Global CSS

droidcon San Francisco 2019

Results of Scanning the Top 45 Android Mobile Banking Apps

By

Scott King

droidcon San Francisco 2019

This session provides details on development best practices, data leakage risk and security exposure for 45 Android mobile apps from the top US banks and mobile payment providers. The research displays vulnerabilities in consumer mobile banking apps and the correlating risk they introduce for banks and mobile users. Several of the mobile banking applications score low on application development best practices, use of shared or outdated code and overuse of third-party services or SDKs. The knowledge gained here will enable developers and mobile banking channel owners insight on the exact items needed to build more secure banking apps and to reduce banking fraud via the mobile channel.

Transcript

English

00:00

[Music]

00:14

all right hi everyone thanks for coming

00:16

to my talk my name is Scott King and you

00:20

may know you may wonder why there's a an

00:24

x-ray up there but we're going to talk

00:27

about scanning and so when I give you an

00:29

idea is you know what do you do with a

00:33

scan

00:35

so droidcon asked on Twitter if if you

00:41

win a free hotel you just retweet and

00:44

tell them what you're looking forward to

00:47

for joyed con so I tweeted well I'm

00:49

looking forward to show people my spine

00:51

and that is my spine

00:54

even though how crooked it is and so

00:56

congratulations by by showing on Twitter

01:00

my spine I want a free hotel so who says

01:03

that Twitter doesn't pay so there's a

01:05

there you go but we're going to talk

01:08

about how mobile banking apps are not

01:10

created equal

01:12

okay and this is a research paper that

01:13

we put together at some period you can

01:15

go to our website and download it and

01:17

you can provide all the details and look

01:20

at all the details in there but what I

01:21

want to do is give you a little bit idea

01:23

on the state of mobile banking we're

01:26

going to talk about the OWASP mobile top

01:28

ten and then how making the mobile

01:31

banking apps compare for privacy and

01:34

security apps so we scanned the top apps

01:36

and we're going to disclose to you some

01:38

of the scary stuff that we found inside

01:40

there and some of the common issues that

01:42

we find so to begin with you know mobile

01:49

banking and the mobile operating system

01:51

is the largest operating system by

01:54

market share so you can see here that

01:57

over 55% of all the devices on the

02:00

Internet are mobile Android is about 41

02:03

to Windows is about 35% so the Green

02:09

Line indicates actually Android and iOS

02:11

put together but Android is still

02:13

is still the largest so mobile banking

02:18

so you can look here about 55% of the

02:22

people that actually have a baking

02:24

account checking account savings account

02:26

actually access that on a mobile device

02:28

so this is research from the US Federal

02:31

Reserve they had to put together a

02:33

couple of different papers because they

02:35

don't do this research consistently but

02:37

mobile banking is big ok who uses a

02:40

mobile banking app raise your hand okay

02:44

anybody that does not okay cuz you have

02:48

it like a web phone or something right

02:50

okay so you may or may not have your

02:57

bank represented here these are the

03:00

number of mobile banking users at the

03:02

largest banks so the number one is

03:05

JPMorgan Chase

03:06

they have about 33 million users this is

03:09

per everyone's annual report so this is

03:11

public data you can go look this up

03:13

yourself too but American Express Visa

03:16

all the way down there to Comerica has a

03:18

couple of different a couple million

03:20

users but all together this is a hundred

03:25

and eighty four million users across

03:26

these banks so roughly half so that you

03:30

know kind of makes sense if 55 percent

03:32

of us use mobile banking apps it's about

03:35

half the population of us so I showed

03:41

this to kind of give a perspective on

03:44

the perception of mobile banking and so

03:48

you can read this this is from the

03:49

United States Federal Reserve System and

03:52

they make our money right so so they're

03:55

paying attention to this an interesting

03:58

