Loading...
Home
  • Tech Blogs
  • Videos
  • Conferences
    • Droidcon News
    • Upcoming Conferences
    • Become a Partner
    • Past Events
    • Keep Me Informed
    • Diversity Scholarships
  • Community
    • droidcon Team
    • How to Hold a Droidcon
  • Android Careers
Sign In

Global CSS

droidcon News
 

droidcon San Francisco 2019

Share
Tweet

 

Results of Scanning the Top 45 Android Mobile Banking Apps
By
Scott King
droidcon San Francisco 2019
This session provides details on development best practices, data leakage risk and security exposure for 45 Android mobile apps from the top US banks and mobile payment providers. The research displays vulnerabilities in consumer mobile banking apps and the correlating risk they introduce for banks and mobile users. Several of the mobile banking applications score low on application development best practices, use of shared or outdated code and overuse of third-party services or SDKs. The knowledge gained here will enable developers and mobile banking channel owners insight on the exact items needed to build more secure banking apps and to reduce banking fraud via the mobile channel.
Transcript
English
00:00
[Music]
00:14
all right hi everyone thanks for coming
00:16
to my talk my name is Scott King and you
00:20
may know you may wonder why there's a an
00:24
x-ray up there but we're going to talk
00:27
about scanning and so when I give you an
00:29
idea is you know what do you do with a
00:33
scan
00:35
so droidcon asked on Twitter if if you
00:41
win a free hotel you just retweet and
00:44
tell them what you're looking forward to
00:47
for joyed con so I tweeted well I'm
00:49
looking forward to show people my spine
00:51
and that is my spine
00:54
even though how crooked it is and so
00:56
congratulations by by showing on Twitter
01:00
my spine I want a free hotel so who says
01:03
that Twitter doesn't pay so there's a
01:05
there you go but we're going to talk
01:08
about how mobile banking apps are not
01:10
created equal
01:12
okay and this is a research paper that
01:13
we put together at some period you can
01:15
go to our website and download it and
01:17
you can provide all the details and look
01:20
at all the details in there but what I
01:21
want to do is give you a little bit idea
01:23
on the state of mobile banking we're
01:26
going to talk about the OWASP mobile top
01:28
ten and then how making the mobile
01:31
banking apps compare for privacy and
01:34
security apps so we scanned the top apps
01:36
and we're going to disclose to you some
01:38
of the scary stuff that we found inside
01:40
there and some of the common issues that
01:42
we find so to begin with you know mobile
01:49
banking and the mobile operating system
01:51
is the largest operating system by
01:54
market share so you can see here that
01:57
over 55% of all the devices on the
02:00
Internet are mobile Android is about 41
02:03
to Windows is about 35% so the Green
02:09
Line indicates actually Android and iOS
02:11
put together but Android is still
02:13
is still the largest so mobile banking
02:18
so you can look here about 55% of the
02:22
people that actually have a baking
02:24
account checking account savings account
02:26
actually access that on a mobile device
02:28
so this is research from the US Federal
02:31
Reserve they had to put together a
02:33
couple of different papers because they
02:35
don't do this research consistently but
02:37
mobile banking is big ok who uses a
02:40
mobile banking app raise your hand okay
02:44
anybody that does not okay cuz you have
02:48
it like a web phone or something right
02:50
okay so you may or may not have your
02:57
bank represented here these are the
03:00
number of mobile banking users at the
03:02
largest banks so the number one is
03:05
JPMorgan Chase
03:06
they have about 33 million users this is
03:09
per everyone's annual report so this is
03:11
public data you can go look this up
03:13
yourself too but American Express Visa
03:16
all the way down there to Comerica has a
03:18
couple of different a couple million
03:20
users but all together this is a hundred
03:25
and eighty four million users across
03:26
these banks so roughly half so that you
03:30
know kind of makes sense if 55 percent
03:32
of us use mobile banking apps it's about
03:35
half the population of us so I showed
03:41
this to kind of give a perspective on
03:44
the perception of mobile banking and so
03:48
you can read this this is from the
03:49
United States Federal Reserve System and
03:52
they make our money right so so they're
03:55
paying attention to this an interesting
03:58
if I point out a section of the text
04:01
here you know they say mobile banking is
04:04
great it's convenient but a
04:07
well-designed and secure mobile platform
04:10
