The Evolution of Android keystore

Abstract

Android remains one of the most popular modern mobile operating system.While catering to growing use cases evolving around mobile devices, ensuring the security model is resistant to growing threats is definitely a challenge. The underlying security principles of Android has effectively mitigated against such threats. Android provides security components for internal components as well as applications to leverage in protecting sensitive data. One such component is Android Keystore. In this talk we would like to discuss how Android Keystore has proliferated from Android 8.0 till 12.0, the use cases that mainly depend on Android Keystore, how specific configuration brings in usability but weakens security and finally about limitations in comparison with its counterpart(Secure Enclave) in iOS


Speakers Information


Gautamarvind Pandian

Gautam works at Thales DIS as Mobile Security Researcher. He has over 10+ years of experience in designing security mechanisms and hardening mobile applications. He has contributed Android CTF in r2con2020 with several niche protection mechanisms. He has successfully overseen secure development of many applications including banking and government applications. He believes in designing security schemas which are easier to understand and develop by programmers who are not security experts. Gautam is a speaker in Android Security Symposium 2020, SINCON 2020. Github: https://github.com/darvincisec


Vikas Gupta

Vikas is a security researcher and pentester, with expertise in mobile applications. He holds masters in security and mobile computing from DTU, Copenhagen and NTNU, Trondheim (Erasmus Mundus program). In over 6 years of experience he has worked on both side of the spectrum - in attacking and hardening mobile applications. He is among top contributors to OWASP MSTG guide and thoroughly enjoys reverse engineering binaries by using combination of techniques involving symbolic execution, emulators and manual analysis. Vikas is a speaker at Android Security Symposium 2020, SINCON 2020.





View Full Schedule

Subscribe to Our Mailing List

Join our community mailing list for updated on conference annoucements, important dates and discussions.