if I point out a section of the text

04:01

here you know they say mobile banking is

04:04

great it's convenient but a

04:07

well-designed and secure mobile platform

04:10

is likely needed for mobile banking to

04:12

be a reliable banking Channel

04:15

that's pretty scary right because we

04:17

trust our mobile devices they have

04:20

security features you know everyone you

04:23

you don't know what you don't know which

04:25

is why when I went and got an

04:27

sorry cuz my back hurt and I saw my

04:30

spine I was like I didn't know what I

04:33

didn't know so then I took corrective

04:34

actions ok so here's another is from

04:38

u.s. bank anybody from u.s. bank here

04:41

good I try to picked a bank that was not

04:44

gonna be here so so you can look and

04:51

there's again there's a lot of text in

04:54

here but I'm gonna highlight certain

04:55

sections ok and what this says is

05:02

basically mobile banking and third-party

05:05

systems and cloud systems are scary as

05:07

hell if you go download an annual report

05:10

from a bank they all have this so if you

05:14

if you're using mobile banking go get

05:17

the annual report just do control F for

05:20

cloud 3rd and mobile and then you'll

05:23

think twice about whether or not you're

05:25

gonna put your college funds or your

05:27

checking account or your vacation funds

05:29

through your mobile device because they

05:31

all they all state the risk and the risk

05:34

is that we can't really control the

05:37

ecosystem because we manage our own

05:40

devices so consumers manage their own

05:43

devices you know you guys are smart you

05:45

know how all this works but if you think

05:47

about your non-technical neighbors you

05:50

know they just click yes you know in

05:52

order to use this you must click yes ok

05:55

I'll do it

05:59

so this is statement from from Gartner

06:02

so anybody pay attention to Gartner cuz

06:06

us as a vendor we pay them a lot of

06:08

money because you guys pay attention to

06:10

Gartner and they say mobile malware will

06:12

constitute 30% of all malware this year

06:17

anybody think that's high or low no one

06:22

thinks I think it's high so if you agree

06:24

with me 30% it's pretty high we do see a

06:28

lot of malware and it gets delivered in

06:30

all different ways but 30% is I think

06:34

it's a little high but we'll see at the

06:35

end of the year and then this guy so

06:37

this guy's in the news a lot he has to

06:39

be the CEO of the

06:40

u.s. is largest bank and says the threat

06:43

of cybersecurity may be very well the

06:46

biggest threat to the US financial

06:48

system it's pretty scary and you know

06:54

maybe he knows a thing or two through

06:56

the downturn through the upturn and then

06:59

what mobile banking and banking system

07:01

is is actually going to happen but what

07:04

can really happen if something goes

07:07

wrong so anybody know what Tesco is

07:11

there in the UK again they're probably

07:14

not here okay so which is why I picked

07:15

this one

07:16

so Tesco Bank and anybody know what

07:20

happened to Tesco Bank through the

07:21

mobile banking app you've heard of them

07:24

nothing all right

07:26

so hackers stole two and a half million

07:29

pounds from Tesco Bank overnight from

07:33

9000 different accounts and there's 9000

07:36

different accounts not all of them were

07:38

mobile banking users but what they did

07:41

was they reverse engineered the mobile

07:43

banking app found all the app secrets

07:45

found the API secrets and went in

07:47

through the Swift system and withdrew

07:50

two and a half million pounds and they

07:51

were gone they've never been caught and

07:54

it's so the financial conduct authority

07:56

which is basically like our Federal

07:58

Reserve System over here

07:59

they found Tesco sixteen point four

08:03

million pounds which was you know five

08:05

times greater than what the hackers

08:07

actually stole so not only do you get

08:10

hacked and your brand gets deteriorated

08:12

and customers are pissed off then the

08:16

authorities come and then they they find

08:18

you again right so the the fines and the

08:20

brand reputation of when this happens is

08:23

a really big deal all right

08:25

so if I scared you enough all right so a

08:30

little bit about this talk so what so we