is likely needed for mobile banking to
04:12
be a reliable banking Channel
04:15
that's pretty scary right because we
04:17
trust our mobile devices they have
04:20
security features you know everyone you
04:23
you don't know what you don't know which
04:25
is why when I went and got an
04:27
sorry cuz my back hurt and I saw my
04:30
spine I was like I didn't know what I
04:33
didn't know so then I took corrective
04:34
actions ok so here's another is from
04:38
u.s. bank anybody from u.s. bank here
04:41
good I try to picked a bank that was not
04:44
gonna be here so so you can look and
04:51
there's again there's a lot of text in
04:54
here but I'm gonna highlight certain
04:55
sections ok and what this says is
05:02
basically mobile banking and third-party
05:05
systems and cloud systems are scary as
05:07
hell if you go download an annual report
05:10
from a bank they all have this so if you
05:14
if you're using mobile banking go get
05:17
the annual report just do control F for
05:20
cloud 3rd and mobile and then you'll
05:23
think twice about whether or not you're
05:25
gonna put your college funds or your
05:27
checking account or your vacation funds
05:29
through your mobile device because they
05:31
all they all state the risk and the risk
05:34
is that we can't really control the
05:37
ecosystem because we manage our own
05:40
devices so consumers manage their own
05:43
devices you know you guys are smart you
05:45
know how all this works but if you think
05:47
about your non-technical neighbors you
05:50
know they just click yes you know in
05:52
order to use this you must click yes ok
05:55
I'll do it
05:59
so this is statement from from Gartner
06:02
so anybody pay attention to Gartner cuz
06:06
us as a vendor we pay them a lot of
06:08
money because you guys pay attention to
06:10
Gartner and they say mobile malware will
06:12
constitute 30% of all malware this year
06:17
anybody think that's high or low no one
06:22
thinks I think it's high so if you agree
06:24
with me 30% it's pretty high we do see a
06:28
lot of malware and it gets delivered in
06:30
all different ways but 30% is I think
06:34
it's a little high but we'll see at the
06:35
end of the year and then this guy so
06:37
this guy's in the news a lot he has to
06:39
be the CEO of the
06:40
u.s. is largest bank and says the threat
06:43
of cybersecurity may be very well the
06:46
biggest threat to the US financial
06:48
system it's pretty scary and you know
06:54
maybe he knows a thing or two through
06:56
the downturn through the upturn and then
06:59
what mobile banking and banking system
07:01
is is actually going to happen but what
07:04
can really happen if something goes
07:07
wrong so anybody know what Tesco is
07:11
there in the UK again they're probably
07:14
not here okay so which is why I picked
07:15
this one
07:16
so Tesco Bank and anybody know what
07:20
happened to Tesco Bank through the
07:21
mobile banking app you've heard of them
07:24
nothing all right
07:26
so hackers stole two and a half million
07:29
pounds from Tesco Bank overnight from
07:33
9000 different accounts and there's 9000
07:36
different accounts not all of them were
07:38
mobile banking users but what they did
07:41
was they reverse engineered the mobile
07:43
banking app found all the app secrets
07:45
found the API secrets and went in
07:47
through the Swift system and withdrew
07:50
two and a half million pounds and they
07:51
were gone they've never been caught and
07:54
it's so the financial conduct authority
07:56
which is basically like our Federal
07:58
Reserve System over here
07:59
they found Tesco sixteen point four
08:03
million pounds which was you know five
08:05
times greater than what the hackers
08:07
actually stole so not only do you get
08:10
hacked and your brand gets deteriorated
08:12
and customers are pissed off then the
08:16
authorities come and then they they find
08:18
you again right so the the fines and the
08:20
brand reputation of when this happens is
08:23
a really big deal all right
08:25
so if I scared you enough all right so a
08:30
little bit about this talk so what so we
08:34
as imperium have a couple different
08:36
technologies and we actually have a
08:38
technology that will actually scan your
08:40
mobile application and tell you if it's
08:42
good or bad
08:43
right it's a very goldilocks you know
08:45
this app is not secure enough this one's
08:47
too secure this is the user degradation
08:50
loosen it up all right so we have these
08:52
really long reports
08:54
the developers can read and make sense
08:56
of you know what's wrong with the app
08:59
and so what we've since done is we've
09:03
taken this system and actually provide a
09:05
more developer centric view so if you
09:09
are checking in code and you have team
09:11
