static and dynamic analysis t... Read More →

Thursday May 11, 2017 12:25 - 13:10
Waterfront Center: Hall 1A

Attendees (25)