08:34

as imperium have a couple different

08:36

technologies and we actually have a

08:38

technology that will actually scan your

08:40

mobile application and tell you if it's

08:42

good or bad

08:43

right it's a very goldilocks you know

08:45

this app is not secure enough this one's

08:47

too secure this is the user degradation

08:50

loosen it up all right so we have these

08:52

really long reports

08:54

the developers can read and make sense

08:56

of you know what's wrong with the app

08:59

and so what we've since done is we've

09:03

taken this system and actually provide a

09:05

more developer centric view so if you

09:09

are checking in code and you have team

09:11

city or you have Jenkins I'll scan your

09:14

application every night and I'll tell

09:16

you whether or not you're making your

09:18

application better or worse every day

09:21

and so you can get some health data you

09:25

know who is using your app and and you

09:28

know if it has security issues or

09:31

privacy issues all right now now to the

09:35

meat so I scanned 90 different

09:39

applications from 45 banks so I did the

09:43

iOS and the Android apps as well and

09:46

then I scored them on the OS mobile top

09:48

10

09:49

does anybody pay attention to the OS

09:51

Mobile top 10 all right so you guys know

09:54

what it is so essentially what we did is

09:57

we gave all the apps a passing and

09:60

failing grade so for the improper

10:03

platform usage everyone passed in the

10:06

numbers at the bottom these are

10:07

percentages so if you think of the 45

10:10

different banks a hundred percent so

10:13

that's 45 not a hundred apps insecure

10:16

data storage about 75 percent of the

10:19

apps failed for this and then

10:22

interesting reverse engineering so this

10:24

is your your opera station most banking

10:28

apps failed for this like when we scan

10:30

them we could see everything in there

10:32

and then to juxtapose this here is

10:37

travel apps so this is your hotel

10:42

airline anything travel related so I

10:46

just kind of did that to juxtapose right

10:49

so the the travel apps are actually

10:51

built more securely than mobile banking

10:53

all right so the irony

10:58

so permissions so we looked at what

11:01

permissions all of these apps have

11:05

camera

11:06

that kind of makes sense to me I take

11:08

pictures of my checks to deposit them if

11:11

someone you know like my grandmother

11:12

mails me a check or something location

11:15

that makes sense too I need to know

11:17

where an ATM location is contacts okay

11:21

maybe maybe I need to send a friend some

11:24

money but calendar

11:28

why is my bank need to know what meaning

11:30

I'm in so I mean is it just me

11:36

screenshots do you really need to take a

11:40

screenshot of my device I figure mobile

11:44

banking up device ID this is pretty bad

11:47

too especially with so we have a lot of

11:51

international customers so GDP our

11:53

California Privacy Act coming up device

11:56

serial number that's a no-no you don't

11:58

need to know my serial number you don't

11:60

need any identification on me other than

12:02

my username right so this same chart

12:09

compared with iOS so iOS it's a lot more

12:14

pervasive on privacy so just to

12:17

juxtapose that took a look at

12:21

advertising so what type of advertising

12:24

goes on inside of the mobile banking

12:27

applications ooh BRR there's a Oh BRR

12:32

SDK in a mobile banking app does anybody

12:36

know why that would be their expenses

12:42

possibly anything else like I have no

12:47

idea why it's in there it's it Google+

12:53

somebody still has that in their Google+

12:55

doesn't even exist anymore but it's it's

12:58

still there the Facebook SDK yeah okay I

13:03

get it

13:04

and then the Google ads and things like

13:05

that you want to advertise to me I

13:08

tested one of these I downloaded one and

13:10

and I said okay you know what are they

13:12

really doing so I put my personal

13:14

account information in there and then I

13:16

looked at all my activity and every

13:19

fourth row was

13:20

add I'm like man this is pissing me off

13:22

like you already know what I buy why

13:25

don't you know why do you need them we

13:26

buy more right you just money-hungry I

13:29