city or you have Jenkins I'll scan your
09:14
application every night and I'll tell
09:16
you whether or not you're making your
09:18
application better or worse every day
09:21
and so you can get some health data you
09:25
know who is using your app and and you
09:28
know if it has security issues or
09:31
privacy issues all right now now to the
09:35
meat so I scanned 90 different
09:39
applications from 45 banks so I did the
09:43
iOS and the Android apps as well and
09:46
then I scored them on the OS mobile top
09:48
10
09:49
does anybody pay attention to the OS
09:51
Mobile top 10 all right so you guys know
09:54
what it is so essentially what we did is
09:57
we gave all the apps a passing and
09:60
failing grade so for the improper
10:03
platform usage everyone passed in the
10:06
numbers at the bottom these are
10:07
percentages so if you think of the 45
10:10
different banks a hundred percent so
10:13
that's 45 not a hundred apps insecure
10:16
data storage about 75 percent of the
10:19
apps failed for this and then
10:22
interesting reverse engineering so this
10:24
is your your opera station most banking
10:28
apps failed for this like when we scan
10:30
them we could see everything in there
10:32
and then to juxtapose this here is
10:37
travel apps so this is your hotel
10:42
airline anything travel related so I
10:46
just kind of did that to juxtapose right
10:49
so the the travel apps are actually
10:51
built more securely than mobile banking
10:53
all right so the irony
10:58
so permissions so we looked at what
11:01
permissions all of these apps have
11:05
camera
11:06
that kind of makes sense to me I take
11:08
pictures of my checks to deposit them if
11:11
someone you know like my grandmother
11:12
mails me a check or something location
11:15
that makes sense too I need to know
11:17
where an ATM location is contacts okay
11:21
maybe maybe I need to send a friend some
11:24
money but calendar
11:28
why is my bank need to know what meaning
11:30
I'm in so I mean is it just me
11:36
screenshots do you really need to take a
11:40
screenshot of my device I figure mobile
11:44
banking up device ID this is pretty bad
11:47
too especially with so we have a lot of
11:51
international customers so GDP our
11:53
California Privacy Act coming up device
11:56
serial number that's a no-no you don't
11:58
need to know my serial number you don't
11:60
need any identification on me other than
12:02
my username right so this same chart
12:09
compared with iOS so iOS it's a lot more
12:14
pervasive on privacy so just to
12:17
juxtapose that took a look at
12:21
advertising so what type of advertising
12:24
goes on inside of the mobile banking
12:27
applications ooh BRR there's a Oh BRR
12:32
SDK in a mobile banking app does anybody
12:36
know why that would be their expenses
12:42
possibly anything else like I have no
12:47
idea why it's in there it's it Google+
12:53
somebody still has that in their Google+
12:55
doesn't even exist anymore but it's it's
12:58
still there the Facebook SDK yeah okay I
13:03
get it
13:04
and then the Google ads and things like
13:05
that you want to advertise to me I
13:08
tested one of these I downloaded one and
13:10
and I said okay you know what are they
13:12
really doing so I put my personal
13:14
account information in there and then I
13:16
looked at all my activity and every
13:19
fourth row was
13:20
add I'm like man this is pissing me off
13:22
like you already know what I buy why
13:25
don't you know why do you need them we
13:26
buy more right you just money-hungry I
13:29
guess and so I looked at shared code and
13:34
so when we scan all the apps they're in
13:36
a public database well it's not public
13:38
but a paying customer so if you're a
13:40
paying customer you can see all this and
13:42
the one of the apps in the bottom over
13:46
it's like over 90% is shared code it's
13:50
like somebody else's app they just
13:51
copied it and and so some of the there's
13:54
there's only 12 that don't have shared
13:56
code out of it and then the bottom 2/3
13:60
at least some shared code and I you know
14:03
they're just lazy I guess so
14:07
when I scored all the apps I basically
14:10
put this put them in this scatterplot
14:13
bubble chart I don't know what it's
14:14
called but my wife really liked it and
14:16
she was gonna put it up as art in our
14:18
home and I told her not to but so what I
14:23
did is on the left hand side is your
14:25
privacy risk privacy is when we talk
14:29
about the permissions like do you have a
14:30
permission that you really need okay so
14:34
from zero to a hundred and these are
14:36
weighted scores so if you could have one
14:39
really bad risk
14:42
I would score you higher than if you had
14:44
lots of little ones okay and on the
14:46