guess and so I looked at shared code and

13:34

so when we scan all the apps they're in

13:36

a public database well it's not public

13:38

but a paying customer so if you're a

13:40

paying customer you can see all this and

13:42

the one of the apps in the bottom over

13:46

it's like over 90% is shared code it's

13:50

like somebody else's app they just

13:51

copied it and and so some of the there's

13:54

there's only 12 that don't have shared

13:56

code out of it and then the bottom 2/3

13:60

at least some shared code and I you know

14:03

they're just lazy I guess so

14:07

when I scored all the apps I basically

14:10

put this put them in this scatterplot

14:13

bubble chart I don't know what it's

14:14

called but my wife really liked it and

14:16

she was gonna put it up as art in our

14:18

home and I told her not to but so what I

14:23

did is on the left hand side is your

14:25

privacy risk privacy is when we talk

14:29

about the permissions like do you have a

14:30

permission that you really need okay so

14:34

from zero to a hundred and these are

14:36

weighted scores so if you could have one

14:39

really bad risk

14:42

I would score you higher than if you had

14:44

lots of little ones okay and on the

14:46

bottom is security so how well is your

14:50

app built right does it have problems

14:53

again zero to 100 if you had a bad

14:55

security problem could be a hundred you

15:00

could have lots of little ones okay

15:02

so it's just a weighted score so each

15:04

one of these banks in here they are

15:08

anonymized so you don't know which bank

15:10

it is but this is the real

15:12

this is the real banking app score so

15:15

again did this for ios and android but

15:18

we're just going to talk about the

15:19

android ones so i picked several from

15:22

the report and so you can see you can

15:25

see how they've passed or failed on the

15:28

iOS and the android the OS mobile top

15:31

ten and then the the weighted score is

15:33

represented

15:34

bottom so on this one the Android scored

15:39

an 81 and again 100 is bad zero is good

15:43

okay

15:45

so 81 for security and for privacy and

15:48

then I'll just highlight you know some

15:50

of the text here for you so this app

15:54

uses a proceed method during SSL error

15:56

handling this can allow the connection

15:59

the app can also send SMS messages and

16:03

capture SMS messages and it's targeted

16:07

by Bank bot they may know what Bank bot

16:09

is that's basically overlay attack it

16:13

takes advantage of the accessibility

16:15

settings so what happens if your

16:17

targeted by the bank bot campaign your

16:20

user doesn't know that when he launches

16:23

your the mobile banking application it

16:28

goes and it fetches out of Google Play

16:31

the most recent screenshot and it places

16:35

it on top of your device and then as you

16:37

type in your username and password

16:38

you're actually giving it to the user

16:40

because the code is on your device but

16:43

you can't see it it's basically overlay

16:45

straight over it and they know the they

16:49

know the current even if you change the

16:51

UI they know it because they just

16:52

fetched it out of the Play Store so it's

16:54

actually pretty pretty cool there's

16:55

hundreds of banks that this under this

16:57

targeted campaign so let's see I went

17:05

down so this next bank scored so this

17:10

woman is actually good he scored a 25

17:12

okay so again zero is good 100 is bad

17:21

so this Android app stored the inline

17:24

API keys in values so you could just see

17:27

it in the code so pretty scary and then

17:30

and then failed for reverse engineering

17:33

again most of them do and I don't even

17:36

know how that's possible this Bank 82

17:40

again it failed for obfuscation

17:46

it uses unsecure data storage world

17:50

readable and world writable so basically

17:52

if you downloaded the app you could see

17:54

everything and it uses a method not

17:58

secure for file deletion it basically

18:01

allows anybody to permit to delete all

18:04

types of files

18:05

that uses synthetic message to to avid

18:09

access private class entries this is

18:14

suspicious you know it's not normal

18:19

this one again is a pretty high score 82

18:22

out of 100 a little bit better on

18:25

privacy so execute commands at the OS

18:31

level so I can launch other applications

18:35

maybe a good use for that but it's kind

18:37

of scary again this this guy is also

18:40

world readable world writable it doesn't

18:44

really segment any kind of data there's

18:51

a whole bunch of these again mmm this

18:55

one is a 76 so is anybody paying

18:60

attention to the iOS side at all because

19:02

I'm not as I'm reading and I've only cut

19:04

and pasted the actual Android section

19:06

but if you want these slides or this

19:08

presentation is also available on our

19:10

website this Android app uses a WebKit

19:16

to download a file from the Internet I

19:18

mean sometimes that makes sense

19:20

but you know if you're gonna give an app

19:23

permission to just go grab code and

19:25

download it and install it you know the

19:28

hackers can actually get in the middle

19:31

of that process and put extraneous code

19:33

on your device so you just never know

19:36

webview to execute JavaScript code if

19:39

you look through the Android security

19:41

updates and you look through all the

19:42

CVEs

19:43

you'll notice you know a lot of the

19:45

patches actually fix this type of issue

19:49

you know allows extraneous code uses

19:52

browser functionality things like that

19:55

javascript this one again

19:57

is actively targeted by the bank pot

19:59

malware campaign so that's pretty scary

20:02

as well and then this one is a 78 again

20:10

fails the reverse engineering test so

20:16

this one webview again

20:18

app grants one or more permissions to

20:20

content providers data so you could

20:24

disclose information if you know if your

20:26

app is leaking a lot of times we see

20:29

this on you know somebody's leaving

20:31

Amazon buckets or database buckets just

20:35

exposed on the Internet

20:37

one of these apps in here I don't recall

20:40

which one actually was found to be

20:43

publishing data into a google form so

20:46

the developer just had errors just

20:50

publishing in a google form like that's

20:53

really really bad and this one again is

20:56

Bank bot this one again is failing for

21:01

the wasp 9 the office keishon and this

21:09

one's using synthetic method methods to

21:12

access private class entries this is not

21:15

normally acceptable this is suspicious

21:19

and this one's Bank bought a lot of data

21:24

related one on here this permission to

21:27

one or more content providers data is

21:29

granted

21:30

so again leaking data and and guys these

21:34

aren't gaming apps these are the ones

21:36

like where you put your paycheck so you

21:40

know this is a big deal so if if you

21:44

know if you don't keep a lot of money in

21:46

your own personal checking account you

21:49

know that's that's one thing but if you

21:51

if you think about the hundred and

21:53

eighty four million users that that are

21:57

you know using apps like this then you

21:59

have to wonder like what's really going

22:02

on at the large banks that they let this

22:04

happen it's basically because they they

22:06

don't know what they don't know right

22:08

well the developer told us

22:10

did a good job mmm so this bank that we

22:14

call 11:00 see the numbers and the

22:17

letters don't mean anything if you

22:18

actually work at a bank and you want to

22:20

know if your bank sap is in here I can

22:23

tell you but if you don't work at a bank

22:24

I can't tell you or I'd have to not

22:29

telling you

22:31

so this Android app uses a WebKit to

22:35

download a file from the internet again

22:37

not the best practice more JavaScript

22:41

enables webview to execute JavaScript

22:43

code this could this could potentially

22:47

allow an attacker to introduce arbitrary

22:50

code if you guys want to see a demo of

22:52

actually how this works we can show you

22:56

we hack devices and apps all the time

22:58

and and and can show you how it works

23:02

it's really really fascinating

23:04

then this Bank 7dd again fails for

23:09

obfuscation we can read all the data in

23:12

here it's not performing active checks

23:15

and validating the SSL Certificates so

23:19

it's pretty easy to get in the middle of

23:21

that process if you know what you're

23:23

doing and can this can allow self-signed

23:27

certificates so basically we can make an

23:29