bottom is security so how well is your
14:50
app built right does it have problems
14:53
again zero to 100 if you had a bad
14:55
security problem could be a hundred you
15:00
could have lots of little ones okay
15:02
so it's just a weighted score so each
15:04
one of these banks in here they are
15:08
anonymized so you don't know which bank
15:10
it is but this is the real
15:12
this is the real banking app score so
15:15
again did this for ios and android but
15:18
we're just going to talk about the
15:19
android ones so i picked several from
15:22
the report and so you can see you can
15:25
see how they've passed or failed on the
15:28
iOS and the android the OS mobile top
15:31
ten and then the the weighted score is
15:33
represented
15:34
bottom so on this one the Android scored
15:39
an 81 and again 100 is bad zero is good
15:43
okay
15:45
so 81 for security and for privacy and
15:48
then I'll just highlight you know some
15:50
of the text here for you so this app
15:54
uses a proceed method during SSL error
15:56
handling this can allow the connection
15:59
the app can also send SMS messages and
16:03
capture SMS messages and it's targeted
16:07
by Bank bot they may know what Bank bot
16:09
is that's basically overlay attack it
16:13
takes advantage of the accessibility
16:15
settings so what happens if your
16:17
targeted by the bank bot campaign your
16:20
user doesn't know that when he launches
16:23
your the mobile banking application it
16:28
goes and it fetches out of Google Play
16:31
the most recent screenshot and it places
16:35
it on top of your device and then as you
16:37
type in your username and password
16:38
you're actually giving it to the user
16:40
because the code is on your device but
16:43
you can't see it it's basically overlay
16:45
straight over it and they know the they
16:49
know the current even if you change the
16:51
UI they know it because they just
16:52
fetched it out of the Play Store so it's
16:54
actually pretty pretty cool there's
16:55
hundreds of banks that this under this
16:57
targeted campaign so let's see I went
17:05
down so this next bank scored so this
17:10
woman is actually good he scored a 25
17:12
okay so again zero is good 100 is bad
17:21
so this Android app stored the inline
17:24
API keys in values so you could just see
17:27
it in the code so pretty scary and then
17:30
and then failed for reverse engineering
17:33
again most of them do and I don't even
17:36
know how that's possible this Bank 82
17:40
again it failed for obfuscation
17:46
it uses unsecure data storage world
17:50
readable and world writable so basically
17:52
if you downloaded the app you could see
17:54
everything and it uses a method not
17:58
secure for file deletion it basically
18:01
allows anybody to permit to delete all
18:04
types of files
18:05
that uses synthetic message to to avid
18:09
access private class entries this is
18:14
suspicious you know it's not normal
18:19
this one again is a pretty high score 82
18:22
out of 100 a little bit better on
18:25
privacy so execute commands at the OS
18:31
level so I can launch other applications
18:35
maybe a good use for that but it's kind
18:37
of scary again this this guy is also
18:40
world readable world writable it doesn't
18:44
really segment any kind of data there's
18:51
a whole bunch of these again mmm this
18:55
one is a 76 so is anybody paying
18:60
attention to the iOS side at all because
19:02
I'm not as I'm reading and I've only cut
19:04
and pasted the actual Android section
19:06
but if you want these slides or this
19:08
presentation is also available on our
19:10
website this Android app uses a WebKit
19:16
to download a file from the Internet I
19:18
mean sometimes that makes sense
19:20
but you know if you're gonna give an app
19:23
permission to just go grab code and
19:25
download it and install it you know the
19:28
hackers can actually get in the middle
19:31
of that process and put extraneous code
19:33
on your device so you just never know
19:36
webview to execute JavaScript code if
19:39
you look through the Android security
19:41
updates and you look through all the
19:42
CVEs
19:43
you'll notice you know a lot of the
19:45
patches actually fix this type of issue
19:49
you know allows extraneous code uses
19:52
browser functionality things like that
19:55
javascript this one again
19:57
is actively targeted by the bank pot
19:59
malware campaign so that's pretty scary
20:02
as well and then this one is a 78 again
20:10
fails the reverse engineering test so
20:16
this one webview again
20:18
app grants one or more permissions to
20:20
content providers data so you could
20:24
disclose information if you know if your
20:26
app is leaking a lot of times we see
20:29
this on you know somebody's leaving
20:31