app think that it's talking to somebody

23:30

else when it's really not again this one

23:33

is targeted by Bank bot malware campaign

23:39

and then what else we have here this one

23:43

is a 75 and a 47 again fails for

23:48

obfuscation I'm gonna say that every

23:51

time except for once this Android app

23:56

grants permissions to one or more

23:58

content providers data it's targeted by

24:01

Bank bot and this one's a little bit

24:06

better it's a 75

24:14

so here's one that is collecting in

24:17

reading all the contact data on the

24:19

device has different you know exported

24:25

components that are not protected by

24:27

permission exported and protected with

24:31

strong permission any any application

24:34

can start and bind to this service so

24:37

especially in Android when other apps

24:39

can see other apps you can you know this

24:42

one is actually leaving that

24:44

functionality in the device in the app

24:48

this is one of the worst offenders the

24:50

the two highest scores in this dataset

24:54

were 82 and 81 so this was an 81 it

24:59

actually is using insecure data in

25:01

secure communications insufficient

25:05

Catoctin cryptography I can say that

25:08

today and reverse engineering again no

25:11

office keishon this is this app is

25:16

granting permission to one of the more

25:17

content providers data again targeted by

25:21

Bank bots and sure brought a bank bot

25:25

demo I know that I mentioned it so many

25:26

times again this is at 81 fails for the

25:31

same types of issues as the previous one

25:34

this one has the inline API keys and

25:39

values and can can load compiled code in

25:44

an apk files located in external storage

25:48

and potentially the Internet

25:52

I this may be the one we found the

25:55

developers hard-coded email address and

25:58

password in one of these yeah I think it

26:02

may have been this one I may mention it

26:04

later but yeah so we found as I emailed

26:08

him he didn't email back because I don't

26:10

think he works there anymore but yeah

26:13

but yeah his his his personal email

26:17

address what was in there wasn't even an

26:19

alias like help desk or

26:22

mmm so this one is a 78 privacy 49 is in

26:29

if you notice them I didn't include the

26:32

iOS chart but the the privacy scores on

26:38

the iOS are normally a little bit higher

26:41

it's a little more invasive when I don't

26:43

want to show the other permissions and

26:45

the security is is about the same so

26:51

it's really pretty interesting when you

26:53

compare but there's there's really no

26:55

consistency between the two because

26:57

normally it's two different teams at the

26:58

bank's so this one Android can app can

27:03

send a text message I thought was cool

27:07

mmm when it texts me to remind me that

27:09

today is my brother's birthday

27:11

this application is access to the device

27:13

and a microphone yeah really

27:17

I mean sometimes we see apps like this

27:22

that have like the recording of screen

27:24

shots and the microphones and things

27:26

like that for help reasons they may be

27:29

calling a help desk and they record your

27:32

your session with a help user but not in

27:36

a banking app like that's pretty creepy

27:39

in this application this again stores

27:43

inline API keys and values this one had

27:46

the serial number in it yeah pretty bad

27:49

with California Privacy Act in GDP are

27:51

like all that stuff is going to go away

27:53

if you get caught it's going to be big

27:55

big fines who was a British Airways had

27:60

a GDP our fine a couple months ago like

28:03

a hundred and sixty million pounds

28:07

something it was crazy

28:12

this one is 75 android app the Acra is a

28:21

library enabling an android application

28:22

to automatically post their crash

28:24

reports to the google doc form okay this

28:27

was it so basically just doing crash

28:30

reports into google you know a Google

28:34

Doc or Google Form pretty bad when you

28:38

know again if you're a game you know if

28:40

you're doing Angry Birds that's probably

28:42

okay but user if you get caught posting

28:46

user data location so if you guys are

28:52

capturing GPS location GPS is now

28:55

personal information so if you even

28:58

publish that and it leaks out and you

29:00