Amazon buckets or database buckets just
20:35
exposed on the Internet
20:37
one of these apps in here I don't recall
20:40
which one actually was found to be
20:43
publishing data into a google form so
20:46
the developer just had errors just
20:50
publishing in a google form like that's
20:53
really really bad and this one again is
20:56
Bank bot this one again is failing for
21:01
the wasp 9 the office keishon and this
21:09
one's using synthetic method methods to
21:12
access private class entries this is not
21:15
normally acceptable this is suspicious
21:19
and this one's Bank bought a lot of data
21:24
related one on here this permission to
21:27
one or more content providers data is
21:29
granted
21:30
so again leaking data and and guys these
21:34
aren't gaming apps these are the ones
21:36
like where you put your paycheck so you
21:40
know this is a big deal so if if you
21:44
know if you don't keep a lot of money in
21:46
your own personal checking account you
21:49
know that's that's one thing but if you
21:51
if you think about the hundred and
21:53
eighty four million users that that are
21:57
you know using apps like this then you
21:59
have to wonder like what's really going
22:02
on at the large banks that they let this
22:04
happen it's basically because they they
22:06
don't know what they don't know right
22:08
well the developer told us
22:10
did a good job mmm so this bank that we
22:14
call 11:00 see the numbers and the
22:17
letters don't mean anything if you
22:18
actually work at a bank and you want to
22:20
know if your bank sap is in here I can
22:23
tell you but if you don't work at a bank
22:24
I can't tell you or I'd have to not
22:29
telling you
22:31
so this Android app uses a WebKit to
22:35
download a file from the internet again
22:37
not the best practice more JavaScript
22:41
enables webview to execute JavaScript
22:43
code this could this could potentially
22:47
allow an attacker to introduce arbitrary
22:50
code if you guys want to see a demo of
22:52
actually how this works we can show you
22:56
we hack devices and apps all the time
22:58
and and and can show you how it works
23:02
it's really really fascinating
23:04
then this Bank 7dd again fails for
23:09
obfuscation we can read all the data in
23:12
here it's not performing active checks
23:15
and validating the SSL Certificates so
23:19
it's pretty easy to get in the middle of
23:21
that process if you know what you're
23:23
doing and can this can allow self-signed
23:27
certificates so basically we can make an
23:29
app think that it's talking to somebody
23:30
else when it's really not again this one
23:33
is targeted by Bank bot malware campaign
23:39
and then what else we have here this one
23:43
is a 75 and a 47 again fails for
23:48
obfuscation I'm gonna say that every
23:51
time except for once this Android app
23:56
grants permissions to one or more
23:58
content providers data it's targeted by
24:01
Bank bot and this one's a little bit
24:06
better it's a 75
24:14
so here's one that is collecting in
24:17
reading all the contact data on the
24:19
device has different you know exported
24:25
components that are not protected by
24:27
permission exported and protected with
24:31
strong permission any any application
24:34
can start and bind to this service so
24:37
especially in Android when other apps
24:39
can see other apps you can you know this
24:42
one is actually leaving that
24:44
functionality in the device in the app
24:48
this is one of the worst offenders the
24:50
the two highest scores in this dataset
24:54
were 82 and 81 so this was an 81 it
24:59
actually is using insecure data in
25:01
secure communications insufficient
25:05
Catoctin cryptography I can say that
25:08
today and reverse engineering again no
25:11
office keishon this is this app is
25:16
granting permission to one of the more
25:17
content providers data again targeted by
25:21
Bank bots and sure brought a bank bot
25:25
demo I know that I mentioned it so many
25:26
times again this is at 81 fails for the
25:31
same types of issues as the previous one
25:34
this one has the inline API keys and
25:39
values and can can load compiled code in
25:44
an apk files located in external storage
25:48
and potentially the Internet
25:52
I this may be the one we found the
25:55
developers hard-coded email address and
25:58
password in one of these yeah I think it
26:02
may have been this one I may mention it
26:04
later but yeah so we found as I emailed
26:08
him he didn't email back because I don't
26:10
think he works there anymore but yeah
26:13
but yeah his his his personal email
26:17
address what was in there wasn't even an
26:19
alias like help desk or
26:22
mmm so this one is a 78 privacy 49 is in
26:29
if you notice them I didn't include the
26:32
iOS chart but the the privacy scores on
26:38
the iOS are normally a little bit higher
26:41
it's a little more invasive when I don't
26:43
want to show the other permissions and
26:45
the security is is about the same so
26:51
it's really pretty interesting when you
26:53
compare but there's there's really no
26:55
consistency between the two because
26:57
normally it's two different teams at the
26:58
bank's so this one Android can app can
27:03
send a text message I thought was cool
27:07
mmm when it texts me to remind me that
27:09
today is my brother's birthday
27:11
this application is access to the device
27:13
and a microphone yeah really
27:17
I mean sometimes we see apps like this
27:22
that have like the recording of screen
27:24
shots and the microphones and things
27:26
like that for help reasons they may be
27:29
calling a help desk and they record your
27:32
your session with a help user but not in
27:36
a banking app like that's pretty creepy
27:39
in this application this again stores
27:43
inline API keys and values this one had
27:46
the serial number in it yeah pretty bad
27:49
with California Privacy Act in GDP are
27:51
like all that stuff is going to go away
27:53
if you get caught it's going to be big
27:55
big fines who was a British Airways had
27:60
a GDP our fine a couple months ago like
28:03
a hundred and sixty million pounds
28:07
something it was crazy
28:12
this one is 75 android app the Acra is a
28:21
library enabling an android application
28:22
to automatically post their crash
28:24
reports to the google doc form okay this
28:27
was it so basically just doing crash
28:30
reports into google you know a Google
28:34
Doc or Google Form pretty bad when you
28:38
know again if you're a game you know if
28:40
you're doing Angry Birds that's probably
28:42
okay but user if you get caught posting
28:46
user data location so if you guys are
28:52
capturing GPS location GPS is now
28:55
personal information so if you even
28:58
publish that and it leaks out and you
29:00
get caught leaking what you think is not
29:03
personal data gonna be a big big trouble
29:06
again Bank bot and then 77 over 62 so
29:16
this was a pretty bad one in terms of
29:17
privacy again
29:19
this woman is world readable world
29:21
writable actively targeted by Bank bot
29:24
in API keys and I'm from watching my
29:27
clock I got like a whole bunch of these
29:29
and I'm not going to get done with them
29:30
by design because I didn't want any
29:32
questions
29:36
okay so this is Android app uses
29:41
unsecured data storage app can load
29:45
compiled code in apa apk in jar files
29:48
and again bank by bank that's bad 75 and
29:56
only picked the I got a couple more here
29:59
that are that are interesting so this
30:02
app modifies its user agent string it's
30:05
recommended that the developer not do
30:07
that we found lots of HTTP traffic and
30:11
in all these apps as well and some was
30:15
legitimate some not Maps public data
30:20
things like that is what we found so on
30:22
the HTTP traffic but again you know use
30:25
your user judgment don't leak data 76
30:29
over 61 the scenes rated application
30:33
refers to the SSL and TLS hosts with a
30:36
self signed certificate that's not the
30:38
best idea especially if you have guys on
30:40
our hacking team that you know that that
30:44
know how to hack these apps and again
30:46
Bank BOTS this one's a little bit better
30:49
for privacy again but scores a 75 you
30:54
notice like some of these on the wasp it
30:58
only failed one so this one actually did
31:00
a little bit better job but you know
31:04
it's not performing active checks and
31:06
validating again self-signed
31:07
certificates grant some permission to
31:10
perform the operation specified with the
31:12
same permissions so basically you know
31:14
it knows how to call itself let's see 74
31:20
this one the Android app is not doing
31:23
active checks in validating as it sell
31:25
certificates it can allow self-signed
31:27
certificates and expired or mismatched
31:30
so not doing the best job and can't
31:36
believe I made it I went really fast
31:39
because I had a whole lot of slides if
31:41
you would like the slides or the report
31:43
you can email me or tweet at me I'm at
31:47
the Scott King
31:49
zpm calm / Xia is is an SDK so if
31:55
anybody would like an SDK to play with
31:58
you can basically take our threat
31:60
detection put it inside your own
32:02
application and we'll tell you whether
32:04
or not your app is being hacked or not
32:06
and then we'll give you a dashboard so
32:08
you can see the see the the threats in
32:13
the slides if you want the exact slide
32:15
deck that I just went over you can go
32:18
it's a slash droidcon SF - 19 and with
32:23
that any questions
droidcon News