get caught leaking what you think is not

29:03

personal data gonna be a big big trouble

29:06

again Bank bot and then 77 over 62 so

29:16

this was a pretty bad one in terms of

29:17

privacy again

29:19

this woman is world readable world

29:21

writable actively targeted by Bank bot

29:24

in API keys and I'm from watching my

29:27

clock I got like a whole bunch of these

29:29

and I'm not going to get done with them

29:30

by design because I didn't want any

29:32

questions

29:36

okay so this is Android app uses

29:41

unsecured data storage app can load

29:45

compiled code in apa apk in jar files

29:48

and again bank by bank that's bad 75 and

29:56

only picked the I got a couple more here

29:59

that are that are interesting so this

30:02

app modifies its user agent string it's

30:05

recommended that the developer not do

30:07

that we found lots of HTTP traffic and

30:11

in all these apps as well and some was

30:15

legitimate some not Maps public data

30:20

things like that is what we found so on

30:22

the HTTP traffic but again you know use

30:25

your user judgment don't leak data 76

30:29

over 61 the scenes rated application

30:33

refers to the SSL and TLS hosts with a

30:36

self signed certificate that's not the

30:38

best idea especially if you have guys on

30:40

our hacking team that you know that that

30:44

know how to hack these apps and again

30:46

Bank BOTS this one's a little bit better

30:49

for privacy again but scores a 75 you

30:54

notice like some of these on the wasp it

30:58

only failed one so this one actually did

31:00

a little bit better job but you know

31:04

it's not performing active checks and

31:06

validating again self-signed

31:07

certificates grant some permission to

31:10

perform the operation specified with the

31:12

same permissions so basically you know

31:14

it knows how to call itself let's see 74

31:20

this one the Android app is not doing

31:23

active checks in validating as it sell

31:25

certificates it can allow self-signed

31:27

certificates and expired or mismatched

31:30

so not doing the best job and can't

31:36

believe I made it I went really fast

31:39

because I had a whole lot of slides if

31:41

you would like the slides or the report

31:43

you can email me or tweet at me I'm at

31:47

the Scott King

31:49

zpm calm / Xia is is an SDK so if

31:55

anybody would like an SDK to play with

31:58

you can basically take our threat

31:60

detection put it inside your own

32:02

application and we'll tell you whether

32:04

or not your app is being hacked or not

32:06

and then we'll give you a dashboard so

32:08

you can see the see the the threats in

32:13

the slides if you want the exact slide

32:15

deck that I just went over you can go

32:18

it's a slash droidcon SF - 19 and with

32:23

that any questions

Tech Showcases,

Developer Resources &

Partners

/portal/rest/jcr/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/home-details/EmployerBrandingHeader

EmployerBrandingHeader

https://jobs.droidcon.com/

/portal/rest/jcr/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/jobs-droidcon/jobs.droidcon.com

jobs.droidcon.com

Latest Android Jobs

http://www.kotlinweekly.net/

/portal/rest/jcr/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/kotlin-weekly/Kotlin Weekly

Kotlin Weekly

Your weekly dose of Kotlin

https://proandroiddev.com/

/portal/rest/jcr/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/pad/ProAndroidDev

ProAndroidDev

Android Tech Blogs, Case Studies and Step-by-Step Coding

/detail?content-id=/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/Zalando/Zalando

/portal/rest/jcr/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/Zalando/Zalando

Zalando

Meet one of Berlin's top employers

/detail?content-id=/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/Academy for App Success/Academy for App Success

/portal/rest/jcr/repository/collaboration/Groups/spaces/droidcon_hq/Documents/public/employerbranding/Academy for App Success/Academy for App Success

Academy for App Success

Google Play resources tailored for the global droidcon community

Follow us

Team droidcon

Get in touch with us

Write us an Email

Quicklinks

> Code of Conduct

> Terms and Conditions

> How to hold a conference

Droidcon is a registered trademark of Mobile Seasons GmbH Copyright © 2020. All rights reserved.

powered by Breakpoint One