Tech Showcases,

Developer Resources &

Partners

/portal/rest/jcr/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/home-details/EmployerBrandingHeader
EmployerBrandingHeader
https://jobs.droidcon.com/
/portal/rest/jcr/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/jobs-droidcon/jobs.droidcon.com
jobs.droidcon.com

Latest Android Jobs

http://www.kotlinweekly.net/
/portal/rest/jcr/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/kotlin-weekly/Kotlin Weekly
Kotlin Weekly

Your weekly dose of Kotlin

https://proandroiddev.com/
/portal/rest/jcr/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/pad/ProAndroidDev
ProAndroidDev

Android Tech Blogs, Case Studies and Step-by-Step Coding

/detail?content-id=/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/Zalando/Zalando
/portal/rest/jcr/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/Zalando/Zalando
Zalando

Meet one of Berlin's top employers

/detail?content-id=/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/Academy for App Success/Academy for App Success
/portal/rest/jcr/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/Academy for App Success/Academy for App Success
Academy for App Success

Google Play resources tailored for the global droidcon community

Follow us

Team droidcon

Get in touch with us

Write us an Email

 

 

Quicklinks

> Code of Conduct

> Terms and Conditions

> How to hold a conference

> FAQs

> Imprint

Droidcon is a registered trademark of Mobile Seasons GmbH Copyright © 2020. All rights reserved.

powered by Breakpoint One